diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index ffb8813f..873bd9fc 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -1,7 +1,12 @@ name: Pre-Commit Checks -on: [push, pull_request] - +on: + push: + branches: + - main + pull_request: + paths-ignore: + - '**.md' jobs: pre-commit: runs-on: ubuntu-22.04 diff --git a/.github/workflows/pull-requests-release.yaml b/.github/workflows/pull-requests-release.yaml new file mode 100644 index 00000000..a0896f26 --- /dev/null +++ b/.github/workflows/pull-requests-release.yaml @@ -0,0 +1,96 @@ +name: Releasing PR + +on: + pull_request: + types: [labeled, opened, synchronize, reopened, closed] + +jobs: + verify: + name: Test Release + runs-on: [self-hosted] + permissions: + contents: read + packages: write + + if: | + contains(github.event.pull_request.labels.*.name, 'ok-to-test') && + contains(github.event.pull_request.labels.*.name, 'release') && + github.event.action != 'closed' + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + + - name: Run tests + run: make test + + finalize: + name: Finalize Release + runs-on: [self-hosted] + permissions: + contents: write + + if: | + github.event.pull_request.merged == true && + contains(github.event.pull_request.labels.*.name, 'release') + + steps: + - name: Extract tag from branch name + id: get_tag + uses: actions/github-script@v7 + with: + script: | + const branch = context.payload.pull_request.head.ref; + const match = branch.match(/^release-(v\d+\.\d+\.\d+(?:[-\w\.]+)?)$/); + + if (!match) { + core.setFailed(`Branch '${branch}' does not match expected format 'release-vX.Y.Z[-suffix]'`); + } else { + const tag = match[1]; + core.setOutput('tag', tag); + console.log(`✅ Extracted tag: ${tag}`); + } + + - name: Checkout repo + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Create tag on merged commit + run: | + git tag ${{ steps.get_tag.outputs.tag }} ${{ github.sha }} + git push origin ${{ steps.get_tag.outputs.tag }} + + - name: Publish draft release + uses: actions/github-script@v7 + with: + script: | + const tag = '${{ steps.get_tag.outputs.tag }}'; + const releases = await github.rest.repos.listReleases({ + owner: context.repo.owner, + repo: context.repo.repo + }); + + const release = releases.data.find(r => r.tag_name === tag && r.draft); + if (!release) { + throw new Error(`Draft release with tag ${tag} not found`); + } + + await github.rest.repos.updateRelease({ + owner: context.repo.owner, + repo: context.repo.repo, + release_id: release.id, + draft: false + }); + + console.log(`✅ Published release for ${tag}`); diff --git a/.github/workflows/pull-requests.yaml b/.github/workflows/pull-requests.yaml new file mode 100644 index 00000000..47d19f4a --- /dev/null +++ b/.github/workflows/pull-requests.yaml @@ -0,0 +1,39 @@ +name: Pull Request + +on: + pull_request: + types: [labeled, opened, synchronize, reopened] + +jobs: + e2e: + name: Build and Test + runs-on: [self-hosted] + permissions: + contents: read + packages: write + + if: | + contains(github.event.pull_request.labels.*.name, 'ok-to-test') && + !contains(github.event.pull_request.labels.*.name, 'release') + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + + - name: make build + run: | + make build + + - name: make test + run: | + make test diff --git a/.github/workflows/tags.yaml b/.github/workflows/tags.yaml new file mode 100644 index 00000000..53992c61 --- /dev/null +++ b/.github/workflows/tags.yaml @@ -0,0 +1,162 @@ +name: Versioned Tag + +on: + push: + tags: + - 'v*.*.*' + +jobs: + prepare-release: + name: Prepare Release + runs-on: [self-hosted] + permissions: + contents: write + packages: write + pull-requests: write + + steps: + - name: Check if release already exists + id: check_release + uses: actions/github-script@v7 + with: + script: | + const tag = context.ref.replace('refs/tags/', ''); + const releases = await github.rest.repos.listReleases({ + owner: context.repo.owner, + repo: context.repo.repo + }); + + const existing = releases.data.find(r => r.tag_name === tag && !r.draft); + if (existing) { + core.setOutput('skip', 'true'); + } else { + core.setOutput('skip', 'false'); + } + + - name: Skip if release already exists + if: steps.check_release.outputs.skip == 'true' + run: echo "Release already exists, skipping workflow." + + - name: Checkout code + if: steps.check_release.outputs.skip == 'false' + uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true + + - name: Login to GitHub Container Registry + if: steps.check_release.outputs.skip == 'false' + uses: docker/login-action@v3 + with: + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + + - name: Build + if: steps.check_release.outputs.skip == 'false' + run: make build + + - name: Commit release artifacts + if: steps.check_release.outputs.skip == 'false' + env: + GIT_AUTHOR_NAME: ${{ github.actor }} + GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com + run: | + git config user.name "$GIT_AUTHOR_NAME" + git config user.email "$GIT_AUTHOR_EMAIL" + git add . + git commit -m "Prepare release ${GITHUB_REF#refs/tags/}" -s || echo "No changes to commit" + + - name: Create release branch + if: steps.check_release.outputs.skip == 'false' + run: | + BRANCH_NAME="release-${GITHUB_REF#refs/tags/v}" + git branch -f "$BRANCH_NAME" + git push origin "$BRANCH_NAME" --force + + - name: Create pull request if not exists + if: steps.check_release.outputs.skip == 'false' + uses: actions/github-script@v7 + with: + script: | + const version = context.ref.replace('refs/tags/v', ''); + const branch = `release-${version}`; + const base = 'main'; + + const prs = await github.rest.pulls.list({ + owner: context.repo.owner, + repo: context.repo.repo, + head: `${context.repo.owner}:${branch}`, + base + }); + + if (prs.data.length === 0) { + const newPr = await github.rest.pulls.create({ + owner: context.repo.owner, + repo: context.repo.repo, + head: branch, + base: base, + title: `Release v${version}`, + body: + `This PR prepares the release \`v${version}\`.\n` + + `(Please merge it before releasing draft)`, + draft: false + }); + + console.log(`Created pull request #${newPr.data.number} from ${branch} to ${base}`); + + await github.rest.issues.addLabels({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: newPr.data.number, + labels: ['release'] + }); + + } else { + console.log(`Pull request already exists from ${branch} to ${base}`); + } + + - name: Create or reuse draft release + if: steps.check_release.outputs.skip == 'false' + id: create_release + uses: actions/github-script@v7 + with: + script: | + const tag = context.ref.replace('refs/tags/', ''); + const releases = await github.rest.repos.listReleases({ + owner: context.repo.owner, + repo: context.repo.repo + }); + + let release = releases.data.find(r => r.tag_name === tag); + if (!release) { + release = await github.rest.repos.createRelease({ + owner: context.repo.owner, + repo: context.repo.repo, + tag_name: tag, + name: `${tag}`, + draft: true, + prerelease: false + }); + } + core.setOutput('upload_url', release.upload_url); + + - name: Build assets + if: steps.check_release.outputs.skip == 'false' + run: make assets + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Upload assets + if: steps.check_release.outputs.skip == 'false' + run: make upload_assets VERSION=${GITHUB_REF#refs/tags/} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Delete pushed tag + if: steps.check_release.outputs.skip == 'false' + run: | + git push --delete origin ${GITHUB_REF#refs/tags/} + + - name: Run tests + run: make test diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 95d3be0e..d0eb9b94 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -6,13 +6,13 @@ As you get started, you are in the best position to give us feedbacks on areas o * Problems found while setting up the development environment * Gaps in our documentation -* Bugs in our Github actions +* Bugs in our GitHub actions -First, though, it is important that you read the [code of conduct](CODE_OF_CONDUCT.md). +First, though, it is important that you read the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). The guidelines below are a starting point. We don't want to limit your creativity, passion, and initiative. If you think there's a better way, please -feel free to bring it up in a Github discussion, or open a pull request. We're +feel free to bring it up in a GitHub discussion, or open a pull request. We're certain there are always better ways to do things, we just need to start some constructive dialogue! @@ -23,9 +23,9 @@ We welcome many types of contributions including: * New features * Builds, CI/CD * Bug fixes -* [Documentation](https://github.com/cozystack/cozystack-website/tree/main) +* [Documentation](https://GitHub.com/cozystack/cozystack-website/tree/main) * Issue Triage -* Answering questions on Slack or Github Discussions +* Answering questions on Slack or GitHub Discussions * Web design * Communications / Social Media / Blog Posts * Events participation @@ -34,7 +34,7 @@ We welcome many types of contributions including: ## Ask for Help The best way to reach us with a question when contributing is to drop a line in -our [Telegram channel](https://t.me/cozystack), or start a new Github discussion. +our [Telegram channel](https://t.me/cozystack), or start a new GitHub discussion. ## Raising Issues diff --git a/GOVERNANCE.md b/GOVERNANCE.md new file mode 100644 index 00000000..3fa81317 --- /dev/null +++ b/GOVERNANCE.md @@ -0,0 +1,91 @@ +# Cozystack Governance + +This document defines the governance structure of the Cozystack community, outlining how members collaborate to achieve shared goals. + +## Overview + +**Cozystack**, a Cloud Native Computing Foundation (CNCF) project, is committed +to building an open, inclusive, productive, and self-governing open source +community focused on building a high-quality open source PaaS and framework for building clouds. + +## Code Repositories + +The following code repositories are governed by the Cozystack community and +maintained under the `cozystack` namespace: + +* **[Cozystack](https://github.com/cozystack/cozystack):** Main Cozystack codebase +* **[website](https://github.com/cozystack/website):** Cozystack website and documentation sources +* **[Talm](https://github.com/cozystack/talm):** Tool for managing Talos Linux the GitOps way +* **[cozy-proxy](https://github.com/cozystack/cozy-proxy):** A simple kube-proxy addon for 1:1 NAT services in Kubernetes with NFT backend +* **[cozystack-telemetry-server](https://github.com/cozystack/cozystack-telemetry-server):** Cozystack telemetry +* **[talos-bootstrap](https://github.com/cozystack/talos-bootstrap):** An interactive Talos Linux installer +* **[talos-meta-tool](https://github.com/cozystack/talos-meta-tool):** Tool for writing network metadata into META partition + +## Community Roles + +* **Users:** Members that engage with the Cozystack community via any medium, including Slack, Telegram, GitHub, and mailing lists. +* **Contributors:** Members contributing to the projects by contributing and reviewing code, writing documentation, + responding to issues, participating in proposal discussions, and so on. +* **Directors:** Non-technical project leaders. +* **Maintainers**: Technical project leaders. + +## Contributors + +Cozystack is for everyone. Anyone can become a Cozystack contributor simply by +contributing to the project, whether through code, documentation, blog posts, +community management, or other means. +As with all Cozystack community members, contributors are expected to follow the +[Cozystack Code of Conduct](https://github.com/cozystack/cozystack/blob/main/CODE_OF_CONDUCT.md). + +All contributions to Cozystack code, documentation, or other components in the +Cozystack GitHub organisation must follow the +[contributing guidelines](https://github.com/cozystack/cozystack/blob/main/CONTRIBUTING.md). +Whether these contributions are merged into the project is the prerogative of the maintainers. + +## Directors + +Directors are responsible for non-technical leadership functions within the project. +This includes representing Cozystack and its maintainers to the community, to the press, +and to the outside world; interfacing with CNCF and other governance entities; +and participating in project decision-making processes when appropriate. + +Directors are elected by a majority vote of the maintainers. + +## Maintainers + +Maintainers have the right to merge code into the project. +Anyone can become a Cozystack maintainer (see "Becoming a maintainer" below). + +### Expectations + +Cozystack maintainers are expected to: + +* Review pull requests, triage issues, and fix bugs in their areas of + expertise, ensuring that all changes go through the project's code review + and integration processes. +* Monitor cncf-cozystack-* emails, the Cozystack Slack channels in Kubernetes + and CNCF Slack workspaces, Telegram groups, and help out when possible. +* Rapidly respond to any time-sensitive security release processes. +* Attend Cozystack community meetings. + +If a maintainer is no longer interested in or cannot perform the duties +listed above, they should move themselves to emeritus status. +If necessary, this can also occur through the decision-making process outlined below. + +### Becoming a Maintainer + +Anyone can become a Cozystack maintainer. Maintainers should be extremely +proficient in cloud native technologies and/or Go; have relevant domain expertise; +have the time and ability to meet the maintainer's expectations above; +and demonstrate the ability to work with the existing maintainers and project processes. + +To become a maintainer, start by expressing interest to existing maintainers. +Existing maintainers will then ask you to demonstrate the qualifications above +by contributing PRs, doing code reviews, and other such tasks under their guidance. +After several months of working together, maintainers will decide whether to grant maintainer status. + +## Project Decision-making Process + +Ideally, all project decisions are resolved by consensus of maintainers and directors. +If this is not possible, a vote will be called. +The voting process is a simple majority in which each maintainer and director receives one vote. diff --git a/Makefile b/Makefile index d3f14e72..6ea3ffd5 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,13 @@ .PHONY: manifests repos assets -build: +build-deps: + @command -V find docker skopeo jq gh helm > /dev/null + @yq --version | grep -q "mikefarah" || (echo "mikefarah/yq is required" && exit 1) + @tar --version | grep -q GNU || (echo "GNU tar is required" && exit 1) + @sed --version | grep -q GNU || (echo "GNU sed is required" && exit 1) + @awk --version | grep -q GNU || (echo "GNU awk is required" && exit 1) + +build: build-deps make -C packages/apps/http-cache image make -C packages/apps/postgres image make -C packages/apps/mysql image @@ -19,10 +26,6 @@ build: make -C packages/core/installer image make manifests -manifests: - (cd packages/core/installer/; helm template -n cozy-installer installer .) > manifests/cozystack-installer.yaml - sed -i 's|@sha256:[^"]\+||' manifests/cozystack-installer.yaml - repos: rm -rf _out make -C packages/apps check-version-map @@ -33,14 +36,21 @@ repos: mkdir -p _out/logos cp ./packages/apps/*/logos/*.svg ./packages/extra/*/logos/*.svg _out/logos/ + +manifests: + mkdir -p _out/assets + (cd packages/core/installer/; helm template -n cozy-installer installer .) > _out/assets/cozystack-installer.yaml + assets: make -C packages/core/installer/ assets test: - test -f _out/assets/nocloud-amd64.raw.xz || make -C packages/core/installer talos-nocloud make -C packages/core/testing apply make -C packages/core/testing test - make -C packages/core/testing test-applications + #make -C packages/core/testing test-applications generate: hack/update-codegen.sh + +upload_assets: manifests + hack/upload-assets.sh diff --git a/README.md b/README.md index 205114c3..d47123fd 100644 --- a/README.md +++ b/README.md @@ -12,20 +12,21 @@ **Cozystack** is a free PaaS platform and framework for building clouds. -With Cozystack, you can transform your bunch of servers into an intelligent system with a simple REST API for spawning Kubernetes clusters, Database-as-a-Service, virtual machines, load balancers, HTTP caching services, and other services with ease. +With Cozystack, you can transform a bunch of servers into an intelligent system with a simple REST API for spawning Kubernetes clusters, +Database-as-a-Service, virtual machines, load balancers, HTTP caching services, and other services with ease. -You can use Cozystack to build your own cloud or to provide a cost-effective development environments. +Use Cozystack to build your own cloud or provide a cost-effective development environment. ## Use-Cases -* [**Using Cozystack to build public cloud**](https://cozystack.io/docs/use-cases/public-cloud/) -You can use Cozystack as backend for a public cloud +* [**Using Cozystack to build a public cloud**](https://cozystack.io/docs/guides/use-cases/public-cloud/) +You can use Cozystack as a backend for a public cloud -* [**Using Cozystack to build private cloud**](https://cozystack.io/docs/use-cases/private-cloud/) -You can use Cozystack as platform to build a private cloud powered by Infrastructure-as-Code approach +* [**Using Cozystack to build a private cloud**](https://cozystack.io/docs/guides/use-cases/private-cloud/) +You can use Cozystack as a platform to build a private cloud powered by Infrastructure-as-Code approach -* [**Using Cozystack as Kubernetes distribution**](https://cozystack.io/docs/use-cases/kubernetes-distribution/) -You can use Cozystack as Kubernetes distribution for Bare Metal +* [**Using Cozystack as a Kubernetes distribution**](https://cozystack.io/docs/guides/use-cases/kubernetes-distribution/) +You can use Cozystack as a Kubernetes distribution for Bare Metal ## Screenshot @@ -33,11 +34,11 @@ You can use Cozystack as Kubernetes distribution for Bare Metal ## Documentation -The documentation is located on official [cozystack.io](https://cozystack.io) website. +The documentation is located on the [cozystack.io](https://cozystack.io) website. -Read [Get Started](https://cozystack.io/docs/get-started/) section for a quick start. +Read the [Getting Started](https://cozystack.io/docs/getting-started/) section for a quick start. -If you encounter any difficulties, start with the [troubleshooting guide](https://cozystack.io/docs/troubleshooting/), and work your way through the process that we've outlined. +If you encounter any difficulties, start with the [troubleshooting guide](https://cozystack.io/docs/operations/troubleshooting/) and work your way through the process that we've outlined. ## Versioning @@ -50,15 +51,15 @@ A full list of the available releases is available in the GitHub repository's [R Contributions are highly appreciated and very welcomed! -In case of bugs, please, check if the issue has been already opened by checking the [GitHub Issues](https://github.com/cozystack/cozystack/issues) section. -In case it isn't, you can open a new one: a detailed report will help us to replicate it, assess it, and work on a fix. +In case of bugs, please check if the issue has already been opened by checking the [GitHub Issues](https://github.com/cozystack/cozystack/issues) section. +If it isn't, you can open a new one. A detailed report will help us replicate it, assess it, and work on a fix. -You can express your intention in working on the fix on your own. +You can express your intention to on the fix on your own. Commits are used to generate the changelog, and their author will be referenced in it. -In case of **Feature Requests** please use the [Discussion's Feature Request section](https://github.com/cozystack/cozystack/discussions/categories/feature-requests). +If you have **Feature Requests** please use the [Discussion's Feature Request section](https://github.com/cozystack/cozystack/discussions/categories/feature-requests). -You can join our weekly community meetings (just add this events to your [Google Calendar](https://calendar.google.com/calendar?cid=ZTQzZDIxZTVjOWI0NWE5NWYyOGM1ZDY0OWMyY2IxZTFmNDMzZTJlNjUzYjU2ZGJiZGE3NGNhMzA2ZjBkMGY2OEBncm91cC5jYWxlbmRhci5nb29nbGUuY29t) or [iCal](https://calendar.google.com/calendar/ical/e43d21e5c9b45a95f28c5d649c2cb1e1f433e2e653b56dbbda74ca306f0d0f68%40group.calendar.google.com/public/basic.ics)) or [Telegram group](https://t.me/cozystack). +You are welcome to join our weekly community meetings (just add this events to your [Google Calendar](https://calendar.google.com/calendar?cid=ZTQzZDIxZTVjOWI0NWE5NWYyOGM1ZDY0OWMyY2IxZTFmNDMzZTJlNjUzYjU2ZGJiZGE3NGNhMzA2ZjBkMGY2OEBncm91cC5jYWxlbmRhci5nb29nbGUuY29t) or [iCal](https://calendar.google.com/calendar/ical/e43d21e5c9b45a95f28c5d649c2cb1e1f433e2e653b56dbbda74ca306f0d0f68%40group.calendar.google.com/public/basic.ics)) or [Telegram group](https://t.me/cozystack). ## License diff --git a/cmd/cozystack-controller/main.go b/cmd/cozystack-controller/main.go index 22471047..f1c10c10 100644 --- a/cmd/cozystack-controller/main.go +++ b/cmd/cozystack-controller/main.go @@ -178,6 +178,15 @@ func main() { setupLog.Error(err, "unable to create controller", "controller", "WorkloadMonitor") os.Exit(1) } + + if err = (&controller.WorkloadReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "Workload") + os.Exit(1) + } + // +kubebuilder:scaffold:builder if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { diff --git a/hack/e2e.sh b/hack/e2e.sh index c99b7cc1..33d0db16 100755 --- a/hack/e2e.sh +++ b/hack/e2e.sh @@ -84,7 +84,7 @@ done # Start VMs for i in 1 2 3; do - qemu-system-x86_64 -machine type=pc,accel=kvm -cpu host -smp 4 -m 8192 \ + qemu-system-x86_64 -machine type=pc,accel=kvm -cpu host -smp 8 -m 16384 \ -device virtio-net,netdev=net0,mac=52:54:00:12:34:5$i -netdev tap,id=net0,ifname=cozy-srv$i,script=no,downscript=no \ -drive file=srv$i/system.img,if=virtio,format=raw \ -drive file=srv$i/seed.img,if=virtio,format=raw \ @@ -113,6 +113,11 @@ machine: - usermode_helper=disabled - name: zfs - name: spl + registries: + mirrors: + docker.io: + endpoints: + - https://mirror.gcr.io files: - content: | [plugins] @@ -313,7 +318,12 @@ kubectl patch -n tenant-root tenants.apps.cozystack.io root --type=merge -p '{"s timeout 60 sh -c 'until kubectl get hr -n tenant-root etcd ingress monitoring tenant-root; do sleep 1; done' # Wait for HelmReleases be installed -kubectl wait --timeout=2m --for=condition=ready -n tenant-root hr etcd ingress monitoring tenant-root +kubectl wait --timeout=2m --for=condition=ready -n tenant-root hr etcd ingress tenant-root + +if ! kubectl wait --timeout=2m --for=condition=ready -n tenant-root hr monitoring; then + flux reconcile hr monitoring -n tenant-root --force + kubectl wait --timeout=2m --for=condition=ready -n tenant-root hr monitoring +fi kubectl patch -n tenant-root ingresses.apps.cozystack.io ingress --type=merge -p '{"spec":{ "dashboard": true @@ -328,7 +338,7 @@ kubectl wait --timeout=5m --for=jsonpath=.status.readyReplicas=3 -n tenant-root # Wait for Victoria metrics kubectl wait --timeout=5m --for=jsonpath=.status.updateStatus=operational -n tenant-root vmalert/vmalert-shortterm vmalertmanager/alertmanager -kubectl wait --timeout=5m --for=jsonpath=.status.status=operational -n tenant-root vlogs/generic +kubectl wait --timeout=5m --for=jsonpath=.status.updateStatus=operational -n tenant-root vlogs/generic kubectl wait --timeout=5m --for=jsonpath=.status.clusterStatus=operational -n tenant-root vmcluster/shortterm vmcluster/longterm # Wait for grafana diff --git a/hack/gen_versions_map.sh b/hack/gen_versions_map.sh index d2eb0acc..3b65bb4f 100755 --- a/hack/gen_versions_map.sh +++ b/hack/gen_versions_map.sh @@ -1,12 +1,13 @@ #!/bin/sh set -e + file=versions_map + charts=$(find . -mindepth 2 -maxdepth 2 -name Chart.yaml | awk 'sub("/Chart.yaml", "")') -# new_map=$( for chart in $charts; do - awk '/^name:/ {chart=$2} /^version:/ {version=$2} END{printf "%s %s %s\n", chart, version, "HEAD"}' $chart/Chart.yaml + awk '/^name:/ {chart=$2} /^version:/ {version=$2} END{printf "%s %s %s\n", chart, version, "HEAD"}' "$chart/Chart.yaml" done ) @@ -15,47 +16,46 @@ if [ ! -f "$file" ] || [ ! -s "$file" ]; then exit 0 fi -miss_map=$(echo "$new_map" | awk 'NR==FNR { new_map[$1 " " $2] = $3; next } { if (!($1 " " $2 in new_map)) print $1, $2, $3}' - $file) +miss_map=$(echo "$new_map" | awk 'NR==FNR { nm[$1 " " $2] = $3; next } { if (!($1 " " $2 in nm)) print $1, $2, $3}' - "$file") + +# search accross all tags sorted by version +search_commits=$(git ls-remote --tags origin | awk -F/ '$3 ~ /v[0-9]+.[0-9]+.[0-9]+/ {print}' | sort -k2,2 -rV | awk '{print $1}') resolved_miss_map=$( - echo "$miss_map" | while read chart version commit; do - if [ "$commit" = HEAD ]; then - line=$(awk '/^version:/ {print NR; exit}' "./$chart/Chart.yaml") - change_commit=$(git --no-pager blame -L"$line",+1 -- "$chart/Chart.yaml" | awk '{print $1}') - - if [ "$change_commit" = "00000000" ]; then - # Not committed yet, use previous commit - line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}') - commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}') - if [ $(echo $commit | cut -c1) = "^" ]; then - # Previous commit not exists - commit=$(echo $commit | cut -c2-) - fi - else - # Committed, but version_map wasn't updated - line=$(git show HEAD:"./$chart/Chart.yaml" | awk '/^version:/ {print NR; exit}') - change_commit=$(git --no-pager blame -L"$line",+1 HEAD -- "$chart/Chart.yaml" | awk '{print $1}') - if [ $(echo $change_commit | cut -c1) = "^" ]; then - # Previous commit not exists - commit=$(echo $change_commit | cut -c2-) - else - commit=$(git describe --always "$change_commit~1") - fi + echo "$miss_map" | while read -r chart version commit; do + # if version is found in HEAD, it's HEAD + if [ $(awk '$1 == "version:" {print $2}' ./${chart}/Chart.yaml) = "${version}" ]; then + echo "$chart $version HEAD" + continue + fi + + # if commit is not HEAD, check if it's valid + if [ $commit != "HEAD" ]; then + if [ $(git show "${commit}:./${chart}/Chart.yaml" 2>/dev/null | awk '$1 == "version:" {print $2}') != "${version}" ]; then + echo "Commit $commit for $chart $version is not valid" >&2 + exit 1 fi - # Check if the commit belongs to the main branch - if ! git merge-base --is-ancestor "$commit" main; then - # Find the closest parent commit that belongs to main - commit_in_main=$(git log --pretty=format:"%h" main -- "$chart" | head -n 1) - if [ -n "$commit_in_main" ]; then - commit="$commit_in_main" - else - # No valid commit found in main branch for $chart, skipping..." - continue - fi - fi + commit=$(git rev-parse --short "$commit") + echo "$chart $version $commit" + continue fi - echo "$chart $version $commit" + + # if commit is HEAD, but version is not found in HEAD, check all tags + found_tag="" + for tag in $search_commits; do + if [ $(git show "${tag}:./${chart}/Chart.yaml" 2>/dev/null | awk '$1 == "version:" {print $2}') = "${version}" ]; then + found_tag=$(git rev-parse --short "${tag}") + break + fi + done + + if [ -z "$found_tag" ]; then + echo "Can't find $chart $version in any version tag, removing it" >&2 + continue + fi + + echo "$chart $version $found_tag" done ) diff --git a/hack/upload-assets.sh b/hack/upload-assets.sh new file mode 100755 index 00000000..9788c04f --- /dev/null +++ b/hack/upload-assets.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -xe + +version=${VERSION:-$(git describe --tags)} + +gh release upload --clobber $version _out/assets/cozystack-installer.yaml +gh release upload --clobber $version _out/assets/metal-amd64.iso +gh release upload --clobber $version _out/assets/metal-amd64.raw.xz +gh release upload --clobber $version _out/assets/nocloud-amd64.raw.xz +gh release upload --clobber $version _out/assets/kernel-amd64 +gh release upload --clobber $version _out/assets/initramfs-metal-amd64.xz diff --git a/internal/controller/workload_controller.go b/internal/controller/workload_controller.go new file mode 100644 index 00000000..7b7f8406 --- /dev/null +++ b/internal/controller/workload_controller.go @@ -0,0 +1,87 @@ +package controller + +import ( + "context" + "strings" + + corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/log" + + cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" +) + +// WorkloadMonitorReconciler reconciles a WorkloadMonitor object +type WorkloadReconciler struct { + client.Client + Scheme *runtime.Scheme +} + +func (r *WorkloadReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + logger := log.FromContext(ctx) + w := &cozyv1alpha1.Workload{} + err := r.Get(ctx, req.NamespacedName, w) + if err != nil { + if apierrors.IsNotFound(err) { + return ctrl.Result{}, nil + } + logger.Error(err, "Unable to fetch Workload") + return ctrl.Result{}, err + } + + // it's being deleted, nothing to handle + if w.DeletionTimestamp != nil { + return ctrl.Result{}, nil + } + + t := getMonitoredObject(w) + err = r.Get(ctx, types.NamespacedName{Name: t.GetName(), Namespace: t.GetNamespace()}, t) + + // found object, nothing to do + if err == nil { + return ctrl.Result{}, nil + } + + // error getting object but not 404 -- requeue + if !apierrors.IsNotFound(err) { + logger.Error(err, "failed to get dependent object", "kind", t.GetObjectKind(), "dependent-object-name", t.GetName()) + return ctrl.Result{}, err + } + + err = r.Delete(ctx, w) + if err != nil { + logger.Error(err, "failed to delete workload") + } + return ctrl.Result{}, err +} + +// SetupWithManager registers our controller with the Manager and sets up watches. +func (r *WorkloadReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + // Watch WorkloadMonitor objects + For(&cozyv1alpha1.Workload{}). + Complete(r) +} + +func getMonitoredObject(w *cozyv1alpha1.Workload) client.Object { + if strings.HasPrefix(w.Name, "pvc-") { + obj := &corev1.PersistentVolumeClaim{} + obj.Name = strings.TrimPrefix(w.Name, "pvc-") + obj.Namespace = w.Namespace + return obj + } + if strings.HasPrefix(w.Name, "svc-") { + obj := &corev1.Service{} + obj.Name = strings.TrimPrefix(w.Name, "svc-") + obj.Namespace = w.Namespace + return obj + } + obj := &corev1.Pod{} + obj.Name = w.Name + obj.Namespace = w.Namespace + return obj +} diff --git a/internal/controller/workloadmonitor_controller.go b/internal/controller/workloadmonitor_controller.go index a6958fe2..1c23a749 100644 --- a/internal/controller/workloadmonitor_controller.go +++ b/internal/controller/workloadmonitor_controller.go @@ -3,6 +3,7 @@ package controller import ( "context" "encoding/json" + "fmt" "sort" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -33,6 +34,17 @@ type WorkloadMonitorReconciler struct { // +kubebuilder:rbac:groups=cozystack.io,resources=workloads,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=cozystack.io,resources=workloads/status,verbs=get;update;patch // +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch +// +kubebuilder:rbac:groups=core,resources=persistentvolumeclaims,verbs=get;list;watch + +// isServiceReady checks if the service has an external IP bound +func (r *WorkloadMonitorReconciler) isServiceReady(svc *corev1.Service) bool { + return len(svc.Status.LoadBalancer.Ingress) > 0 +} + +// isPVCReady checks if the PVC is bound +func (r *WorkloadMonitorReconciler) isPVCReady(pvc *corev1.PersistentVolumeClaim) bool { + return pvc.Status.Phase == corev1.ClaimBound +} // isPodReady checks if the Pod is in the Ready condition. func (r *WorkloadMonitorReconciler) isPodReady(pod *corev1.Pod) bool { @@ -88,6 +100,96 @@ func updateOwnerReferences(obj metav1.Object, monitor client.Object) { obj.SetOwnerReferences(owners) } +// reconcileServiceForMonitor creates or updates a Workload object for the given Service and WorkloadMonitor. +func (r *WorkloadMonitorReconciler) reconcileServiceForMonitor( + ctx context.Context, + monitor *cozyv1alpha1.WorkloadMonitor, + svc corev1.Service, +) error { + logger := log.FromContext(ctx) + workload := &cozyv1alpha1.Workload{ + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("svc-%s", svc.Name), + Namespace: svc.Namespace, + }, + } + + resources := make(map[string]resource.Quantity) + + q := resource.MustParse("0") + + for _, ing := range svc.Status.LoadBalancer.Ingress { + if ing.IP != "" { + q.Add(resource.MustParse("1")) + } + } + + resources["public-ips"] = q + + _, err := ctrl.CreateOrUpdate(ctx, r.Client, workload, func() error { + // Update owner references with the new monitor + updateOwnerReferences(workload.GetObjectMeta(), monitor) + + workload.Labels = svc.Labels + + // Fill Workload status fields: + workload.Status.Kind = monitor.Spec.Kind + workload.Status.Type = monitor.Spec.Type + workload.Status.Resources = resources + workload.Status.Operational = r.isServiceReady(&svc) + + return nil + }) + if err != nil { + logger.Error(err, "Failed to CreateOrUpdate Workload", "workload", workload.Name) + return err + } + + return nil +} + +// reconcilePVCForMonitor creates or updates a Workload object for the given PVC and WorkloadMonitor. +func (r *WorkloadMonitorReconciler) reconcilePVCForMonitor( + ctx context.Context, + monitor *cozyv1alpha1.WorkloadMonitor, + pvc corev1.PersistentVolumeClaim, +) error { + logger := log.FromContext(ctx) + workload := &cozyv1alpha1.Workload{ + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("pvc-%s", pvc.Name), + Namespace: pvc.Namespace, + }, + } + + resources := make(map[string]resource.Quantity) + + for resourceName, resourceQuantity := range pvc.Status.Capacity { + resources[resourceName.String()] = resourceQuantity + } + + _, err := ctrl.CreateOrUpdate(ctx, r.Client, workload, func() error { + // Update owner references with the new monitor + updateOwnerReferences(workload.GetObjectMeta(), monitor) + + workload.Labels = pvc.Labels + + // Fill Workload status fields: + workload.Status.Kind = monitor.Spec.Kind + workload.Status.Type = monitor.Spec.Type + workload.Status.Resources = resources + workload.Status.Operational = r.isPVCReady(&pvc) + + return nil + }) + if err != nil { + logger.Error(err, "Failed to CreateOrUpdate Workload", "workload", workload.Name) + return err + } + + return nil +} + // reconcilePodForMonitor creates or updates a Workload object for the given Pod and WorkloadMonitor. func (r *WorkloadMonitorReconciler) reconcilePodForMonitor( ctx context.Context, @@ -205,6 +307,45 @@ func (r *WorkloadMonitorReconciler) Reconcile(ctx context.Context, req ctrl.Requ } } + pvcList := &corev1.PersistentVolumeClaimList{} + if err := r.List( + ctx, + pvcList, + client.InNamespace(monitor.Namespace), + client.MatchingLabels(monitor.Spec.Selector), + ); err != nil { + logger.Error(err, "Unable to list PVCs for WorkloadMonitor", "monitor", monitor.Name) + return ctrl.Result{}, err + } + + for _, pvc := range pvcList.Items { + if err := r.reconcilePVCForMonitor(ctx, monitor, pvc); err != nil { + logger.Error(err, "Failed to reconcile Workload for PVC", "PVC", pvc.Name) + continue + } + } + + svcList := &corev1.ServiceList{} + if err := r.List( + ctx, + svcList, + client.InNamespace(monitor.Namespace), + client.MatchingLabels(monitor.Spec.Selector), + ); err != nil { + logger.Error(err, "Unable to list Services for WorkloadMonitor", "monitor", monitor.Name) + return ctrl.Result{}, err + } + + for _, svc := range svcList.Items { + if svc.Spec.Type != corev1.ServiceTypeLoadBalancer { + continue + } + if err := r.reconcileServiceForMonitor(ctx, monitor, svc); err != nil { + logger.Error(err, "Failed to reconcile Workload for Service", "Service", svc.Name) + continue + } + } + // Update WorkloadMonitor status based on observed pods monitor.Status.ObservedReplicas = observedReplicas monitor.Status.AvailableReplicas = availableReplicas @@ -233,41 +374,51 @@ func (r *WorkloadMonitorReconciler) SetupWithManager(mgr ctrl.Manager) error { // Also watch Pod objects and map them back to WorkloadMonitor if labels match Watches( &corev1.Pod{}, - handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, obj client.Object) []reconcile.Request { - pod, ok := obj.(*corev1.Pod) - if !ok { - return nil - } - - var monitorList cozyv1alpha1.WorkloadMonitorList - // List all WorkloadMonitors in the same namespace - if err := r.List(ctx, &monitorList, client.InNamespace(pod.Namespace)); err != nil { - return nil - } - - // Match each monitor's selector with the Pod's labels - var requests []reconcile.Request - for _, m := range monitorList.Items { - matches := true - for k, v := range m.Spec.Selector { - if podVal, exists := pod.Labels[k]; !exists || podVal != v { - matches = false - break - } - } - if matches { - requests = append(requests, reconcile.Request{ - NamespacedName: types.NamespacedName{ - Namespace: m.Namespace, - Name: m.Name, - }, - }) - } - } - return requests - }), + handler.EnqueueRequestsFromMapFunc(mapObjectToMonitor(&corev1.Pod{}, r.Client)), + ). + // Watch PVCs as well + Watches( + &corev1.PersistentVolumeClaim{}, + handler.EnqueueRequestsFromMapFunc(mapObjectToMonitor(&corev1.PersistentVolumeClaim{}, r.Client)), ). // Watch for changes to Workload objects we create (owned by WorkloadMonitor) Owns(&cozyv1alpha1.Workload{}). Complete(r) } + +func mapObjectToMonitor[T client.Object](_ T, c client.Client) func(ctx context.Context, obj client.Object) []reconcile.Request { + return func(ctx context.Context, obj client.Object) []reconcile.Request { + concrete, ok := obj.(T) + if !ok { + return nil + } + + var monitorList cozyv1alpha1.WorkloadMonitorList + // List all WorkloadMonitors in the same namespace + if err := c.List(ctx, &monitorList, client.InNamespace(concrete.GetNamespace())); err != nil { + return nil + } + + labels := concrete.GetLabels() + // Match each monitor's selector with the Pod's labels + var requests []reconcile.Request + for _, m := range monitorList.Items { + matches := true + for k, v := range m.Spec.Selector { + if labelVal, exists := labels[k]; !exists || labelVal != v { + matches = false + break + } + } + if matches { + requests = append(requests, reconcile.Request{ + NamespacedName: types.NamespacedName{ + Namespace: m.Namespace, + Name: m.Name, + }, + }) + } + } + return requests + } +} diff --git a/manifests/cozystack-installer.yaml b/manifests/cozystack-installer.yaml deleted file mode 100644 index d0d72757..00000000 --- a/manifests/cozystack-installer.yaml +++ /dev/null @@ -1,105 +0,0 @@ ---- -# Source: cozy-installer/templates/cozystack.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: cozy-system - labels: - cozystack.io/system: "true" - pod-security.kubernetes.io/enforce: privileged ---- -# Source: cozy-installer/templates/cozystack.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: cozystack - namespace: cozy-system ---- -# Source: cozy-installer/templates/cozystack.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cozystack -subjects: -- kind: ServiceAccount - name: cozystack - namespace: cozy-system -roleRef: - kind: ClusterRole - name: cluster-admin - apiGroup: rbac.authorization.k8s.io ---- -# Source: cozy-installer/templates/cozystack.yaml -apiVersion: v1 -kind: Service -metadata: - name: cozystack - namespace: cozy-system -spec: - ports: - - name: http - port: 80 - targetPort: 8123 - selector: - app: cozystack - type: ClusterIP ---- -# Source: cozy-installer/templates/cozystack.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cozystack - namespace: cozy-system -spec: - replicas: 1 - selector: - matchLabels: - app: cozystack - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - template: - metadata: - labels: - app: cozystack - spec: - hostNetwork: true - serviceAccountName: cozystack - containers: - - name: cozystack - image: "ghcr.io/cozystack/cozystack/installer:v0.28.0" - env: - - name: KUBERNETES_SERVICE_HOST - value: localhost - - name: KUBERNETES_SERVICE_PORT - value: "7445" - - name: K8S_AWAIT_ELECTION_ENABLED - value: "1" - - name: K8S_AWAIT_ELECTION_NAME - value: cozystack - - name: K8S_AWAIT_ELECTION_LOCK_NAME - value: cozystack - - name: K8S_AWAIT_ELECTION_LOCK_NAMESPACE - value: cozy-system - - name: K8S_AWAIT_ELECTION_IDENTITY - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: assets - image: "ghcr.io/cozystack/cozystack/installer:v0.28.0" - command: - - /usr/bin/cozystack-assets-server - - "-dir=/cozystack/assets" - - "-address=:8123" - ports: - - name: http - containerPort: 8123 - tolerations: - - key: "node.kubernetes.io/not-ready" - operator: "Exists" - effect: "NoSchedule" - - key: "node.cilium.io/agent-not-ready" - operator: "Exists" - effect: "NoSchedule" diff --git a/packages/apps/clickhouse/images/clickhouse-backup.tag b/packages/apps/clickhouse/images/clickhouse-backup.tag index 00acbf1e..82eb1df5 100644 --- a/packages/apps/clickhouse/images/clickhouse-backup.tag +++ b/packages/apps/clickhouse/images/clickhouse-backup.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/clickhouse-backup:0.6.2@sha256:67dd53efa86b704fc5cb876aca055fef294b31ab67899b683a4821ea12582ea7 +ghcr.io/cozystack/cozystack/clickhouse-backup:0.7.0@sha256:3faf7a4cebf390b9053763107482de175aa0fdb88c1e77424fd81100b1c3a205 diff --git a/packages/apps/ferretdb/images/postgres-backup.tag b/packages/apps/ferretdb/images/postgres-backup.tag index f0446d42..631a088b 100644 --- a/packages/apps/ferretdb/images/postgres-backup.tag +++ b/packages/apps/ferretdb/images/postgres-backup.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/postgres-backup:0.9.0@sha256:2b6ba87f5688a439bd2ac12835a5ab9e601feb15c0c44ed0d9ca48cec7c52521 +ghcr.io/cozystack/cozystack/postgres-backup:0.10.0@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f diff --git a/packages/apps/http-cache/images/nginx-cache.tag b/packages/apps/http-cache/images/nginx-cache.tag index b8aee4b0..131a2ea6 100644 --- a/packages/apps/http-cache/images/nginx-cache.tag +++ b/packages/apps/http-cache/images/nginx-cache.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/nginx-cache:0.3.1@sha256:2b82eae28239ca0f9968602c69bbb752cd2a5818e64934ccd06cb91d95d019c7 +ghcr.io/cozystack/cozystack/nginx-cache:0.4.0@sha256:529650c1aa6ee4ceba74af35b526e4e6f4ad44d9a8a75d1f2f2dbb015cbf194c diff --git a/packages/apps/kubernetes/Chart.yaml b/packages/apps/kubernetes/Chart.yaml index bde52de2..42dcbf5c 100644 --- a/packages/apps/kubernetes/Chart.yaml +++ b/packages/apps/kubernetes/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.17.0 +version: 0.17.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/kubernetes/images/cluster-autoscaler.tag b/packages/apps/kubernetes/images/cluster-autoscaler.tag index df5eadf1..fc8cf0dd 100644 --- a/packages/apps/kubernetes/images/cluster-autoscaler.tag +++ b/packages/apps/kubernetes/images/cluster-autoscaler.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/cluster-autoscaler:0.15.2@sha256:967e51702102d0dbd97f9847de4159d62681b31eb606322d2c29755393c2236e +ghcr.io/cozystack/cozystack/cluster-autoscaler:0.17.1@sha256:85371c6aabf5a7fea2214556deac930c600e362f92673464fe2443784e2869c3 diff --git a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag index 28af4247..7b8702e1 100644 --- a/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag +++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.15.2@sha256:5e054eae6274963b6e84f87bf3330c94325103c6407b08bfb1189da721333b5c +ghcr.io/cozystack/cozystack/kubevirt-cloud-provider:0.17.1@sha256:795d8e1ef4b2b0df2aa1e09d96cd13476ebb545b4bf4b5779b7547a70ef64cf9 diff --git a/packages/apps/kubernetes/images/kubevirt-cloud-provider/Dockerfile b/packages/apps/kubernetes/images/kubevirt-cloud-provider/Dockerfile index a6485ba6..97760bd7 100644 --- a/packages/apps/kubernetes/images/kubevirt-cloud-provider/Dockerfile +++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider/Dockerfile @@ -3,12 +3,11 @@ FROM --platform=linux/amd64 golang:1.20.6 AS builder RUN git clone https://github.com/kubevirt/cloud-provider-kubevirt /go/src/kubevirt.io/cloud-provider-kubevirt \ && cd /go/src/kubevirt.io/cloud-provider-kubevirt \ - && git checkout da9e0cf + && git checkout 443a1fe WORKDIR /go/src/kubevirt.io/cloud-provider-kubevirt # see: https://github.com/kubevirt/cloud-provider-kubevirt/pull/335 -# see: https://github.com/kubevirt/cloud-provider-kubevirt/pull/336 ADD patches /patches RUN git apply /patches/*.diff RUN go get 'k8s.io/endpointslice/util@v0.28' 'k8s.io/apiserver@v0.28' diff --git a/packages/apps/kubernetes/images/kubevirt-cloud-provider/patches/335.diff b/packages/apps/kubernetes/images/kubevirt-cloud-provider/patches/335.diff deleted file mode 100644 index 03ef6ddb..00000000 --- a/packages/apps/kubernetes/images/kubevirt-cloud-provider/patches/335.diff +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/pkg/controller/kubevirteps/kubevirteps_controller.go b/pkg/controller/kubevirteps/kubevirteps_controller.go -index a3c1aa33..95c31438 100644 ---- a/pkg/controller/kubevirteps/kubevirteps_controller.go -+++ b/pkg/controller/kubevirteps/kubevirteps_controller.go -@@ -412,11 +412,11 @@ func (c *Controller) reconcileByAddressType(service *v1.Service, tenantSlices [] - // Create the desired port configuration - var desiredPorts []discovery.EndpointPort - -- for _, port := range service.Spec.Ports { -+ for i := range service.Spec.Ports { - desiredPorts = append(desiredPorts, discovery.EndpointPort{ -- Port: &port.TargetPort.IntVal, -- Protocol: &port.Protocol, -- Name: &port.Name, -+ Port: &service.Spec.Ports[i].TargetPort.IntVal, -+ Protocol: &service.Spec.Ports[i].Protocol, -+ Name: &service.Spec.Ports[i].Name, - }) - } - diff --git a/packages/apps/kubernetes/images/kubevirt-cloud-provider/patches/336.diff b/packages/apps/kubernetes/images/kubevirt-cloud-provider/patches/336.diff deleted file mode 100644 index 985e456b..00000000 --- a/packages/apps/kubernetes/images/kubevirt-cloud-provider/patches/336.diff +++ /dev/null @@ -1,129 +0,0 @@ -diff --git a/pkg/controller/kubevirteps/kubevirteps_controller.go b/pkg/controller/kubevirteps/kubevirteps_controller.go -index a3c1aa33..6f6e3d32 100644 ---- a/pkg/controller/kubevirteps/kubevirteps_controller.go -+++ b/pkg/controller/kubevirteps/kubevirteps_controller.go -@@ -108,32 +108,24 @@ func newRequest(reqType ReqType, obj interface{}, oldObj interface{}) *Request { - } - - func (c *Controller) Init() error { -- -- // Act on events from Services on the infra cluster. These are created by the EnsureLoadBalancer function. -- // We need to watch for these events so that we can update the EndpointSlices in the infra cluster accordingly. -+ // Existing Service event handlers... - _, err := c.infraFactory.Core().V1().Services().Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: func(obj interface{}) { -- // cast obj to Service - svc := obj.(*v1.Service) -- // Only act on Services of type LoadBalancer - if svc.Spec.Type == v1.ServiceTypeLoadBalancer { - klog.Infof("Service added: %v/%v", svc.Namespace, svc.Name) - c.queue.Add(newRequest(AddReq, obj, nil)) - } - }, - UpdateFunc: func(oldObj, newObj interface{}) { -- // cast obj to Service - newSvc := newObj.(*v1.Service) -- // Only act on Services of type LoadBalancer - if newSvc.Spec.Type == v1.ServiceTypeLoadBalancer { - klog.Infof("Service updated: %v/%v", newSvc.Namespace, newSvc.Name) - c.queue.Add(newRequest(UpdateReq, newObj, oldObj)) - } - }, - DeleteFunc: func(obj interface{}) { -- // cast obj to Service - svc := obj.(*v1.Service) -- // Only act on Services of type LoadBalancer - if svc.Spec.Type == v1.ServiceTypeLoadBalancer { - klog.Infof("Service deleted: %v/%v", svc.Namespace, svc.Name) - c.queue.Add(newRequest(DeleteReq, obj, nil)) -@@ -144,7 +136,7 @@ func (c *Controller) Init() error { - return err - } - -- // Monitor endpoint slices that we are interested in based on known services in the infra cluster -+ // Existing EndpointSlice event handlers in tenant cluster... - _, err = c.tenantFactory.Discovery().V1().EndpointSlices().Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: func(obj interface{}) { - eps := obj.(*discovery.EndpointSlice) -@@ -194,10 +186,80 @@ func (c *Controller) Init() error { - return err - } - -- //TODO: Add informer for EndpointSlices in the infra cluster to watch for (unwanted) changes -+ // Add an informer for EndpointSlices in the infra cluster -+ _, err = c.infraFactory.Discovery().V1().EndpointSlices().Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ -+ AddFunc: func(obj interface{}) { -+ eps := obj.(*discovery.EndpointSlice) -+ if c.managedByController(eps) { -+ svc, svcErr := c.getInfraServiceForEPS(context.TODO(), eps) -+ if svcErr != nil { -+ klog.Errorf("Failed to get infra Service for EndpointSlice %s/%s: %v", eps.Namespace, eps.Name, svcErr) -+ return -+ } -+ if svc != nil { -+ klog.Infof("Infra EndpointSlice added: %v/%v, requeuing Service: %v/%v", eps.Namespace, eps.Name, svc.Namespace, svc.Name) -+ c.queue.Add(newRequest(AddReq, svc, nil)) -+ } -+ } -+ }, -+ UpdateFunc: func(oldObj, newObj interface{}) { -+ eps := newObj.(*discovery.EndpointSlice) -+ if c.managedByController(eps) { -+ svc, svcErr := c.getInfraServiceForEPS(context.TODO(), eps) -+ if svcErr != nil { -+ klog.Errorf("Failed to get infra Service for EndpointSlice %s/%s: %v", eps.Namespace, eps.Name, svcErr) -+ return -+ } -+ if svc != nil { -+ klog.Infof("Infra EndpointSlice updated: %v/%v, requeuing Service: %v/%v", eps.Namespace, eps.Name, svc.Namespace, svc.Name) -+ c.queue.Add(newRequest(UpdateReq, svc, nil)) -+ } -+ } -+ }, -+ DeleteFunc: func(obj interface{}) { -+ eps := obj.(*discovery.EndpointSlice) -+ if c.managedByController(eps) { -+ svc, svcErr := c.getInfraServiceForEPS(context.TODO(), eps) -+ if svcErr != nil { -+ klog.Errorf("Failed to get infra Service for EndpointSlice %s/%s on delete: %v", eps.Namespace, eps.Name, svcErr) -+ return -+ } -+ if svc != nil { -+ klog.Infof("Infra EndpointSlice deleted: %v/%v, requeuing Service: %v/%v", eps.Namespace, eps.Name, svc.Namespace, svc.Name) -+ c.queue.Add(newRequest(DeleteReq, svc, nil)) -+ } -+ } -+ }, -+ }) -+ if err != nil { -+ return err -+ } -+ - return nil - } - -+// getInfraServiceForEPS returns the Service in the infra cluster associated with the given EndpointSlice. -+// It does this by reading the "kubernetes.io/service-name" label from the EndpointSlice, which should correspond -+// to the Service name. If not found or if the Service doesn't exist, it returns nil. -+func (c *Controller) getInfraServiceForEPS(ctx context.Context, eps *discovery.EndpointSlice) (*v1.Service, error) { -+ svcName := eps.Labels[discovery.LabelServiceName] -+ if svcName == "" { -+ // No service name label found, can't determine infra service. -+ return nil, nil -+ } -+ -+ svc, err := c.infraClient.CoreV1().Services(c.infraNamespace).Get(ctx, svcName, metav1.GetOptions{}) -+ if err != nil { -+ if k8serrors.IsNotFound(err) { -+ // Service doesn't exist -+ return nil, nil -+ } -+ return nil, err -+ } -+ -+ return svc, nil -+} -+ - // Run starts an asynchronous loop that monitors and updates GKENetworkParamSet in the cluster. - func (c *Controller) Run(numWorkers int, stopCh <-chan struct{}, controllerManagerMetrics *controllersmetrics.ControllerManagerMetrics) { - defer utilruntime.HandleCrash() diff --git a/packages/apps/kubernetes/images/kubevirt-cloud-provider/patches/341.diff b/packages/apps/kubernetes/images/kubevirt-cloud-provider/patches/341.diff new file mode 100644 index 00000000..c9bf8a1c --- /dev/null +++ b/packages/apps/kubernetes/images/kubevirt-cloud-provider/patches/341.diff @@ -0,0 +1,689 @@ +diff --git a/.golangci.yml b/.golangci.yml +index cf72a41a2..1c9237e83 100644 +--- a/.golangci.yml ++++ b/.golangci.yml +@@ -122,3 +122,9 @@ linters: + # - testpackage + # - revive + # - wsl ++issues: ++ exclude-rules: ++ - filename: "kubevirteps_controller_test.go" ++ linters: ++ - govet ++ text: "declaration of \"err\" shadows" +diff --git a/cmd/kubevirt-cloud-controller-manager/kubevirteps.go b/cmd/kubevirt-cloud-controller-manager/kubevirteps.go +index 74166b5d9..4e744f8de 100644 +--- a/cmd/kubevirt-cloud-controller-manager/kubevirteps.go ++++ b/cmd/kubevirt-cloud-controller-manager/kubevirteps.go +@@ -101,7 +101,18 @@ func startKubevirtCloudController( + + klog.Infof("Setting up kubevirtEPSController") + +- kubevirtEPSController := kubevirteps.NewKubevirtEPSController(tenantClient, infraClient, infraDynamic, kubevirtCloud.Namespace()) ++ clusterName := ccmConfig.ComponentConfig.KubeCloudShared.ClusterName ++ if clusterName == "" { ++ klog.Fatalf("Required flag --cluster-name is missing") ++ } ++ ++ kubevirtEPSController := kubevirteps.NewKubevirtEPSController( ++ tenantClient, ++ infraClient, ++ infraDynamic, ++ kubevirtCloud.Namespace(), ++ clusterName, ++ ) + + klog.Infof("Initializing kubevirtEPSController") + +diff --git a/pkg/controller/kubevirteps/kubevirteps_controller.go b/pkg/controller/kubevirteps/kubevirteps_controller.go +index 6f6e3d322..b56882c12 100644 +--- a/pkg/controller/kubevirteps/kubevirteps_controller.go ++++ b/pkg/controller/kubevirteps/kubevirteps_controller.go +@@ -54,10 +54,10 @@ type Controller struct { + infraDynamic dynamic.Interface + infraFactory informers.SharedInformerFactory + +- infraNamespace string +- queue workqueue.RateLimitingInterface +- maxRetries int +- ++ infraNamespace string ++ clusterName string ++ queue workqueue.RateLimitingInterface ++ maxRetries int + maxEndPointsPerSlice int + } + +@@ -65,8 +65,9 @@ func NewKubevirtEPSController( + tenantClient kubernetes.Interface, + infraClient kubernetes.Interface, + infraDynamic dynamic.Interface, +- infraNamespace string) *Controller { +- ++ infraNamespace string, ++ clusterName string, ++) *Controller { + tenantFactory := informers.NewSharedInformerFactory(tenantClient, 0) + infraFactory := informers.NewSharedInformerFactoryWithOptions(infraClient, 0, informers.WithNamespace(infraNamespace)) + queue := workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter()) +@@ -79,6 +80,7 @@ func NewKubevirtEPSController( + infraDynamic: infraDynamic, + infraFactory: infraFactory, + infraNamespace: infraNamespace, ++ clusterName: clusterName, + queue: queue, + maxRetries: 25, + maxEndPointsPerSlice: 100, +@@ -320,22 +322,30 @@ func (c *Controller) processNextItem(ctx context.Context) bool { + + // getInfraServiceFromTenantEPS returns the Service in the infra cluster that is associated with the given tenant endpoint slice. + func (c *Controller) getInfraServiceFromTenantEPS(ctx context.Context, slice *discovery.EndpointSlice) (*v1.Service, error) { +- infraServices, err := c.infraClient.CoreV1().Services(c.infraNamespace).List(ctx, +- metav1.ListOptions{LabelSelector: fmt.Sprintf("%s=%s,%s=%s", kubevirt.TenantServiceNameLabelKey, slice.Labels["kubernetes.io/service-name"], +- kubevirt.TenantServiceNamespaceLabelKey, slice.Namespace)}) ++ tenantServiceName := slice.Labels[discovery.LabelServiceName] ++ tenantServiceNamespace := slice.Namespace ++ ++ labelSelector := fmt.Sprintf( ++ "%s=%s,%s=%s,%s=%s", ++ kubevirt.TenantServiceNameLabelKey, tenantServiceName, ++ kubevirt.TenantServiceNamespaceLabelKey, tenantServiceNamespace, ++ kubevirt.TenantClusterNameLabelKey, c.clusterName, ++ ) ++ ++ svcList, err := c.infraClient.CoreV1().Services(c.infraNamespace).List(ctx, metav1.ListOptions{ ++ LabelSelector: labelSelector, ++ }) + if err != nil { +- klog.Errorf("Failed to get Service in Infra for EndpointSlice %s in namespace %s: %v", slice.Name, slice.Namespace, err) ++ klog.Errorf("Failed to get Service in Infra for EndpointSlice %s in namespace %s: %v", slice.Name, tenantServiceNamespace, err) + return nil, err + } +- if len(infraServices.Items) > 1 { +- // This should never be possible, only one service should exist for a given tenant endpoint slice +- klog.Errorf("Multiple services found for tenant endpoint slice %s in namespace %s", slice.Name, slice.Namespace) ++ if len(svcList.Items) > 1 { ++ klog.Errorf("Multiple services found for tenant endpoint slice %s in namespace %s", slice.Name, tenantServiceNamespace) + return nil, errors.New("multiple services found for tenant endpoint slice") + } +- if len(infraServices.Items) == 1 { +- return &infraServices.Items[0], nil ++ if len(svcList.Items) == 1 { ++ return &svcList.Items[0], nil + } +- // No service found, possible if service is deleted. + return nil, nil + } + +@@ -363,16 +373,27 @@ func (c *Controller) getTenantEPSFromInfraService(ctx context.Context, svc *v1.S + // getInfraEPSFromInfraService returns the EndpointSlices in the infra cluster that are associated with the given infra service. + func (c *Controller) getInfraEPSFromInfraService(ctx context.Context, svc *v1.Service) ([]*discovery.EndpointSlice, error) { + var infraEPSSlices []*discovery.EndpointSlice +- klog.Infof("Searching for endpoints on infra cluster for service %s in namespace %s.", svc.Name, svc.Namespace) +- result, err := c.infraClient.DiscoveryV1().EndpointSlices(svc.Namespace).List(ctx, +- metav1.ListOptions{LabelSelector: fmt.Sprintf("%s=%s", discovery.LabelServiceName, svc.Name)}) ++ ++ klog.Infof("Searching for EndpointSlices in infra cluster for service %s/%s", svc.Namespace, svc.Name) ++ ++ labelSelector := fmt.Sprintf( ++ "%s=%s,%s=%s", ++ discovery.LabelServiceName, svc.Name, ++ kubevirt.TenantClusterNameLabelKey, c.clusterName, ++ ) ++ ++ result, err := c.infraClient.DiscoveryV1().EndpointSlices(svc.Namespace).List(ctx, metav1.ListOptions{ ++ LabelSelector: labelSelector, ++ }) + if err != nil { + klog.Errorf("Failed to get EndpointSlices for Service %s in namespace %s: %v", svc.Name, svc.Namespace, err) + return nil, err + } ++ + for _, eps := range result.Items { + infraEPSSlices = append(infraEPSSlices, &eps) + } ++ + return infraEPSSlices, nil + } + +@@ -382,74 +403,117 @@ func (c *Controller) reconcile(ctx context.Context, r *Request) error { + return errors.New("could not cast object to service") + } + ++ // Skip services not managed by this controller (missing required labels) + if service.Labels[kubevirt.TenantServiceNameLabelKey] == "" || + service.Labels[kubevirt.TenantServiceNamespaceLabelKey] == "" || + service.Labels[kubevirt.TenantClusterNameLabelKey] == "" { +- klog.Infof("This LoadBalancer Service: %s is not managed by the %s. Skipping.", service.Name, ControllerName) ++ klog.Infof("Service %s is not managed by this controller. Skipping.", service.Name) ++ return nil ++ } ++ ++ // Skip services for other clusters ++ if service.Labels[kubevirt.TenantClusterNameLabelKey] != c.clusterName { ++ klog.Infof("Skipping Service %s: cluster label %q doesn't match our clusterName %q", service.Name, service.Labels[kubevirt.TenantClusterNameLabelKey], c.clusterName) + return nil + } ++ + klog.Infof("Reconciling: %v", service.Name) + ++ /* ++ 1) Check if Service in the infra cluster is actually present. ++ If it's not found, mark it as 'deleted' so that we don't create new slices. ++ */ + serviceDeleted := false +- svc, err := c.infraFactory.Core().V1().Services().Lister().Services(c.infraNamespace).Get(service.Name) ++ infraSvc, err := c.infraFactory.Core().V1().Services().Lister().Services(c.infraNamespace).Get(service.Name) + if err != nil { +- klog.Infof("Service %s in namespace %s is deleted.", service.Name, service.Namespace) ++ // The Service is not present in the infra lister => treat as deleted ++ klog.Infof("Service %s in namespace %s is deleted (or not found).", service.Name, service.Namespace) + serviceDeleted = true + } else { +- service = svc ++ // Use the actual object from the lister, so we have the latest state ++ service = infraSvc + } + ++ /* ++ 2) Get all existing EndpointSlices in the infra cluster that belong to this LB Service. ++ We'll decide which of them should be updated or deleted. ++ */ + infraExistingEpSlices, err := c.getInfraEPSFromInfraService(ctx, service) + if err != nil { + return err + } + +- // At this point we have the current state of the 3 main objects we are interested in: +- // 1. The Service in the infra cluster, the one created by the KubevirtCloudController. +- // 2. The EndpointSlices in the tenant cluster, created for the tenant cluster's Service. +- // 3. The EndpointSlices in the infra cluster, managed by this controller. +- + slicesToDelete := []*discovery.EndpointSlice{} + slicesByAddressType := make(map[discovery.AddressType][]*discovery.EndpointSlice) + ++ // For example, if the service is single-stack IPv4 => only AddressTypeIPv4 ++ // or if dual-stack => IPv4 and IPv6, etc. + serviceSupportedAddressesTypes := getAddressTypesForService(service) +- // If the services switched to a different address type, we need to delete the old ones, because it's immutable. +- // If the services switched to a different externalTrafficPolicy, we need to delete the old ones. ++ ++ /* ++ 3) Determine which slices to delete, and which to pass on to the normal ++ "reconcileByAddressType" logic. ++ ++ - If 'serviceDeleted' is true OR service.Spec.Selector != nil, we remove them. ++ - Also, if the slice's address type is unsupported by the Service, we remove it. ++ */ + for _, eps := range infraExistingEpSlices { +- if service.Spec.Selector != nil || serviceDeleted { +- klog.Infof("Added for deletion EndpointSlice %s in namespace %s because it has a selector", eps.Name, eps.Namespace) +- // to be sure we don't delete any slice that is not managed by us ++ // If service is deleted or has a non-nil selector => remove slices ++ if serviceDeleted || service.Spec.Selector != nil { ++ /* ++ Only remove if it is clearly labeled as managed by us: ++ we do not want to accidentally remove slices that are not ++ created by this controller. ++ */ + if c.managedByController(eps) { ++ klog.Infof("Added for deletion EndpointSlice %s in namespace %s because service is deleted or has a selector", ++ eps.Name, eps.Namespace) + slicesToDelete = append(slicesToDelete, eps) + } + continue + } ++ ++ // If the Service does not support this slice's AddressType => remove + if !serviceSupportedAddressesTypes.Has(eps.AddressType) { +- klog.Infof("Added for deletion EndpointSlice %s in namespace %s because it has an unsupported address type: %v", eps.Name, eps.Namespace, eps.AddressType) ++ klog.Infof("Added for deletion EndpointSlice %s in namespace %s because it has an unsupported address type: %v", ++ eps.Name, eps.Namespace, eps.AddressType) + slicesToDelete = append(slicesToDelete, eps) + continue + } ++ ++ /* ++ Otherwise, this slice is potentially still valid for the given AddressType, ++ we'll send it to reconcileByAddressType for final merging and updates. ++ */ + slicesByAddressType[eps.AddressType] = append(slicesByAddressType[eps.AddressType], eps) + } + +- if !serviceDeleted { +- // Get tenant's endpoint slices for this service ++ /* ++ 4) If the Service was NOT deleted and has NO selector (i.e., it's a "no-selector" LB Service), ++ we proceed to handle creation and updates. That means: ++ - Gather Tenant's EndpointSlices ++ - Reconcile them by each AddressType ++ */ ++ if !serviceDeleted && service.Spec.Selector == nil { + tenantEpSlices, err := c.getTenantEPSFromInfraService(ctx, service) + if err != nil { + return err + } + +- // Reconcile the EndpointSlices for each address type e.g. ipv4, ipv6 ++ // For each addressType (ipv4, ipv6, etc.) reconcile the infra slices + for addressType := range serviceSupportedAddressesTypes { + existingSlices := slicesByAddressType[addressType] +- err := c.reconcileByAddressType(service, tenantEpSlices, existingSlices, addressType) +- if err != nil { ++ if err := c.reconcileByAddressType(service, tenantEpSlices, existingSlices, addressType); err != nil { + return err + } + } + } + +- // Delete the EndpointSlices that are no longer needed ++ /* ++ 5) Perform the actual deletion of all slices we flagged. ++ In many cases (serviceDeleted or .Spec.Selector != nil), ++ we end up with only "delete" actions and no new slice creation. ++ */ + for _, eps := range slicesToDelete { + err := c.infraClient.DiscoveryV1().EndpointSlices(eps.Namespace).Delete(context.TODO(), eps.Name, metav1.DeleteOptions{}) + if err != nil { +@@ -474,11 +538,11 @@ func (c *Controller) reconcileByAddressType(service *v1.Service, tenantSlices [] + // Create the desired port configuration + var desiredPorts []discovery.EndpointPort + +- for _, port := range service.Spec.Ports { ++ for i := range service.Spec.Ports { + desiredPorts = append(desiredPorts, discovery.EndpointPort{ +- Port: &port.TargetPort.IntVal, +- Protocol: &port.Protocol, +- Name: &port.Name, ++ Port: &service.Spec.Ports[i].TargetPort.IntVal, ++ Protocol: &service.Spec.Ports[i].Protocol, ++ Name: &service.Spec.Ports[i].Name, + }) + } + +@@ -588,55 +652,114 @@ func ownedBy(endpointSlice *discovery.EndpointSlice, svc *v1.Service) bool { + return false + } + +-func (c *Controller) finalize(service *v1.Service, slicesToCreate []*discovery.EndpointSlice, slicesToUpdate []*discovery.EndpointSlice, slicesToDelete []*discovery.EndpointSlice) error { +- // If there are slices to delete and slices to create, make them as update +- for i := 0; i < len(slicesToDelete); { ++func (c *Controller) finalize( ++ service *v1.Service, ++ slicesToCreate []*discovery.EndpointSlice, ++ slicesToUpdate []*discovery.EndpointSlice, ++ slicesToDelete []*discovery.EndpointSlice, ++) error { ++ /* ++ We try to turn a "delete + create" pair into a single "update" operation ++ if the original slice (slicesToDelete[i]) has the same address type as ++ the first slice in slicesToCreate, and is owned by the same Service. ++ ++ However, we must re-check the lengths of slicesToDelete and slicesToCreate ++ within the loop to avoid an out-of-bounds index in slicesToCreate. ++ */ ++ ++ i := 0 ++ for i < len(slicesToDelete) { ++ // If there is nothing to create, break early + if len(slicesToCreate) == 0 { + break + } +- if slicesToDelete[i].AddressType == slicesToCreate[0].AddressType && ownedBy(slicesToDelete[i], service) { +- slicesToCreate[0].Name = slicesToDelete[i].Name ++ ++ sd := slicesToDelete[i] ++ sc := slicesToCreate[0] // We can safely do this now, because len(slicesToCreate) > 0 ++ ++ // If the address type matches, and the slice is owned by the same Service, ++ // then instead of deleting sd and creating sc, we'll transform it into an update: ++ // we rename sc with sd's name, remove sd from the delete list, remove sc from the create list, ++ // and add sc to the update list. ++ if sd.AddressType == sc.AddressType && ownedBy(sd, service) { ++ sliceToUpdate := sc ++ sliceToUpdate.Name = sd.Name ++ ++ // Remove the first element from slicesToCreate + slicesToCreate = slicesToCreate[1:] +- slicesToUpdate = append(slicesToUpdate, slicesToCreate[0]) ++ ++ // Remove the slice from slicesToDelete + slicesToDelete = append(slicesToDelete[:i], slicesToDelete[i+1:]...) ++ ++ // Now add the renamed slice to the list of slices we want to update ++ slicesToUpdate = append(slicesToUpdate, sliceToUpdate) ++ ++ /* ++ Do not increment i here, because we've just removed an element from ++ slicesToDelete. The next slice to examine is now at the same index i. ++ */ + } else { ++ // If they don't match, move on to the next slice in slicesToDelete. + i++ + } + } + +- // Create the new slices if service is not marked for deletion ++ /* ++ If the Service is not being deleted, create all remaining slices in slicesToCreate. ++ (If the Service has a DeletionTimestamp, it means it is going away, so we do not ++ want to create new EndpointSlices.) ++ */ + if service.DeletionTimestamp == nil { + for _, slice := range slicesToCreate { +- createdSlice, err := c.infraClient.DiscoveryV1().EndpointSlices(slice.Namespace).Create(context.TODO(), slice, metav1.CreateOptions{}) ++ createdSlice, err := c.infraClient.DiscoveryV1().EndpointSlices(slice.Namespace).Create( ++ context.TODO(), ++ slice, ++ metav1.CreateOptions{}, ++ ) + if err != nil { +- klog.Errorf("Failed to create EndpointSlice %s in namespace %s: %v", slice.Name, slice.Namespace, err) ++ klog.Errorf("Failed to create EndpointSlice %s in namespace %s: %v", ++ slice.Name, slice.Namespace, err) ++ // If the namespace is terminating, it's safe to ignore the error. + if k8serrors.HasStatusCause(err, v1.NamespaceTerminatingCause) { +- return nil ++ continue + } + return err + } +- klog.Infof("Created EndpointSlice %s in namespace %s", createdSlice.Name, createdSlice.Namespace) ++ klog.Infof("Created EndpointSlice %s in namespace %s", ++ createdSlice.Name, createdSlice.Namespace) + } + } + +- // Update slices ++ // Update slices that are in the slicesToUpdate list. + for _, slice := range slicesToUpdate { +- _, err := c.infraClient.DiscoveryV1().EndpointSlices(slice.Namespace).Update(context.TODO(), slice, metav1.UpdateOptions{}) ++ _, err := c.infraClient.DiscoveryV1().EndpointSlices(slice.Namespace).Update( ++ context.TODO(), ++ slice, ++ metav1.UpdateOptions{}, ++ ) + if err != nil { +- klog.Errorf("Failed to update EndpointSlice %s in namespace %s: %v", slice.Name, slice.Namespace, err) ++ klog.Errorf("Failed to update EndpointSlice %s in namespace %s: %v", ++ slice.Name, slice.Namespace, err) + return err + } +- klog.Infof("Updated EndpointSlice %s in namespace %s", slice.Name, slice.Namespace) ++ klog.Infof("Updated EndpointSlice %s in namespace %s", ++ slice.Name, slice.Namespace) + } + +- // Delete slices ++ // Finally, delete slices that are in slicesToDelete and are no longer needed. + for _, slice := range slicesToDelete { +- err := c.infraClient.DiscoveryV1().EndpointSlices(slice.Namespace).Delete(context.TODO(), slice.Name, metav1.DeleteOptions{}) ++ err := c.infraClient.DiscoveryV1().EndpointSlices(slice.Namespace).Delete( ++ context.TODO(), ++ slice.Name, ++ metav1.DeleteOptions{}, ++ ) + if err != nil { +- klog.Errorf("Failed to delete EndpointSlice %s in namespace %s: %v", slice.Name, slice.Namespace, err) ++ klog.Errorf("Failed to delete EndpointSlice %s in namespace %s: %v", ++ slice.Name, slice.Namespace, err) + return err + } +- klog.Infof("Deleted EndpointSlice %s in namespace %s", slice.Name, slice.Namespace) ++ klog.Infof("Deleted EndpointSlice %s in namespace %s", ++ slice.Name, slice.Namespace) + } + + return nil +diff --git a/pkg/controller/kubevirteps/kubevirteps_controller_test.go b/pkg/controller/kubevirteps/kubevirteps_controller_test.go +index 1fb86e25f..14d92d340 100644 +--- a/pkg/controller/kubevirteps/kubevirteps_controller_test.go ++++ b/pkg/controller/kubevirteps/kubevirteps_controller_test.go +@@ -13,6 +13,7 @@ import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/util/intstr" ++ "k8s.io/apimachinery/pkg/util/sets" + dfake "k8s.io/client-go/dynamic/fake" + "k8s.io/client-go/kubernetes/fake" + "k8s.io/client-go/testing" +@@ -189,7 +190,7 @@ func setupTestKubevirtEPSController() *testKubevirtEPSController { + }: "VirtualMachineInstanceList", + }) + +- controller := NewKubevirtEPSController(tenantClient, infraClient, infraDynamic, "test") ++ controller := NewKubevirtEPSController(tenantClient, infraClient, infraDynamic, "test", "test-cluster") + + err := controller.Init() + if err != nil { +@@ -686,5 +687,229 @@ var _ = g.Describe("KubevirtEPSController", g.Ordered, func() { + return false, err + }).Should(BeTrue(), "EndpointSlice in infra cluster should be recreated by the controller after deletion") + }) ++ ++ g.It("Should correctly handle multiple unique ports in EndpointSlice", func() { ++ // Create a VMI in the infra cluster ++ createAndAssertVMI("worker-0-test", "ip-10-32-5-13", "123.45.67.89") ++ ++ // Create an EndpointSlice in the tenant cluster ++ createAndAssertTenantSlice("test-epslice", "tenant-service-name", discoveryv1.AddressTypeIPv4, ++ *createPort("http", 80, v1.ProtocolTCP), ++ []discoveryv1.Endpoint{*createEndpoint("123.45.67.89", "worker-0-test", true, true, false)}) ++ ++ // Define multiple ports for the Service ++ servicePorts := []v1.ServicePort{ ++ { ++ Name: "client", ++ Protocol: v1.ProtocolTCP, ++ Port: 10001, ++ TargetPort: intstr.FromInt(30396), ++ NodePort: 30396, ++ }, ++ { ++ Name: "dashboard", ++ Protocol: v1.ProtocolTCP, ++ Port: 8265, ++ TargetPort: intstr.FromInt(31003), ++ NodePort: 31003, ++ }, ++ { ++ Name: "metrics", ++ Protocol: v1.ProtocolTCP, ++ Port: 8080, ++ TargetPort: intstr.FromInt(30452), ++ NodePort: 30452, ++ }, ++ } ++ ++ createAndAssertInfraServiceLB("infra-multiport-service", "tenant-service-name", "test-cluster", ++ servicePorts[0], v1.ServiceExternalTrafficPolicyLocal) ++ ++ svc, err := testVals.infraClient.CoreV1().Services(infraNamespace).Get(context.TODO(), "infra-multiport-service", metav1.GetOptions{}) ++ Expect(err).To(BeNil()) ++ ++ svc.Spec.Ports = servicePorts ++ _, err = testVals.infraClient.CoreV1().Services(infraNamespace).Update(context.TODO(), svc, metav1.UpdateOptions{}) ++ Expect(err).To(BeNil()) ++ ++ var epsListMultiPort *discoveryv1.EndpointSliceList ++ ++ Eventually(func() (bool, error) { ++ epsListMultiPort, err = testVals.infraClient.DiscoveryV1().EndpointSlices(infraNamespace).List(context.TODO(), metav1.ListOptions{}) ++ if len(epsListMultiPort.Items) != 1 { ++ return false, err ++ } ++ ++ createdSlice := epsListMultiPort.Items[0] ++ expectedPortNames := []string{"client", "dashboard", "metrics"} ++ foundPortNames := []string{} ++ ++ for _, port := range createdSlice.Ports { ++ if port.Name != nil { ++ foundPortNames = append(foundPortNames, *port.Name) ++ } ++ } ++ ++ if len(foundPortNames) != len(expectedPortNames) { ++ return false, err ++ } ++ ++ portSet := sets.NewString(foundPortNames...) ++ expectedPortSet := sets.NewString(expectedPortNames...) ++ return portSet.Equal(expectedPortSet), err ++ }).Should(BeTrue(), "EndpointSlice should contain all unique ports from the Service without duplicates") ++ }) ++ ++ g.It("Should not panic when Service changes to have a non-nil selector, causing EndpointSlice deletion with no new slices to create", func() { ++ createAndAssertVMI("worker-0-test", "ip-10-32-5-13", "123.45.67.89") ++ createAndAssertTenantSlice("test-epslice", "tenant-service-name", discoveryv1.AddressTypeIPv4, ++ *createPort("http", 80, v1.ProtocolTCP), ++ []discoveryv1.Endpoint{*createEndpoint("123.45.67.89", "worker-0-test", true, true, false)}) ++ createAndAssertInfraServiceLB("infra-service-no-selector", "tenant-service-name", "test-cluster", ++ v1.ServicePort{ ++ Name: "web", ++ Port: 80, ++ NodePort: 31900, ++ Protocol: v1.ProtocolTCP, ++ TargetPort: intstr.IntOrString{IntVal: 30390}, ++ }, ++ v1.ServiceExternalTrafficPolicyLocal, ++ ) ++ ++ // Wait for the controller to create an EndpointSlice in the infra cluster. ++ var epsList *discoveryv1.EndpointSliceList ++ var err error ++ Eventually(func() (bool, error) { ++ epsList, err = testVals.infraClient.DiscoveryV1().EndpointSlices(infraNamespace). ++ List(context.TODO(), metav1.ListOptions{}) ++ if err != nil { ++ return false, err ++ } ++ // Wait exactly 1 slice ++ if len(epsList.Items) == 1 { ++ return true, nil ++ } ++ return false, nil ++ }).Should(BeTrue(), "Controller should create an EndpointSlice in infra cluster for the LB service") ++ ++ svcWithSelector, err := testVals.infraClient.CoreV1().Services(infraNamespace). ++ Get(context.TODO(), "infra-service-no-selector", metav1.GetOptions{}) ++ Expect(err).To(BeNil()) ++ ++ // Let's set any selector to run the slice deletion logic ++ svcWithSelector.Spec.Selector = map[string]string{"test": "selector-added"} ++ _, err = testVals.infraClient.CoreV1().Services(infraNamespace). ++ Update(context.TODO(), svcWithSelector, metav1.UpdateOptions{}) ++ Expect(err).To(BeNil()) ++ ++ Eventually(func() (bool, error) { ++ epsList, err = testVals.infraClient.DiscoveryV1().EndpointSlices(infraNamespace). ++ List(context.TODO(), metav1.ListOptions{}) ++ if err != nil { ++ return false, err ++ } ++ // We expect that after the update service.EndpointSlice will become 0 ++ if len(epsList.Items) == 0 { ++ return true, nil ++ } ++ return false, nil ++ }).Should(BeTrue(), "Existing EndpointSlice should be removed because Service now has a selector") ++ }) ++ ++ g.It("Should remove EndpointSlices and not recreate them when a previously no-selector Service obtains a selector", func() { ++ testVals.infraClient.Fake.PrependReactor("create", "endpointslices", func(action testing.Action) (bool, runtime.Object, error) { ++ createAction := action.(testing.CreateAction) ++ slice := createAction.GetObject().(*discoveryv1.EndpointSlice) ++ if slice.Name == "" && slice.GenerateName != "" { ++ slice.Name = slice.GenerateName + "-fake001" ++ } ++ return false, slice, nil ++ }) ++ ++ createAndAssertVMI("worker-0-test", "ip-10-32-5-13", "123.45.67.89") ++ ++ createAndAssertTenantSlice("test-epslice", "tenant-service-name", discoveryv1.AddressTypeIPv4, ++ *createPort("http", 80, v1.ProtocolTCP), ++ []discoveryv1.Endpoint{ ++ *createEndpoint("123.45.67.89", "worker-0-test", true, true, false), ++ }, ++ ) ++ ++ noSelectorSvcName := "svc-without-selector" ++ svc := &v1.Service{ ++ ObjectMeta: metav1.ObjectMeta{ ++ Name: noSelectorSvcName, ++ Namespace: infraNamespace, ++ Labels: map[string]string{ ++ kubevirt.TenantServiceNameLabelKey: "tenant-service-name", ++ kubevirt.TenantServiceNamespaceLabelKey: tenantNamespace, ++ kubevirt.TenantClusterNameLabelKey: "test-cluster", ++ }, ++ }, ++ Spec: v1.ServiceSpec{ ++ Ports: []v1.ServicePort{ ++ { ++ Name: "web", ++ Port: 80, ++ NodePort: 31900, ++ Protocol: v1.ProtocolTCP, ++ TargetPort: intstr.IntOrString{IntVal: 30390}, ++ }, ++ }, ++ Type: v1.ServiceTypeLoadBalancer, ++ ExternalTrafficPolicy: v1.ServiceExternalTrafficPolicyLocal, ++ }, ++ } ++ ++ _, err := testVals.infraClient.CoreV1().Services(infraNamespace).Create(context.TODO(), svc, metav1.CreateOptions{}) ++ Expect(err).To(BeNil()) ++ ++ Eventually(func() (bool, error) { ++ epsList, err := testVals.infraClient.DiscoveryV1().EndpointSlices(infraNamespace). ++ List(context.TODO(), metav1.ListOptions{}) ++ if err != nil { ++ return false, err ++ } ++ return len(epsList.Items) == 1, nil ++ }).Should(BeTrue(), "Controller should create an EndpointSlice in infra cluster for the no-selector LB service") ++ ++ svcWithSelector, err := testVals.infraClient.CoreV1().Services(infraNamespace).Get( ++ context.TODO(), noSelectorSvcName, metav1.GetOptions{}) ++ Expect(err).To(BeNil()) ++ ++ svcWithSelector.Spec.Selector = map[string]string{"app": "test-value"} ++ _, err = testVals.infraClient.CoreV1().Services(infraNamespace). ++ Update(context.TODO(), svcWithSelector, metav1.UpdateOptions{}) ++ Expect(err).To(BeNil()) ++ ++ Eventually(func() (bool, error) { ++ epsList, err := testVals.infraClient.DiscoveryV1().EndpointSlices(infraNamespace). ++ List(context.TODO(), metav1.ListOptions{}) ++ if err != nil { ++ return false, err ++ } ++ return len(epsList.Items) == 0, nil ++ }).Should(BeTrue(), "All EndpointSlices should be removed after Service acquires a selector (no new slices created)") ++ }) ++ ++ g.It("Should ignore Services from a different cluster", func() { ++ // Create a Service with cluster label "other-cluster" ++ svc := createInfraServiceLB("infra-service-conflict", "tenant-service-name", "other-cluster", ++ v1.ServicePort{Name: "web", Port: 80, NodePort: 31900, Protocol: v1.ProtocolTCP, TargetPort: intstr.IntOrString{IntVal: 30390}}, ++ v1.ServiceExternalTrafficPolicyLocal) ++ _, err := testVals.infraClient.CoreV1().Services(infraNamespace).Create(context.TODO(), svc, metav1.CreateOptions{}) ++ Expect(err).To(BeNil()) ++ ++ // The controller should ignore this Service, so no EndpointSlice should be created. ++ Eventually(func() (bool, error) { ++ epsList, err := testVals.infraClient.DiscoveryV1().EndpointSlices(infraNamespace).List(context.TODO(), metav1.ListOptions{}) ++ if err != nil { ++ return false, err ++ } ++ // Expect zero slices since cluster label does not match "test-cluster" ++ return len(epsList.Items) == 0, nil ++ }).Should(BeTrue(), "Services with a different cluster label should be ignored") ++ }) ++ + }) + }) diff --git a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag index 290d4db7..92986060 100644 --- a/packages/apps/kubernetes/images/kubevirt-csi-driver.tag +++ b/packages/apps/kubernetes/images/kubevirt-csi-driver.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.15.2@sha256:cb4ab74099662f73e058f7c7495fb403488622c3425c06ad23b687bfa8bc805b +ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.17.1@sha256:1a6605d3bff6342e12bcc257e852a4f89e97e8af6d3d259930ec07c7ad5f001d diff --git a/packages/apps/kubernetes/images/ubuntu-container-disk.tag b/packages/apps/kubernetes/images/ubuntu-container-disk.tag index 175160b9..5c36c7ea 100644 --- a/packages/apps/kubernetes/images/ubuntu-container-disk.tag +++ b/packages/apps/kubernetes/images/ubuntu-container-disk.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.30.1@sha256:bc08ea0ced2cb7dd98b26d72a9462fc0a3863adb908a5effbfcdf7227656ea65 +ghcr.io/cozystack/cozystack/ubuntu-container-disk:v1.30.1@sha256:07392e7a87a3d4ef1c86c1b146e6c5de5c2b524aed5a53bf48870dc8a296f99a diff --git a/packages/apps/kubernetes/values.yaml b/packages/apps/kubernetes/values.yaml index e195b9b9..c6982dab 100644 --- a/packages/apps/kubernetes/values.yaml +++ b/packages/apps/kubernetes/values.yaml @@ -85,7 +85,7 @@ kamajiControlPlane: # memory: 512Mi ## @param kamajiControlPlane.apiServer.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). - resourcesPreset: "micro" + resourcesPreset: "small" controllerManager: ## @param kamajiControlPlane.controllerManager.resources Resources diff --git a/packages/apps/mysql/images/mariadb-backup.tag b/packages/apps/mysql/images/mariadb-backup.tag index 20c4c5aa..ad22d940 100644 --- a/packages/apps/mysql/images/mariadb-backup.tag +++ b/packages/apps/mysql/images/mariadb-backup.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/mariadb-backup:0.5.3@sha256:8ca1fb01e880d351ee7d984a0b437c1142836963cd079986156ed28750067138 +ghcr.io/cozystack/cozystack/mariadb-backup:0.6.0@sha256:cfd1c37d8ad24e10681d82d6e6ce8a641b4602c1b0ffa8516ae15b4958bb12d4 diff --git a/packages/apps/postgres/images/postgres-backup.tag b/packages/apps/postgres/images/postgres-backup.tag index f0446d42..631a088b 100644 --- a/packages/apps/postgres/images/postgres-backup.tag +++ b/packages/apps/postgres/images/postgres-backup.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/postgres-backup:0.9.0@sha256:2b6ba87f5688a439bd2ac12835a5ab9e601feb15c0c44ed0d9ca48cec7c52521 +ghcr.io/cozystack/cozystack/postgres-backup:0.10.0@sha256:10179ed56457460d95cd5708db2a00130901255fa30c4dd76c65d2ef5622b61f diff --git a/packages/apps/versions_map b/packages/apps/versions_map index f96e27b3..9812a49d 100644 --- a/packages/apps/versions_map +++ b/packages/apps/versions_map @@ -1,157 +1,159 @@ bucket 0.1.0 HEAD -clickhouse 0.1.0 ca79f72 -clickhouse 0.2.0 7cd7de73 -clickhouse 0.2.1 5ca8823 -clickhouse 0.3.0 b00621e -clickhouse 0.4.0 320fc32 -clickhouse 0.5.0 2a4768a5 -clickhouse 0.6.0 18bbdb67 -clickhouse 0.6.1 b7375f73 -clickhouse 0.6.2 425ce77f +clickhouse 0.1.0 f7eaab0a +clickhouse 0.2.0 53f2365e +clickhouse 0.2.1 dfbc210b +clickhouse 0.3.0 6c5cf5bf +clickhouse 0.4.0 b40e1b09 +clickhouse 0.5.0 0f312d5c +clickhouse 0.6.0 1ec10165 +clickhouse 0.6.1 c62a83a7 +clickhouse 0.6.2 8267072d clickhouse 0.7.0 HEAD -ferretdb 0.1.0 4ffa8615 -ferretdb 0.1.1 5ca8823 -ferretdb 0.2.0 adaf603 -ferretdb 0.3.0 aa2f553 -ferretdb 0.4.0 def2eb0f -ferretdb 0.4.1 a9555210 -ferretdb 0.4.2 425ce77f +ferretdb 0.1.0 e9716091 +ferretdb 0.1.1 91b0499a +ferretdb 0.2.0 6c5cf5bf +ferretdb 0.3.0 b8e33d19 +ferretdb 0.4.0 b40e1b09 +ferretdb 0.4.1 1ec10165 +ferretdb 0.4.2 8267072d ferretdb 0.5.0 HEAD -http-cache 0.1.0 a956713 -http-cache 0.2.0 5ca8823 -http-cache 0.3.0 fab5940 -http-cache 0.3.1 fab5940b +http-cache 0.1.0 263e47be +http-cache 0.2.0 53f2365e +http-cache 0.3.0 6c5cf5bf +http-cache 0.3.1 0f312d5c http-cache 0.4.0 HEAD -kafka 0.1.0 760f86d2 -kafka 0.2.0 a2cc83d -kafka 0.2.1 3ac17018 -kafka 0.2.2 d0758692 -kafka 0.2.3 5ca8823 -kafka 0.3.0 c07c4bbd -kafka 0.3.1 b7375f73 -kafka 0.3.2 b75aaf17 -kafka 0.3.3 425ce77f -kafka 0.4.0 0e10f952 +kafka 0.1.0 f7eaab0a +kafka 0.2.0 c0685f43 +kafka 0.2.1 dfbc210b +kafka 0.2.2 e9716091 +kafka 0.2.3 91b0499a +kafka 0.3.0 6c5cf5bf +kafka 0.3.1 c62a83a7 +kafka 0.3.2 93c46161 +kafka 0.3.3 8267072d +kafka 0.4.0 85ec09b8 kafka 0.5.0 HEAD -kubernetes 0.1.0 f642698 -kubernetes 0.2.0 7cd7de73 -kubernetes 0.3.0 7caccec1 -kubernetes 0.4.0 6cae6ce8 -kubernetes 0.5.0 6bd2d455 -kubernetes 0.6.0 4cbc8a2c -kubernetes 0.7.0 ceefae03 +kubernetes 0.1.0 263e47be +kubernetes 0.2.0 53f2365e +kubernetes 0.3.0 007d414f +kubernetes 0.4.0 d7cfa53c +kubernetes 0.5.0 dfbc210b +kubernetes 0.6.0 5bbc488e +kubernetes 0.7.0 e9716091 kubernetes 0.8.0 ac11056e -kubernetes 0.8.1 e54608d8 -kubernetes 0.8.2 5ca8823 -kubernetes 0.9.0 9b6dd19 -kubernetes 0.10.0 ac5c38b -kubernetes 0.11.0 4eaca42 -kubernetes 0.11.1 4f430a90 -kubernetes 0.12.0 74649f8 -kubernetes 0.12.1 28fca4e -kubernetes 0.13.0 ced8e5b9 +kubernetes 0.8.1 366bcafc +kubernetes 0.8.2 f81be075 +kubernetes 0.9.0 6c5cf5bf +kubernetes 0.10.0 b8e33d19 +kubernetes 0.11.0 4b90bf5a +kubernetes 0.11.1 5fb9cfe3 +kubernetes 0.12.0 bb985806 +kubernetes 0.12.1 28fca4ef +kubernetes 0.13.0 1ec10165 kubernetes 0.14.0 bfbde07c -kubernetes 0.14.1 fde4bcfa -kubernetes 0.15.0 cb7b8158 -kubernetes 0.15.1 43e593c7 -kubernetes 0.15.2 43e593c7 -kubernetes 0.16.0 3d03b227 -kubernetes 0.17.0 HEAD -mysql 0.1.0 f642698 -mysql 0.2.0 8b975ff0 -mysql 0.3.0 5ca8823 -mysql 0.4.0 93018c4 -mysql 0.5.0 4b84798 -mysql 0.5.1 fab5940b -mysql 0.5.2 d8a92aa3 -mysql 0.5.3 425ce77f +kubernetes 0.14.1 898374b5 +kubernetes 0.15.0 4e68e65c +kubernetes 0.15.1 160e4e2a +kubernetes 0.15.2 8267072d +kubernetes 0.16.0 077045b0 +kubernetes 0.17.0 1fbbfcd0 +kubernetes 0.17.1 HEAD +mysql 0.1.0 263e47be +mysql 0.2.0 c24a103f +mysql 0.3.0 53f2365e +mysql 0.4.0 6c5cf5bf +mysql 0.5.0 b40e1b09 +mysql 0.5.1 0f312d5c +mysql 0.5.2 1ec10165 +mysql 0.5.3 8267072d mysql 0.6.0 HEAD -nats 0.1.0 5ca8823 -nats 0.2.0 c07c4bbd +nats 0.1.0 e9716091 +nats 0.2.0 6c5cf5bf nats 0.3.0 78366f19 -nats 0.3.1 b7375f73 -nats 0.4.0 da1e705a -nats 0.4.1 425ce77f +nats 0.3.1 c62a83a7 +nats 0.4.0 898374b5 +nats 0.4.1 8267072d nats 0.5.0 HEAD -postgres 0.1.0 f642698 -postgres 0.2.0 7cd7de73 -postgres 0.2.1 4a97e297 -postgres 0.3.0 995dea6f -postgres 0.4.0 ec283c33 -postgres 0.4.1 5ca8823 -postgres 0.5.0 c07c4bbd -postgres 0.6.0 2a4768a -postgres 0.6.2 54fd61c -postgres 0.7.0 dc9d8bb -postgres 0.7.1 175a65f -postgres 0.8.0 cb7b8158 -postgres 0.9.0 160e4e2a +postgres 0.1.0 263e47be +postgres 0.2.0 53f2365e +postgres 0.2.1 d7cfa53c +postgres 0.3.0 dfbc210b +postgres 0.4.0 e9716091 +postgres 0.4.1 91b0499a +postgres 0.5.0 6c5cf5bf +postgres 0.6.0 b40e1b09 +postgres 0.6.2 0f312d5c +postgres 0.7.0 4b90bf5a +postgres 0.7.1 1ec10165 +postgres 0.8.0 4e68e65c +postgres 0.9.0 8267072d postgres 0.10.0 HEAD -rabbitmq 0.1.0 f642698 -rabbitmq 0.2.0 5ca8823 -rabbitmq 0.3.0 9e33dc0 -rabbitmq 0.4.0 36d8855 -rabbitmq 0.4.1 35536bb -rabbitmq 0.4.2 00b2834e -rabbitmq 0.4.3 d8a92aa3 -rabbitmq 0.4.4 425ce77f +rabbitmq 0.1.0 263e47be +rabbitmq 0.2.0 53f2365e +rabbitmq 0.3.0 6c5cf5bf +rabbitmq 0.4.0 b40e1b09 +rabbitmq 0.4.1 1128d0cb +rabbitmq 0.4.2 4b90bf5a +rabbitmq 0.4.3 1ec10165 +rabbitmq 0.4.4 8267072d rabbitmq 0.5.0 HEAD -redis 0.1.1 f642698 -redis 0.2.0 5ca8823 -redis 0.3.0 c07c4bbd -redis 0.3.1 b7375f73 -redis 0.4.0 abc8f082 -redis 0.5.0 0e728870 +redis 0.1.1 263e47be +redis 0.2.0 53f2365e +redis 0.3.0 6c5cf5bf +redis 0.3.1 c62a83a7 +redis 0.4.0 84f3ccc0 +redis 0.5.0 4e68e65c redis 0.6.0 HEAD -tcp-balancer 0.1.0 f642698 -tcp-balancer 0.2.0 a9567139 +tcp-balancer 0.1.0 263e47be +tcp-balancer 0.2.0 53f2365e tcp-balancer 0.3.0 HEAD -tenant 0.1.3 3d1b86c -tenant 0.1.4 d200480 -tenant 0.1.5 e3ab858 -tenant 1.0.0 7cd7de7 -tenant 1.1.0 4da8ac3b -tenant 1.2.0 15478a88 -tenant 1.3.0 ceefae03 -tenant 1.3.1 c56e5769 -tenant 1.4.0 94c688f7 -tenant 1.5.0 48128743 +tenant 0.1.4 afc997ef +tenant 0.1.5 e3ab858a +tenant 1.0.0 263e47be +tenant 1.1.0 c0685f43 +tenant 1.2.0 dfbc210b +tenant 1.3.0 e9716091 +tenant 1.3.1 91b0499a +tenant 1.4.0 71514249 +tenant 1.5.0 1ec10165 tenant 1.6.0 df448b99 -tenant 1.6.1 edbbb9be -tenant 1.6.2 ccedc5fe +tenant 1.6.1 c62a83a7 +tenant 1.6.2 898374b5 tenant 1.6.3 2057bb96 -tenant 1.6.4 3c9e50a4 -tenant 1.6.5 f1e11451 -tenant 1.6.6 d4634797 -tenant 1.6.7 06afcf27 -tenant 1.6.8 4cc48e6f -tenant 1.7.0 6c73e3f3 -tenant 1.8.0 e2369ba -tenant 1.9.0 43e593c7 +tenant 1.6.4 84f3ccc0 +tenant 1.6.5 fde4bcfa +tenant 1.6.6 4e68e65c +tenant 1.6.7 0ab39f20 +tenant 1.6.8 bc95159a +tenant 1.7.0 24fa7222 +tenant 1.8.0 160e4e2a +tenant 1.9.0 728743db tenant 1.9.1 HEAD -virtual-machine 0.1.4 f2015d6 -virtual-machine 0.1.5 7cd7de7 -virtual-machine 0.2.0 5ca8823 -virtual-machine 0.3.0 b908400 -virtual-machine 0.4.0 4746d51 -virtual-machine 0.5.0 cad9cde -virtual-machine 0.6.0 0e728870 -virtual-machine 0.6.1 af58018a -virtual-machine 0.7.0 af58018a -virtual-machine 0.7.1 05857b95 -virtual-machine 0.8.0 3fa4dd3 -virtual-machine 0.8.1 3fa4dd3a -virtual-machine 0.8.2 HEAD -vm-disk 0.1.0 HEAD -vm-instance 0.1.0 ced8e5b9 -vm-instance 0.2.0 4f767ee3 -vm-instance 0.3.0 0e728870 -vm-instance 0.4.0 af58018a -vm-instance 0.4.1 05857b95 -vm-instance 0.5.0 3fa4dd3 -vm-instance 0.5.1 HEAD -vpn 0.1.0 f642698 -vpn 0.2.0 7151424 -vpn 0.3.0 a2bcf100 -vpn 0.3.1 f7220f19 +virtual-machine 0.1.4 f2015d65 +virtual-machine 0.1.5 263e47be +virtual-machine 0.2.0 c0685f43 +virtual-machine 0.3.0 6c5cf5bf +virtual-machine 0.4.0 b8e33d19 +virtual-machine 0.5.0 1ec10165 +virtual-machine 0.6.0 4e68e65c +virtual-machine 0.7.0 e23286a3 +virtual-machine 0.7.1 0ab39f20 +virtual-machine 0.8.0 3fa4dd3a +virtual-machine 0.8.1 93c46161 +virtual-machine 0.8.2 de19450f +virtual-machine 0.9.0 HEAD +vm-disk 0.1.0 d971f2ff +vm-disk 0.1.1 HEAD +vm-instance 0.1.0 1ec10165 +vm-instance 0.2.0 84f3ccc0 +vm-instance 0.3.0 4e68e65c +vm-instance 0.4.0 e23286a3 +vm-instance 0.4.1 0ab39f20 +vm-instance 0.5.0 3fa4dd3a +vm-instance 0.5.1 de19450f +vm-instance 0.6.0 HEAD +vpn 0.1.0 263e47be +vpn 0.2.0 53f2365e +vpn 0.3.0 6c5cf5bf +vpn 0.3.1 1ec10165 vpn 0.4.0 HEAD diff --git a/packages/apps/virtual-machine/Chart.yaml b/packages/apps/virtual-machine/Chart.yaml index 22fb1c8c..b4ad45b5 100644 --- a/packages/apps/virtual-machine/Chart.yaml +++ b/packages/apps/virtual-machine/Chart.yaml @@ -17,10 +17,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.8.2 +version: 0.9.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.8.2" +appVersion: 0.9.0 diff --git a/packages/apps/virtual-machine/Makefile b/packages/apps/virtual-machine/Makefile index 567a3813..f3de3546 100644 --- a/packages/apps/virtual-machine/Makefile +++ b/packages/apps/virtual-machine/Makefile @@ -2,6 +2,7 @@ include ../../../scripts/package.mk generate: readme-generator -v values.yaml -s values.schema.json -r README.md + yq -o json -i '.properties.gpus.items.type = "object" | .properties.gpus.default = []' values.schema.json INSTANCE_TYPES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/instancetypes.yaml | yq 'split(" ") | . + [""]' -o json) \ && yq -i -o json ".properties.instanceType.optional=true | .properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json PREFERENCES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/preferences.yaml | yq 'split(" ") | . + [""]' -o json) \ diff --git a/packages/apps/virtual-machine/README.md b/packages/apps/virtual-machine/README.md index 29b22401..bb33570b 100644 --- a/packages/apps/virtual-machine/README.md +++ b/packages/apps/virtual-machine/README.md @@ -36,22 +36,23 @@ virtctl ssh @ ### Common parameters -| Name | Description | Value | -| ------------------------- | ---------------------------------------------------------------------------------------------------------- | ---------------- | -| `external` | Enable external access from outside the cluster | `false` | -| `externalMethod` | specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList` | `WholeIP` | -| `externalPorts` | Specify ports to forward from outside the cluster | `[]` | -| `running` | Determines if the virtual machine should be running | `true` | -| `instanceType` | Virtual Machine instance type | `u1.medium` | -| `instanceProfile` | Virtual Machine prefferences profile | `ubuntu` | -| `systemDisk.image` | The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos` | `ubuntu` | -| `systemDisk.storage` | The size of the disk allocated for the virtual machine | `5Gi` | -| `systemDisk.storageClass` | StorageClass used to store the data | `replicated` | -| `resources.cpu` | The number of CPU cores allocated to the virtual machine | `""` | -| `resources.memory` | The amount of memory allocated to the virtual machine | `""` | -| `sshKeys` | List of SSH public keys for authentication. Can be a single key or a list of keys. | `[]` | -| `cloudInit` | cloud-init user data config. See cloud-init documentation for more details. | `#cloud-config -` | +| Name | Description | Value | +| ------------------------- | ---------------------------------------------------------------------------------------------------------- | ------------ | +| `external` | Enable external access from outside the cluster | `false` | +| `externalMethod` | specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList` | `WholeIP` | +| `externalPorts` | Specify ports to forward from outside the cluster | `[]` | +| `running` | Determines if the virtual machine should be running | `true` | +| `instanceType` | Virtual Machine instance type | `u1.medium` | +| `instanceProfile` | Virtual Machine preferences profile | `ubuntu` | +| `systemDisk.image` | The base image for the virtual machine. Allowed values: `ubuntu`, `cirros`, `alpine`, `fedora` and `talos` | `ubuntu` | +| `systemDisk.storage` | The size of the disk allocated for the virtual machine | `5Gi` | +| `systemDisk.storageClass` | StorageClass used to store the data | `replicated` | +| `gpus` | List of GPUs to attach | `[]` | +| `resources.cpu` | The number of CPU cores allocated to the virtual machine | `""` | +| `resources.memory` | The amount of memory allocated to the virtual machine | `""` | +| `sshKeys` | List of SSH public keys for authentication. Can be a single key or a list of keys. | `[]` | +| `cloudInit` | cloud-init user data config. See cloud-init documentation for more details. | `""` | +| `cloudInitSeed` | A seed string to generate an SMBIOS UUID for the VM. | `""` | ## U Series diff --git a/packages/apps/virtual-machine/templates/_helpers.tpl b/packages/apps/virtual-machine/templates/_helpers.tpl index 671b8934..f3ade695 100644 --- a/packages/apps/virtual-machine/templates/_helpers.tpl +++ b/packages/apps/virtual-machine/templates/_helpers.tpl @@ -49,3 +49,23 @@ Selector labels app.kubernetes.io/name: {{ include "virtual-machine.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + +{{/* +Generate a stable UUID for cloud-init re-initialization upon upgrade. +*/}} +{{- define "virtual-machine.stableUuid" -}} +{{- $source := printf "%s-%s-%s" .Release.Namespace (include "virtual-machine.fullname" .) .Values.cloudInitSeed }} +{{- $hash := sha256sum $source }} +{{- $uuid := printf "%s-%s-4%s-9%s-%s" (substr 0 8 $hash) (substr 8 12 $hash) (substr 13 16 $hash) (substr 17 20 $hash) (substr 20 32 $hash) }} +{{- if eq .Values.cloudInitSeed "" }} + {{- /* Try to save previous uuid to not trigger full cloud-init again if user decided to remove the seed. */}} + {{- $vmResource := lookup "kubevirt.io/v1" "VirtualMachine" .Release.Namespace (include "virtual-machine.fullname" .) -}} + {{- if $vmResource }} + {{- $existingUuid := $vmResource | dig "spec" "template" "spec" "domain" "firmware" "uuid" "" }} + {{- if $existingUuid }} + {{- $uuid = $existingUuid }} + {{- end }} + {{- end }} +{{- end }} +{{- $uuid }} +{{- end }} diff --git a/packages/apps/virtual-machine/templates/vm.yaml b/packages/apps/virtual-machine/templates/vm.yaml index d952483e..67f192e7 100644 --- a/packages/apps/virtual-machine/templates/vm.yaml +++ b/packages/apps/virtual-machine/templates/vm.yaml @@ -68,7 +68,15 @@ spec: requests: memory: {{ .Values.resources.memory | quote }} {{- end }} + firmware: + uuid: {{ include "virtual-machine.stableUuid" . }} devices: + {{- if .Values.gpus }} + gpus: + {{- range $i, $gpu := .Values.gpus }} + - deviceName: {{ $gpu.name }} + {{- end }} + {{- end }} disks: - disk: bus: scsi @@ -90,6 +98,7 @@ spec: secret: secretName: {{ include "virtual-machine.fullname" $ }}-ssh-keys propagationMethod: + # keys will be injected into metadata part of cloud-init disk noCloud: {} {{- end }} terminationGracePeriodSeconds: 30 @@ -100,8 +109,14 @@ spec: {{- if or .Values.sshKeys .Values.cloudInit }} - name: cloudinitdisk cloudInitNoCloud: + {{- if .Values.cloudInit }} secretRef: name: {{ include "virtual-machine.fullname" . }}-cloud-init + {{- else }} + userData: | + #cloud-config + final_message: Cloud-init user-data was left blank intentionally. + {{- end }} {{- end }} networks: - name: default diff --git a/packages/apps/virtual-machine/values.schema.json b/packages/apps/virtual-machine/values.schema.json index 02b60675..861d4da4 100644 --- a/packages/apps/virtual-machine/values.schema.json +++ b/packages/apps/virtual-machine/values.schema.json @@ -88,7 +88,7 @@ }, "instanceProfile": { "type": "string", - "description": "Virtual Machine prefferences profile", + "description": "Virtual Machine preferences profile", "default": "ubuntu", "optional": true, "enum": [ @@ -164,6 +164,14 @@ } } }, + "gpus": { + "type": "array", + "description": "List of GPUs to attach", + "default": [], + "items": { + "type": "object" + } + }, "resources": { "type": "object", "properties": { @@ -190,7 +198,12 @@ "cloudInit": { "type": "string", "description": "cloud-init user data config. See cloud-init documentation for more details.", - "default": "#cloud-config\n" + "default": "" + }, + "cloudInitSeed": { + "type": "string", + "description": "A seed string to generate an SMBIOS UUID for the VM.", + "default": "" } } } diff --git a/packages/apps/virtual-machine/values.yaml b/packages/apps/virtual-machine/values.yaml index 0d651378..6cccbad1 100644 --- a/packages/apps/virtual-machine/values.yaml +++ b/packages/apps/virtual-machine/values.yaml @@ -12,7 +12,7 @@ externalPorts: running: true ## @param instanceType Virtual Machine instance type -## @param instanceProfile Virtual Machine prefferences profile +## @param instanceProfile Virtual Machine preferences profile ## instanceType: "u1.medium" instanceProfile: ubuntu @@ -26,6 +26,12 @@ systemDisk: storage: 5Gi storageClass: replicated +## @param gpus [array] List of GPUs to attach +## Example: +## gpus: +## - name: nvidia.com/GA102GL_A10 +gpus: [] + ## @param resources.cpu The number of CPU cores allocated to the virtual machine ## @param resources.memory The amount of memory allocated to the virtual machine resources: @@ -49,5 +55,13 @@ sshKeys: [] ## password: ubuntu ## chpasswd: { expire: False } ## -cloudInit: | - #cloud-config +cloudInit: "" + +## @param cloudInitSeed A seed string to generate an SMBIOS UUID for the VM. +cloudInitSeed: "" +## Change it to any new value to force a full cloud-init reconfiguration. Change it when you want to apply +## to an existing VM settings that are usually written only once, like new SSH keys or new network configuration. +## An empty value does nothing (and the existing UUID is not reverted). Please note that changing this value +## does not trigger a VM restart. You must perform the restart separately. +## Example: +## cloudInitSeed: "upd1" diff --git a/packages/apps/vm-disk/Chart.yaml b/packages/apps/vm-disk/Chart.yaml index 19b39328..9c112064 100644 --- a/packages/apps/vm-disk/Chart.yaml +++ b/packages/apps/vm-disk/Chart.yaml @@ -16,10 +16,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 0.1.0 +appVersion: 0.1.1 diff --git a/packages/apps/vm-disk/templates/dv.yaml b/packages/apps/vm-disk/templates/dv.yaml index acfbbda3..06b5e4dc 100644 --- a/packages/apps/vm-disk/templates/dv.yaml +++ b/packages/apps/vm-disk/templates/dv.yaml @@ -3,7 +3,9 @@ apiVersion: cdi.kubevirt.io/v1beta1 kind: DataVolume metadata: annotations: + {{- if hasKey .Values.source "upload" }} cdi.kubevirt.io/storage.bind.immediate.requested: "" + {{- end }} vm-disk.cozystack.io/optical: "{{ .Values.optical }}" name: {{ .Release.Name }} spec: diff --git a/packages/apps/vm-instance/Chart.yaml b/packages/apps/vm-instance/Chart.yaml index a54c1d39..5f70145f 100644 --- a/packages/apps/vm-instance/Chart.yaml +++ b/packages/apps/vm-instance/Chart.yaml @@ -17,10 +17,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.5.1 +version: 0.6.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.5.1" +appVersion: 0.6.0 diff --git a/packages/apps/vm-instance/Makefile b/packages/apps/vm-instance/Makefile index a9aee79c..5b2aebab 100644 --- a/packages/apps/vm-instance/Makefile +++ b/packages/apps/vm-instance/Makefile @@ -3,6 +3,7 @@ include ../../../scripts/package.mk generate: readme-generator -v values.yaml -s values.schema.json -r README.md yq -o json -i '.properties.disks.items.type = "object" | .properties.disks.default = []' values.schema.json + yq -o json -i '.properties.gpus.items.type = "object" | .properties.gpus.default = []' values.schema.json INSTANCE_TYPES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/instancetypes.yaml | yq 'split(" ") | . + [""]' -o json) \ && yq -i -o json ".properties.instanceType.optional=true | .properties.instanceType.enum = $${INSTANCE_TYPES}" values.schema.json PREFERENCES=$$(yq e '.metadata.name' -o=json -r ../../system/kubevirt-instancetypes/templates/preferences.yaml | yq 'split(" ") | . + [""]' -o json) \ diff --git a/packages/apps/vm-instance/README.md b/packages/apps/vm-instance/README.md index 53d9f614..273c1f15 100644 --- a/packages/apps/vm-instance/README.md +++ b/packages/apps/vm-instance/README.md @@ -36,20 +36,21 @@ virtctl ssh @ ### Common parameters -| Name | Description | Value | -| ------------------ | ---------------------------------------------------------------------------------------------------------- | ---------------- | -| `external` | Enable external access from outside the cluster | `false` | -| `externalMethod` | specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList` | `WholeIP` | -| `externalPorts` | Specify ports to forward from outside the cluster | `[]` | -| `running` | Determines if the virtual machine should be running | `true` | -| `instanceType` | Virtual Machine instance type | `u1.medium` | -| `instanceProfile` | Virtual Machine prefferences profile | `ubuntu` | -| `disks` | List of disks to attach | `[]` | -| `resources.cpu` | The number of CPU cores allocated to the virtual machine | `""` | -| `resources.memory` | The amount of memory allocated to the virtual machine | `""` | -| `sshKeys` | List of SSH public keys for authentication. Can be a single key or a list of keys. | `[]` | -| `cloudInit` | cloud-init user data config. See cloud-init documentation for more details. | `#cloud-config -` | +| Name | Description | Value | +| ------------------ | ---------------------------------------------------------------------------------------------------------- | ----------- | +| `external` | Enable external access from outside the cluster | `false` | +| `externalMethod` | specify method to passthrough the traffic to the virtual machine. Allowed values: `WholeIP` and `PortList` | `WholeIP` | +| `externalPorts` | Specify ports to forward from outside the cluster | `[]` | +| `running` | Determines if the virtual machine should be running | `true` | +| `instanceType` | Virtual Machine instance type | `u1.medium` | +| `instanceProfile` | Virtual Machine preferences profile | `ubuntu` | +| `disks` | List of disks to attach | `[]` | +| `gpus` | List of GPUs to attach | `[]` | +| `resources.cpu` | The number of CPU cores allocated to the virtual machine | `""` | +| `resources.memory` | The amount of memory allocated to the virtual machine | `""` | +| `sshKeys` | List of SSH public keys for authentication. Can be a single key or a list of keys. | `[]` | +| `cloudInit` | cloud-init user data config. See cloud-init documentation for more details. | `""` | +| `cloudInitSeed` | A seed string to generate an SMBIOS UUID for the VM. | `""` | ## U Series diff --git a/packages/apps/vm-instance/templates/_helpers.tpl b/packages/apps/vm-instance/templates/_helpers.tpl index 671b8934..f3ade695 100644 --- a/packages/apps/vm-instance/templates/_helpers.tpl +++ b/packages/apps/vm-instance/templates/_helpers.tpl @@ -49,3 +49,23 @@ Selector labels app.kubernetes.io/name: {{ include "virtual-machine.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + +{{/* +Generate a stable UUID for cloud-init re-initialization upon upgrade. +*/}} +{{- define "virtual-machine.stableUuid" -}} +{{- $source := printf "%s-%s-%s" .Release.Namespace (include "virtual-machine.fullname" .) .Values.cloudInitSeed }} +{{- $hash := sha256sum $source }} +{{- $uuid := printf "%s-%s-4%s-9%s-%s" (substr 0 8 $hash) (substr 8 12 $hash) (substr 13 16 $hash) (substr 17 20 $hash) (substr 20 32 $hash) }} +{{- if eq .Values.cloudInitSeed "" }} + {{- /* Try to save previous uuid to not trigger full cloud-init again if user decided to remove the seed. */}} + {{- $vmResource := lookup "kubevirt.io/v1" "VirtualMachine" .Release.Namespace (include "virtual-machine.fullname" .) -}} + {{- if $vmResource }} + {{- $existingUuid := $vmResource | dig "spec" "template" "spec" "domain" "firmware" "uuid" "" }} + {{- if $existingUuid }} + {{- $uuid = $existingUuid }} + {{- end }} + {{- end }} +{{- end }} +{{- $uuid }} +{{- end }} diff --git a/packages/apps/vm-instance/templates/dashboard-resourcemap.yaml b/packages/apps/vm-instance/templates/dashboard-resourcemap.yaml index e1b7242b..d735b5c3 100644 --- a/packages/apps/vm-instance/templates/dashboard-resourcemap.yaml +++ b/packages/apps/vm-instance/templates/dashboard-resourcemap.yaml @@ -22,5 +22,5 @@ spec: kind: virtual-machine type: virtual-machine selector: - vm.kubevirt.io/name: {{ $.Release.Name }} + {{- include "virtual-machine.selectorLabels" . | nindent 4 }} version: {{ $.Chart.Version }} diff --git a/packages/apps/vm-instance/templates/vm.yaml b/packages/apps/vm-instance/templates/vm.yaml index 843ae221..4a8ed2a4 100644 --- a/packages/apps/vm-instance/templates/vm.yaml +++ b/packages/apps/vm-instance/templates/vm.yaml @@ -1,8 +1,8 @@ {{- if and .Values.instanceType (not (lookup "instancetype.kubevirt.io/v1beta1" "VirtualMachineClusterInstancetype" "" .Values.instanceType)) }} -{{- fail (printf "Specified instancetype not exists in cluster: %s" .Values.instanceType) }} +{{- fail (printf "Specified instanceType does not exist in the cluster: %s" .Values.instanceType) }} {{- end }} {{- if and .Values.instanceProfile (not (lookup "instancetype.kubevirt.io/v1beta1" "VirtualMachineClusterPreference" "" .Values.instanceProfile)) }} -{{- fail (printf "Specified profile not exists in cluster: %s" .Values.instanceProfile) }} +{{- fail (printf "Specified instanceProfile does not exist in the cluster: %s" .Values.instanceProfile) }} {{- end }} apiVersion: kubevirt.io/v1 @@ -40,11 +40,19 @@ spec: requests: memory: {{ .Values.resources.memory | quote }} {{- end }} + firmware: + uuid: {{ include "virtual-machine.stableUuid" . }} devices: + {{- if .Values.gpus }} + gpus: + {{- range $i, $gpu := .Values.gpus }} + - deviceName: {{ $gpu.name }} + {{- end }} + {{- end }} disks: {{- range $i, $disk := .Values.disks }} - - name: disk-{{ .name }} - {{- $disk := lookup "cdi.kubevirt.io/v1beta1" "DataVolume" $.Release.Namespace (printf "vm-disk-%s" .name) }} + - name: disk-{{ $disk.name }} + {{- $disk := lookup "cdi.kubevirt.io/v1beta1" "DataVolume" $.Release.Namespace (printf "vm-disk-%s" $disk.name) }} {{- if $disk }} {{- if and (hasKey $disk.metadata.annotations "vm-disk.cozystack.io/optical") (eq (index $disk.metadata.annotations "vm-disk.cozystack.io/optical") "true") }} cdrom: {} @@ -75,6 +83,7 @@ spec: secret: secretName: {{ include "virtual-machine.fullname" $ }}-ssh-keys propagationMethod: + # keys will be injected into metadata part of cloud-init disk noCloud: {} {{- end }} terminationGracePeriodSeconds: 30 @@ -87,8 +96,14 @@ spec: {{- if or .Values.sshKeys .Values.cloudInit }} - name: cloudinitdisk cloudInitNoCloud: + {{- if .Values.cloudInit }} secretRef: name: {{ include "virtual-machine.fullname" . }}-cloud-init + {{- else }} + userData: | + #cloud-config + final_message: Cloud-init user-data was left blank intentionally. + {{- end }} {{- end }} networks: - name: default diff --git a/packages/apps/vm-instance/values.schema.json b/packages/apps/vm-instance/values.schema.json index 40560861..f4dd2076 100644 --- a/packages/apps/vm-instance/values.schema.json +++ b/packages/apps/vm-instance/values.schema.json @@ -88,7 +88,7 @@ }, "instanceProfile": { "type": "string", - "description": "Virtual Machine prefferences profile", + "description": "Virtual Machine preferences profile", "default": "ubuntu", "optional": true, "enum": [ @@ -145,6 +145,14 @@ "type": "object" } }, + "gpus": { + "type": "array", + "description": "List of GPUs to attach", + "default": [], + "items": { + "type": "object" + } + }, "resources": { "type": "object", "properties": { @@ -171,7 +179,12 @@ "cloudInit": { "type": "string", "description": "cloud-init user data config. See cloud-init documentation for more details.", - "default": "#cloud-config\n" + "default": "" + }, + "cloudInitSeed": { + "type": "string", + "description": "A seed string to generate an SMBIOS UUID for the VM.", + "default": "" } } } diff --git a/packages/apps/vm-instance/values.yaml b/packages/apps/vm-instance/values.yaml index 418ba7e8..eb68ced2 100644 --- a/packages/apps/vm-instance/values.yaml +++ b/packages/apps/vm-instance/values.yaml @@ -12,7 +12,7 @@ externalPorts: running: true ## @param instanceType Virtual Machine instance type -## @param instanceProfile Virtual Machine prefferences profile +## @param instanceProfile Virtual Machine preferences profile ## instanceType: "u1.medium" instanceProfile: ubuntu @@ -24,6 +24,12 @@ instanceProfile: ubuntu ## - name: example-data disks: [] +## @param gpus [array] List of GPUs to attach +## Example: +## gpus: +## - name: nvidia.com/GA102GL_A10 +gpus: [] + ## @param resources.cpu The number of CPU cores allocated to the virtual machine ## @param resources.memory The amount of memory allocated to the virtual machine resources: @@ -47,5 +53,13 @@ sshKeys: [] ## password: ubuntu ## chpasswd: { expire: False } ## -cloudInit: | - #cloud-config +cloudInit: "" + +## @param cloudInitSeed A seed string to generate an SMBIOS UUID for the VM. +cloudInitSeed: "" +## Change it to any new value to force a full cloud-init reconfiguration. Change it when you want to apply +## to an existing VM settings that are usually written only once, like new SSH keys or new network configuration. +## An empty value does nothing (and the existing UUID is not reverted). Please note that changing this value +## does not trigger a VM restart. You must perform the restart separately. +## Example: +## cloudInitSeed: "upd1" diff --git a/packages/core/builder/Makefile b/packages/core/builder/Makefile deleted file mode 100755 index 9eee5594..00000000 --- a/packages/core/builder/Makefile +++ /dev/null @@ -1,35 +0,0 @@ -NAMESPACE=cozy-builder -NAME := builder - -TALOS_VERSION=$(shell awk '/^version:/ {print $$2}' ../installer/images/talos/profiles/installer.yaml) - -include ../../../scripts/common-envs.mk - -help: ## Show this help. - @awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) - -show: - helm template -n $(NAMESPACE) $(NAME) . - -apply: ## Create builder sandbox in existing Kubernetes cluster. - helm template -n $(NAMESPACE) $(NAME) . | kubectl apply -f - - docker buildx ls | grep -q '^buildkit-builder*' || docker buildx create \ - --bootstrap \ - --name=buildkit-$(NAME) \ - --driver=kubernetes \ - --driver-opt=namespace=$(NAMESPACE),replicas=1 \ - --platform=linux/amd64 \ - --platform=linux/arm64 \ - --use \ - --config config.toml - -diff: - helm template -n $(NAMESPACE) $(NAME) . | kubectl diff -f - - -delete: ## Remove builder sandbox from existing Kubernetes cluster. - kubectl delete deploy -n $(NAMESPACE) $(NAME)-talos-imager - docker buildx rm buildkit-$(NAME) - -wait-for-builder: - kubectl wait deploy --for=condition=Progressing -n $(NAMESPACE) $(NAME)-talos-imager - kubectl wait pod --for=condition=Ready -n $(NAMESPACE) -l app=$(NAME)-talos-imager diff --git a/packages/core/builder/config.toml b/packages/core/builder/config.toml deleted file mode 100644 index a3cb03a3..00000000 --- a/packages/core/builder/config.toml +++ /dev/null @@ -1,11 +0,0 @@ -[worker.oci] - gc = true - gckeepstorage = 50000 - - [[worker.oci.gcpolicy]] - keepBytes = 10737418240 - keepDuration = 604800 - filters = [ "type==source.local", "type==exec.cachemount", "type==source.git.checkout"] - [[worker.oci.gcpolicy]] - all = true - keepBytes = 53687091200 diff --git a/packages/core/builder/templates/sandbox.yaml b/packages/core/builder/templates/sandbox.yaml deleted file mode 100755 index 0a850cb6..00000000 --- a/packages/core/builder/templates/sandbox.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Release.Namespace }} - labels: - pod-security.kubernetes.io/enforce: privileged ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-talos-imager - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - app: {{ .Release.Name }}-talos-imager - strategy: - type: Recreate - template: - metadata: - labels: - app: {{ .Release.Name }}-talos-imager - spec: - automountServiceAccountToken: false - terminationGracePeriodSeconds: 1 - containers: - - name: imager - image: "{{ .Values.talos.imager.image }}" - securityContext: - privileged: true - command: - - sleep - - infinity - volumeMounts: - - mountPath: /dev - name: dev - volumes: - - hostPath: - path: /dev - type: Directory - name: dev diff --git a/packages/core/builder/values.yaml b/packages/core/builder/values.yaml deleted file mode 100755 index fb061354..00000000 --- a/packages/core/builder/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -talos: - imager: - image: ghcr.io/siderolabs/imager:v1.9.3 diff --git a/packages/core/installer/Makefile b/packages/core/installer/Makefile index 31cca9a9..f2146529 100644 --- a/packages/core/installer/Makefile +++ b/packages/core/installer/Makefile @@ -19,12 +19,10 @@ diff: update: hack/gen-profiles.sh - IMAGE=$$(yq '.input.baseInstaller.imageRef | sub("/installer:", "/imager:")' images/talos/profiles/installer.yaml) \ - yq -i '.talos.imager.image = strenv(IMAGE)' ../builder/values.yaml -image: pre-checks image-cozystack image-talos image-matchbox +image: pre-checks image-matchbox image-cozystack image-talos -image-cozystack: run-builder +image-cozystack: make -C ../../.. repos docker buildx build -f images/cozystack/Dockerfile ../../.. \ --provenance false \ @@ -40,11 +38,11 @@ image-cozystack: run-builder yq -i '.cozystack.image = strenv(IMAGE)' values.yaml rm -f images/installer.json -image-talos: run-builder +image-talos: test -f ../../../_out/assets/installer-amd64.tar || make talos-installer skopeo copy docker-archive:../../../_out/assets/installer-amd64.tar docker://$(REGISTRY)/talos:$(call settag,$(TALOS_VERSION)) -image-matchbox: run-builder +image-matchbox: test -f ../../../_out/assets/kernel-amd64 || make talos-kernel test -f ../../../_out/assets/initramfs-metal-amd64.xz || make talos-initramfs docker buildx build -f images/matchbox/Dockerfile ../../.. \ @@ -61,13 +59,10 @@ image-matchbox: run-builder > ../../extra/bootbox/images/matchbox.tag rm -f images/matchbox.json -assets: talos-iso talos-nocloud talos-metal +assets: talos-iso talos-nocloud talos-metal talos-kernel talos-initramfs talos-initramfs talos-kernel talos-installer talos-iso talos-nocloud talos-metal: mkdir -p ../../../_out/assets cat images/talos/profiles/$(subst talos-,,$@).yaml | \ - kubectl exec -i -n cozy-builder deploy/builder-talos-imager -- imager --tar-to-stdout - | \ + docker run --rm -i -v /dev:/dev --privileged "ghcr.io/siderolabs/imager:$(TALOS_VERSION)" --tar-to-stdout - | \ tar -C ../../../_out/assets -xzf- - -run-builder: - make -C ../builder/ apply wait-for-builder diff --git a/packages/core/installer/images/talos/profiles/initramfs.yaml b/packages/core/installer/images/talos/profiles/initramfs.yaml index 790dca83..af5f34cc 100644 --- a/packages/core/installer/images/talos/profiles/initramfs.yaml +++ b/packages/core/installer/images/talos/profiles/initramfs.yaml @@ -3,24 +3,24 @@ arch: amd64 platform: metal secureboot: false -version: v1.9.3 +version: v1.9.5 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: ghcr.io/siderolabs/installer:v1.9.3 + imageRef: ghcr.io/siderolabs/installer:v1.9.5 systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250109 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250311 - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250311 - imageRef: ghcr.io/siderolabs/i915-ucode:20241110 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109 - - imageRef: ghcr.io/siderolabs/intel-ucode:20241112 - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109 - - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3 - - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250311 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250211 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250311 + - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.5 + - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.5 output: kind: initramfs imageOptions: {} diff --git a/packages/core/installer/images/talos/profiles/installer.yaml b/packages/core/installer/images/talos/profiles/installer.yaml index 1def0f9c..b717ba3e 100644 --- a/packages/core/installer/images/talos/profiles/installer.yaml +++ b/packages/core/installer/images/talos/profiles/installer.yaml @@ -3,24 +3,24 @@ arch: amd64 platform: metal secureboot: false -version: v1.9.3 +version: v1.9.5 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: ghcr.io/siderolabs/installer:v1.9.3 + imageRef: ghcr.io/siderolabs/installer:v1.9.5 systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250109 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250311 - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250311 - imageRef: ghcr.io/siderolabs/i915-ucode:20241110 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109 - - imageRef: ghcr.io/siderolabs/intel-ucode:20241112 - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109 - - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3 - - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250311 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250211 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250311 + - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.5 + - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.5 output: kind: installer imageOptions: {} diff --git a/packages/core/installer/images/talos/profiles/iso.yaml b/packages/core/installer/images/talos/profiles/iso.yaml index 8550ed40..c10d43c6 100644 --- a/packages/core/installer/images/talos/profiles/iso.yaml +++ b/packages/core/installer/images/talos/profiles/iso.yaml @@ -3,24 +3,24 @@ arch: amd64 platform: metal secureboot: false -version: v1.9.3 +version: v1.9.5 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: ghcr.io/siderolabs/installer:v1.9.3 + imageRef: ghcr.io/siderolabs/installer:v1.9.5 systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250109 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250311 - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250311 - imageRef: ghcr.io/siderolabs/i915-ucode:20241110 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109 - - imageRef: ghcr.io/siderolabs/intel-ucode:20241112 - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109 - - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3 - - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250311 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250211 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250311 + - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.5 + - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.5 output: kind: iso imageOptions: {} diff --git a/packages/core/installer/images/talos/profiles/kernel.yaml b/packages/core/installer/images/talos/profiles/kernel.yaml index 9c70334b..462aaaac 100644 --- a/packages/core/installer/images/talos/profiles/kernel.yaml +++ b/packages/core/installer/images/talos/profiles/kernel.yaml @@ -3,24 +3,24 @@ arch: amd64 platform: metal secureboot: false -version: v1.9.3 +version: v1.9.5 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: ghcr.io/siderolabs/installer:v1.9.3 + imageRef: ghcr.io/siderolabs/installer:v1.9.5 systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250109 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250311 - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250311 - imageRef: ghcr.io/siderolabs/i915-ucode:20241110 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109 - - imageRef: ghcr.io/siderolabs/intel-ucode:20241112 - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109 - - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3 - - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250311 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250211 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250311 + - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.5 + - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.5 output: kind: kernel imageOptions: {} diff --git a/packages/core/installer/images/talos/profiles/metal.yaml b/packages/core/installer/images/talos/profiles/metal.yaml index c32b82b1..e3f5a8e9 100644 --- a/packages/core/installer/images/talos/profiles/metal.yaml +++ b/packages/core/installer/images/talos/profiles/metal.yaml @@ -3,24 +3,24 @@ arch: amd64 platform: metal secureboot: false -version: v1.9.3 +version: v1.9.5 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: ghcr.io/siderolabs/installer:v1.9.3 + imageRef: ghcr.io/siderolabs/installer:v1.9.5 systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250109 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250311 - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250311 - imageRef: ghcr.io/siderolabs/i915-ucode:20241110 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109 - - imageRef: ghcr.io/siderolabs/intel-ucode:20241112 - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109 - - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3 - - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250311 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250211 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250311 + - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.5 + - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.5 output: kind: image imageOptions: { diskSize: 1306525696, diskFormat: raw } diff --git a/packages/core/installer/images/talos/profiles/nocloud.yaml b/packages/core/installer/images/talos/profiles/nocloud.yaml index 67a8d14b..e781edc1 100644 --- a/packages/core/installer/images/talos/profiles/nocloud.yaml +++ b/packages/core/installer/images/talos/profiles/nocloud.yaml @@ -3,24 +3,24 @@ arch: amd64 platform: nocloud secureboot: false -version: v1.9.3 +version: v1.9.5 input: kernel: path: /usr/install/amd64/vmlinuz initramfs: path: /usr/install/amd64/initramfs.xz baseInstaller: - imageRef: ghcr.io/siderolabs/installer:v1.9.3 + imageRef: ghcr.io/siderolabs/installer:v1.9.5 systemExtensions: - - imageRef: ghcr.io/siderolabs/amd-ucode:20250109 + - imageRef: ghcr.io/siderolabs/amd-ucode:20250311 - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20241110 - - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250109 + - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20250311 - imageRef: ghcr.io/siderolabs/i915-ucode:20241110 - - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250109 - - imageRef: ghcr.io/siderolabs/intel-ucode:20241112 - - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250109 - - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.3 - - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.3 + - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20250311 + - imageRef: ghcr.io/siderolabs/intel-ucode:20250211 + - imageRef: ghcr.io/siderolabs/qlogic-firmware:20250311 + - imageRef: ghcr.io/siderolabs/drbd:9.2.12-v1.9.5 + - imageRef: ghcr.io/siderolabs/zfs:2.2.7-v1.9.5 output: kind: image imageOptions: { diskSize: 1306525696, diskFormat: raw } diff --git a/packages/core/installer/values.yaml b/packages/core/installer/values.yaml index c3b3f641..695796af 100644 --- a/packages/core/installer/values.yaml +++ b/packages/core/installer/values.yaml @@ -1,2 +1,2 @@ cozystack: - image: ghcr.io/cozystack/cozystack/installer:v0.28.0@sha256:71ae2037ca44d49bbcf8be56c127ee92f2486089a8ea1cdd6508af49705956ac + image: ghcr.io/cozystack/cozystack/installer:v0.30.0@sha256:aba19d8524cd9d55db8dd5600be92cf53cd218507df46b4294905336603fc7cc diff --git a/packages/core/platform/bundles/distro-full.yaml b/packages/core/platform/bundles/distro-full.yaml index d44eb3df..08c2da4a 100644 --- a/packages/core/platform/bundles/distro-full.yaml +++ b/packages/core/platform/bundles/distro-full.yaml @@ -31,6 +31,13 @@ releases: autoDirectNodeRoutes: true routingMode: native +- name: cilium-networkpolicy + releaseName: cilium-networkpolicy + chart: cozy-cilium-networkpolicy + namespace: cozy-cilium + privileged: true + dependsOn: [cilium] + - name: cozy-proxy releaseName: cozystack chart: cozy-cozy-proxy @@ -127,14 +134,14 @@ releases: chart: cozy-kafka-operator namespace: cozy-kafka-operator optional: true - dependsOn: [cilium] + dependsOn: [cilium,victoria-metrics-operator] - name: clickhouse-operator releaseName: clickhouse-operator chart: cozy-clickhouse-operator namespace: cozy-clickhouse-operator optional: true - dependsOn: [cilium] + dependsOn: [cilium,victoria-metrics-operator] - name: rabbitmq-operator releaseName: rabbitmq-operator @@ -154,7 +161,7 @@ releases: releaseName: piraeus-operator chart: cozy-piraeus-operator namespace: cozy-linstor - dependsOn: [cilium,cert-manager] + dependsOn: [cilium,cert-manager,victoria-metrics-operator] - name: snapshot-controller releaseName: snapshot-controller @@ -218,3 +225,8 @@ releases: privileged: true optional: true dependsOn: [cilium] + +- name: reloader + releaseName: reloader + chart: cozy-reloader + namespace: cozy-reloader diff --git a/packages/core/platform/bundles/distro-hosted.yaml b/packages/core/platform/bundles/distro-hosted.yaml index 650efccd..6a7e73e4 100644 --- a/packages/core/platform/bundles/distro-hosted.yaml +++ b/packages/core/platform/bundles/distro-hosted.yaml @@ -96,14 +96,14 @@ releases: chart: cozy-kafka-operator namespace: cozy-kafka-operator optional: true - dependsOn: [] + dependsOn: [victoria-metrics-operator] - name: clickhouse-operator releaseName: clickhouse-operator chart: cozy-clickhouse-operator namespace: cozy-clickhouse-operator optional: true - dependsOn: [] + dependsOn: [victoria-metrics-operator] - name: rabbitmq-operator releaseName: rabbitmq-operator diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml index 7bf3c977..ca5b3f64 100644 --- a/packages/core/platform/bundles/paas-full.yaml +++ b/packages/core/platform/bundles/paas-full.yaml @@ -34,6 +34,13 @@ releases: - values-talos.yaml - values-kubeovn.yaml +- name: cilium-networkpolicy + releaseName: cilium-networkpolicy + chart: cozy-cilium-networkpolicy + namespace: cozy-cilium + privileged: true + dependsOn: [cilium] + - name: kubeovn releaseName: kubeovn chart: cozy-kubeovn @@ -109,7 +116,7 @@ releases: chart: cozy-monitoring-agents namespace: cozy-monitoring privileged: true - dependsOn: [cilium,kubeovn,victoria-metrics-operator] + dependsOn: [victoria-metrics-operator, vertical-pod-autoscaler-crds] values: scrapeRules: etcd: @@ -146,6 +153,17 @@ releases: namespace: cozy-kubevirt-cdi dependsOn: [cilium,kubeovn,kubevirt-cdi-operator] +- name: gpu-operator + releaseName: gpu-operator + chart: cozy-gpu-operator + namespace: cozy-gpu-operator + privileged: true + optional: true + dependsOn: [cilium,kubeovn] + valuesFiles: + - values.yaml + - values-talos.yaml + - name: metallb releaseName: metallb chart: cozy-metallb @@ -181,13 +199,13 @@ releases: releaseName: kafka-operator chart: cozy-kafka-operator namespace: cozy-kafka-operator - dependsOn: [cilium,kubeovn] + dependsOn: [cilium,kubeovn,victoria-metrics-operator] - name: clickhouse-operator releaseName: clickhouse-operator chart: cozy-clickhouse-operator namespace: cozy-clickhouse-operator - dependsOn: [cilium,kubeovn] + dependsOn: [cilium,kubeovn,victoria-metrics-operator] - name: rabbitmq-operator releaseName: rabbitmq-operator @@ -380,3 +398,15 @@ releases: namespace: cozy-vertical-pod-autoscaler privileged: true dependsOn: [monitoring-agents] + +- name: vertical-pod-autoscaler-crds + releaseName: vertical-pod-autoscaler-crds + chart: cozy-vertical-pod-autoscaler-crds + namespace: cozy-vertical-pod-autoscaler + privileged: true + dependsOn: [cilium, kubeovn] + +- name: reloader + releaseName: reloader + chart: cozy-reloader + namespace: cozy-reloader diff --git a/packages/core/platform/bundles/paas-hosted.yaml b/packages/core/platform/bundles/paas-hosted.yaml index 42ea63a9..8b59fd81 100644 --- a/packages/core/platform/bundles/paas-hosted.yaml +++ b/packages/core/platform/bundles/paas-hosted.yaml @@ -69,7 +69,7 @@ releases: chart: cozy-monitoring-agents namespace: cozy-monitoring privileged: true - dependsOn: [victoria-metrics-operator] + dependsOn: [victoria-metrics-operator, vertical-pod-autoscaler-crds] values: scrapeRules: etcd: @@ -103,13 +103,13 @@ releases: releaseName: kafka-operator chart: cozy-kafka-operator namespace: cozy-kafka-operator - dependsOn: [] + dependsOn: [victoria-metrics-operator] - name: clickhouse-operator releaseName: clickhouse-operator chart: cozy-clickhouse-operator namespace: cozy-clickhouse-operator - dependsOn: [] + dependsOn: [victoria-metrics-operator] - name: rabbitmq-operator releaseName: rabbitmq-operator @@ -254,3 +254,10 @@ releases: namespace: cozy-vertical-pod-autoscaler privileged: true dependsOn: [monitoring-agents] + +- name: vertical-pod-autoscaler-crds + releaseName: vertical-pod-autoscaler-crds + chart: cozy-vertical-pod-autoscaler-crds + namespace: cozy-vertical-pod-autoscaler + privileged: true + dependsOn: [cilium, kubeovn] diff --git a/packages/core/testing/Makefile b/packages/core/testing/Makefile index 861f9a96..747d4507 100755 --- a/packages/core/testing/Makefile +++ b/packages/core/testing/Makefile @@ -2,6 +2,9 @@ NAMESPACE=cozy-e2e-tests NAME := sandbox CLEAN := 1 TESTING_APPS := $(shell find ../../apps -maxdepth 1 -mindepth 1 -type d | awk -F/ '{print $$NF}') +SANDBOX_NAME := cozy-e2e-sandbox-$(shell echo "$$(hostname):$$(pwd)" | sha256sum | cut -c -6) + +ROOT_DIR = $(dir $(abspath $(firstword $(MAKEFILE_LIST))/../../..)) include ../../../scripts/common-envs.mk @@ -24,7 +27,6 @@ image-e2e-sandbox: --provenance false \ --tag $(REGISTRY)/e2e-sandbox:$(call settag,$(TAG)) \ --cache-from type=registry,ref=$(REGISTRY)/e2e-sandbox:latest \ - --platform linux/amd64,linux/arm64 \ --cache-to type=inline \ --metadata-file images/e2e-sandbox.json \ --push=$(PUSH) \ @@ -34,27 +36,20 @@ image-e2e-sandbox: yq -i '.e2e.image = strenv(IMAGE)' values.yaml rm -f images/e2e-sandbox.json -copy-hack-dir: - tar -C ../../../ -cf- hack | kubectl exec -i -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- tar -xf- +test: ## Run the end-to-end tests in existing sandbox. + docker exec "${SANDBOX_NAME}" sh -c 'cd /workspace && export COZYSTACK_INSTALLER_YAML=$$(helm template -n cozy-system installer ./packages/core/installer) && hack/e2e.sh' -copy-image: - cat ../../../_out/assets/nocloud-amd64.raw.xz | kubectl exec -i -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- sh -xec 'xz --decompress > /nocloud-amd64.raw' - -test: wait-for-sandbox copy-hack-dir copy-image ## Run the end-to-end tests in existing sandbox. - helm template -n cozy-system installer ../installer | kubectl exec -i -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- sh -c 'cat > /cozystack-installer.yaml' - kubectl exec -ti -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- sh -c 'export COZYSTACK_INSTALLER_YAML=$$(cat /cozystack-installer.yaml) && /hack/e2e.sh' - -test-applications: wait-for-sandbox copy-hack-dir ## Run the end-to-end tests in existing sandbox for applications. +test-applications: ## Run the end-to-end tests in existing sandbox for applications. for app in $(TESTING_APPS); do \ - kubectl exec -ti -n cozy-e2e-tests deploy/cozystack-e2e-sandbox -- bash -c "/hack/e2e.application.sh $${app}"; \ + docker exec ${SANDBOX_NAME} bash -c "/hack/e2e.application.sh $${app}"; \ done - kubectl exec -ti -n cozy-e2e-tests deploy/cozystack-e2e-sandbox -- bash -c "kubectl get hr -A | grep -v 'True'" + docker exec ${SANDBOX_NAME} bash -c "kubectl get hr -A | grep -v 'True'" delete: ## Remove sandbox from existing Kubernetes cluster. - kubectl delete deploy -n $(NAMESPACE) cozystack-e2e-$(NAME) + docker rm -f "${SANDBOX_NAME}" || true exec: ## Opens an interactive shell in the sandbox container. - kubectl exec -ti -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- bash + docker exec -ti "${SANDBOX_NAME}" -- bash proxy: sync-hosts ## Enable a SOCKS5 proxy server; mirrord and gost must be installed. mirrord exec --target deploy/cozystack-e2e-sandbox --target-namespace cozy-e2e-tests -- gost -L=127.0.0.1:10080 @@ -65,6 +60,6 @@ login: ## Downloads the kubeconfig into a temporary directory and runs a shell w sync-hosts: kubectl exec -n $(NAMESPACE) deploy/cozystack-e2e-$(NAME) -- sh -c 'kubectl get ing -A -o go-template='\''{{ "127.0.0.1 localhost\n"}}{{ range .items }}{{ range .status.loadBalancer.ingress }}{{ .ip }}{{ end }} {{ range .spec.rules }}{{ .host }}{{ end }}{{ "\n" }}{{ end }}'\'' > /etc/hosts' -wait-for-sandbox: - kubectl wait deploy --for=condition=Progressing -n $(NAMESPACE) cozystack-e2e-$(NAME) - kubectl wait pod --for=condition=Ready -n $(NAMESPACE) -l app=cozystack-e2e-$(NAME) +apply: delete + docker run -d --rm --name "${SANDBOX_NAME}" --privileged "$$(yq .e2e.image values.yaml)" sleep infinity + docker cp "${ROOT_DIR}" "${SANDBOX_NAME}":/workspace diff --git a/packages/core/testing/images/e2e-sandbox/Dockerfile b/packages/core/testing/images/e2e-sandbox/Dockerfile index 74e6f0cf..8318e982 100755 --- a/packages/core/testing/images/e2e-sandbox/Dockerfile +++ b/packages/core/testing/images/e2e-sandbox/Dockerfile @@ -1,11 +1,11 @@ FROM ubuntu:22.04 ARG KUBECTL_VERSION=1.32.0 -ARG TALOSCTL_VERSION=1.8.4 +ARG TALOSCTL_VERSION=1.9.5 ARG HELM_VERSION=3.16.4 RUN apt-get update -RUN apt-get -y install genisoimage qemu-kvm qemu-utils iproute2 iptables wget xz-utils netcat curl jq +RUN apt-get -y install genisoimage qemu-kvm qemu-utils iproute2 iptables wget xz-utils netcat curl jq make git RUN curl -LO "https://github.com/siderolabs/talos/releases/download/v${TALOSCTL_VERSION}/talosctl-linux-amd64" \ && chmod +x talosctl-linux-amd64 \ && mv talosctl-linux-amd64 /usr/local/bin/talosctl @@ -14,3 +14,4 @@ RUN curl -LO "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kube && mv kubectl /usr/local/bin/kubectl RUN curl -sSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash -s - --version "v${HELM_VERSION}" RUN wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 -O /usr/local/bin/yq && chmod +x /usr/local/bin/yq +RUN curl -s https://fluxcd.io/install.sh | bash diff --git a/packages/core/testing/templates/sandbox.yaml b/packages/core/testing/templates/sandbox.yaml deleted file mode 100755 index dcb73205..00000000 --- a/packages/core/testing/templates/sandbox.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Release.Namespace }} - labels: - pod-security.kubernetes.io/enforce: privileged ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cozystack-e2e-{{ .Release.Name }} - namespace: cozy-e2e-tests -spec: - replicas: 1 - selector: - matchLabels: - app: cozystack-e2e-{{ .Release.Name }} - strategy: - type: Recreate - template: - metadata: - labels: - app: cozystack-e2e-{{ .Release.Name }} - spec: - automountServiceAccountToken: false - terminationGracePeriodSeconds: 1 - containers: - - name: sandbox - image: "{{ .Values.e2e.image }}" - securityContext: - privileged: true - env: - - name: KUBECONFIG - value: /kubeconfig - - name: TALOSCONFIG - value: /talosconfig - command: - - sleep - - infinity diff --git a/packages/core/testing/values.yaml b/packages/core/testing/values.yaml index 4b4eda1a..3b793d2d 100755 --- a/packages/core/testing/values.yaml +++ b/packages/core/testing/values.yaml @@ -1,2 +1,2 @@ e2e: - image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.28.0@sha256:bb5e8f5d92e2e4305ea1cc7f007b3e98769645ab845f632b4788b9373cd207eb + image: ghcr.io/cozystack/cozystack/e2e-sandbox:v0.30.0@sha256:c887410f9004805522594680fd05d5454953613fd568c527589952294d9793e9 diff --git a/packages/extra/bootbox/Chart.yaml b/packages/extra/bootbox/Chart.yaml index f5d8dd39..ee45ed33 100644 --- a/packages/extra/bootbox/Chart.yaml +++ b/packages/extra/bootbox/Chart.yaml @@ -3,4 +3,4 @@ name: bootbox description: PXE hardware provisioning icon: /logos/bootbox.svg type: application -version: 0.1.0 +version: 0.1.1 diff --git a/packages/extra/bootbox/images/matchbox.tag b/packages/extra/bootbox/images/matchbox.tag index 7bb3bb2d..167a87d1 100644 --- a/packages/extra/bootbox/images/matchbox.tag +++ b/packages/extra/bootbox/images/matchbox.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/matchbox:v0.28.0@sha256:b2002815727b71e2657a6f5b8ed558cc38fc21e81a39b9699266e558be03561f +ghcr.io/cozystack/cozystack/matchbox:v0.30.0@sha256:d67e66faf1da74d60bbfa7502eb4aa0d9ebf961bf641132e4b22a09505ed2445 diff --git a/packages/extra/bootbox/templates/matchbox/machines.yaml b/packages/extra/bootbox/templates/matchbox/machines.yaml index 64231f23..e2733b89 100644 --- a/packages/extra/bootbox/templates/matchbox/machines.yaml +++ b/packages/extra/bootbox/templates/matchbox/machines.yaml @@ -17,7 +17,7 @@ spec: {{- range $mac := $m.mac }} - dhcp: hostname: {{ $m.hostname }} - mac: {{ $mac }} + mac: {{ lower $mac }} {{- with $m.arch }} arch: {{ . }} {{- end }} diff --git a/packages/extra/monitoring/images/grafana.tag b/packages/extra/monitoring/images/grafana.tag index e00d6954..4adf9f6b 100644 --- a/packages/extra/monitoring/images/grafana.tag +++ b/packages/extra/monitoring/images/grafana.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/grafana:1.9.0@sha256:a492931b49af55ad184b485bcd7ea06f1334722d2184702d9f6f2e4123032357 +ghcr.io/cozystack/cozystack/grafana:1.9.1@sha256:c63978e1ed0304e8518b31ddee56c4e8115541b997d8efbe1c0a74da57140399 diff --git a/packages/extra/monitoring/templates/vlogs/vlogs.yaml b/packages/extra/monitoring/templates/vlogs/vlogs.yaml index 8c9e40ac..08d8d82b 100644 --- a/packages/extra/monitoring/templates/vlogs/vlogs.yaml +++ b/packages/extra/monitoring/templates/vlogs/vlogs.yaml @@ -4,6 +4,8 @@ kind: VLogs metadata: name: {{ .name }} spec: + image: + tag: v1.17.0-victorialogs storage: resources: requests: diff --git a/packages/extra/versions_map b/packages/extra/versions_map index f190ebcb..cff2ce01 100644 --- a/packages/extra/versions_map +++ b/packages/extra/versions_map @@ -1,41 +1,42 @@ -bootbox 0.1.0 HEAD -etcd 1.0.0 f7eaab0 -etcd 2.0.0 a6d0f7cf -etcd 2.0.1 6fc1cc7d -etcd 2.1.0 2b00fcf8 -etcd 2.2.0 5ca8823 -etcd 2.3.0 b908400d -etcd 2.4.0 cb7b8158 -etcd 2.5.0 861e6c46 -etcd 2.6.0 a7425b0 -etcd 2.6.1 063439ac +bootbox 0.1.0 45a7416c +bootbox 0.1.1 HEAD +etcd 1.0.0 ca79f725 +etcd 2.0.0 c0685f43 +etcd 2.0.1 007d414f +etcd 2.1.0 25221fdc +etcd 2.2.0 71514249 +etcd 2.3.0 fde4bcfa +etcd 2.4.0 af48519d +etcd 2.5.0 24fa7222 +etcd 2.6.0 8c460528 +etcd 2.6.1 45a7416c etcd 2.7.0 HEAD info 1.0.0 HEAD -ingress 1.0.0 f642698 -ingress 1.1.0 838bee5d -ingress 1.2.0 ced8e5b -ingress 1.3.0 edbbb9be +ingress 1.0.0 d7cfa53c +ingress 1.1.0 5bbc488e +ingress 1.2.0 28fca4ef +ingress 1.3.0 fde4bcfa ingress 1.4.0 HEAD -monitoring 1.0.0 f642698 -monitoring 1.1.0 15478a88 -monitoring 1.2.0 c9e0d63b -monitoring 1.2.1 4471b4ba -monitoring 1.3.0 6c5cf5b -monitoring 1.4.0 adaf603b -monitoring 1.5.0 4b90bf5a -monitoring 1.5.1 57e90b70 -monitoring 1.5.2 898374b5 -monitoring 1.5.3 c1ca19dc +monitoring 1.0.0 d7cfa53c +monitoring 1.1.0 25221fdc +monitoring 1.2.0 f81be075 +monitoring 1.2.1 71514249 +monitoring 1.3.0 6c5cf5bf +monitoring 1.4.0 0f312d5c +monitoring 1.5.0 b8949304 +monitoring 1.5.1 c62a83a7 +monitoring 1.5.2 e44bece1 +monitoring 1.5.3 fde4bcfa monitoring 1.5.4 d4634797 monitoring 1.6.0 cb7b8158 -monitoring 1.6.1 3bb97596 -monitoring 1.7.0 749110aa -monitoring 1.8.0 80b4c151 -monitoring 1.8.1 06daf341 -monitoring 1.9.0 8267072d +monitoring 1.6.1 4e68e65c +monitoring 1.7.0 2a976afe +monitoring 1.8.0 8c460528 +monitoring 1.8.1 8267072d +monitoring 1.9.0 45a7416c monitoring 1.9.1 HEAD -seaweedfs 0.1.0 5ca8823 -seaweedfs 0.2.0 9e33dc0 -seaweedfs 0.2.1 249bf35 -seaweedfs 0.3.0 0e728870 +seaweedfs 0.1.0 71514249 +seaweedfs 0.2.0 5fb9cfe3 +seaweedfs 0.2.1 fde4bcfa +seaweedfs 0.3.0 45a7416c seaweedfs 0.4.0 HEAD diff --git a/packages/system/bucket/images/s3manager.tag b/packages/system/bucket/images/s3manager.tag index e6203bbc..58040b38 100644 --- a/packages/system/bucket/images/s3manager.tag +++ b/packages/system/bucket/images/s3manager.tag @@ -1 +1 @@ -ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:218d0c017ae556e5afd074366d9a3124f954c5aefc6474844942420cca8b7640 +ghcr.io/cozystack/cozystack/s3manager:v0.5.0@sha256:d008018f35fc30ad86de200e2cf3d8ab93b3d8cff303a7ffe388192b87d86ac4 diff --git a/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml b/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml index c92910f0..5108c7dc 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: 0.17.0 +appVersion: 0.18.1 description: Cluster API Operator name: cluster-api-operator type: application -version: 0.17.0 +version: 0.18.1 diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml index c571b60a..a2eb8fb9 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/addon.yaml @@ -26,8 +26,10 @@ apiVersion: v1 kind: Namespace metadata: annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" + {{- end }} "argocd.argoproj.io/sync-wave": "1" name: {{ $addonNamespace }} --- @@ -37,8 +39,10 @@ metadata: name: {{ $addonName }} namespace: {{ $addonNamespace }} annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" + {{- end }} "argocd.argoproj.io/sync-wave": "2" {{- if or $addonVersion $.Values.secretName }} spec: diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/bootstrap.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/bootstrap.yaml index 69a930f2..ed5d7924 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/bootstrap.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/bootstrap.yaml @@ -26,8 +26,11 @@ apiVersion: v1 kind: Namespace metadata: annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" + {{- end }} + "argocd.argoproj.io/sync-wave": "1" name: {{ $bootstrapNamespace }} --- apiVersion: operator.cluster.x-k8s.io/v1alpha2 @@ -36,8 +39,11 @@ metadata: name: {{ $bootstrapName }} namespace: {{ $bootstrapNamespace }} annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" + {{- end }} + "argocd.argoproj.io/sync-wave": "2" {{- if or $bootstrapVersion $.Values.configSecret.name }} spec: {{- end}} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/control-plane.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/control-plane.yaml index 40bda081..d72249d1 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/control-plane.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/control-plane.yaml @@ -26,8 +26,11 @@ apiVersion: v1 kind: Namespace metadata: annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" + {{- end }} + "argocd.argoproj.io/sync-wave": "1" name: {{ $controlPlaneNamespace }} --- apiVersion: operator.cluster.x-k8s.io/v1alpha2 @@ -36,8 +39,11 @@ metadata: name: {{ $controlPlaneName }} namespace: {{ $controlPlaneNamespace }} annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" + {{- end }} + "argocd.argoproj.io/sync-wave": "2" {{- if or $controlPlaneVersion $.Values.configSecret.name $.Values.manager }} spec: {{- end}} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/core-conditions.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/core-conditions.yaml index bb396a24..059c8c7d 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/core-conditions.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/core-conditions.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.addon .Values.bootstrap .Values.controlPlane .Values.infrastructure }} +{{- if or .Values.addon .Values.bootstrap .Values.controlPlane .Values.infrastructure .Values.ipam }} # Deploy core components if not specified {{- if not .Values.core }} --- @@ -6,8 +6,11 @@ apiVersion: v1 kind: Namespace metadata: annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" + {{- end }} + "argocd.argoproj.io/sync-wave": "1" name: capi-system --- apiVersion: operator.cluster.x-k8s.io/v1alpha2 @@ -16,8 +19,11 @@ metadata: name: cluster-api namespace: capi-system annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" + {{- end }} + "argocd.argoproj.io/sync-wave": "2" {{- with .Values.configSecret }} spec: configSecret: @@ -28,4 +34,3 @@ spec: {{- end }} {{- end }} {{- end }} - diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml index 8f993496..828d2269 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/core.yaml @@ -25,8 +25,11 @@ apiVersion: v1 kind: Namespace metadata: annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" + {{- end }} + "argocd.argoproj.io/sync-wave": "1" name: {{ $coreNamespace }} --- apiVersion: operator.cluster.x-k8s.io/v1alpha2 @@ -35,8 +38,10 @@ metadata: name: {{ $coreName }} namespace: {{ $coreNamespace }} annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" + {{- end }} "argocd.argoproj.io/sync-wave": "2" {{- if or $coreVersion $.Values.configSecret.name $.Values.manager }} spec: @@ -45,8 +50,8 @@ spec: version: {{ $coreVersion }} {{- end }} {{- if $.Values.manager }} - manager: {{- if and $.Values.manager.featureGates $.Values.manager.featureGates.core }} + manager: featureGates: {{- range $key, $value := $.Values.manager.featureGates.core }} {{ $key }}: {{ $value }} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra-conditions.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra-conditions.yaml index a311684e..d2c2c217 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra-conditions.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra-conditions.yaml @@ -7,8 +7,10 @@ apiVersion: v1 kind: Namespace metadata: annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" + {{- end }} "argocd.argoproj.io/sync-wave": "1" name: capi-kubeadm-bootstrap-system --- @@ -18,8 +20,10 @@ metadata: name: kubeadm namespace: capi-kubeadm-bootstrap-system annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" + {{- end }} "argocd.argoproj.io/sync-wave": "2" {{- with .Values.configSecret }} spec: @@ -37,8 +41,10 @@ apiVersion: v1 kind: Namespace metadata: annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" + {{- end }} "argocd.argoproj.io/sync-wave": "1" name: capi-kubeadm-control-plane-system --- @@ -48,14 +54,16 @@ metadata: name: kubeadm namespace: capi-kubeadm-control-plane-system annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" + {{- end }} "argocd.argoproj.io/sync-wave": "2" {{- with .Values.configSecret }} spec: {{- if $.Values.manager }} - manager: {{- if and $.Values.manager.featureGates $.Values.manager.featureGates.kubeadm }} + manager: featureGates: {{- range $key, $value := $.Values.manager.featureGates.kubeadm }} {{ $key }}: {{ $value }} diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml index 9d504659..5841336c 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/infra.yaml @@ -26,8 +26,10 @@ apiVersion: v1 kind: Namespace metadata: annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" + {{- end }} "argocd.argoproj.io/sync-wave": "1" name: {{ $infrastructureNamespace }} --- @@ -37,8 +39,10 @@ metadata: name: {{ $infrastructureName }} namespace: {{ $infrastructureNamespace }} annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" + {{- end }} "argocd.argoproj.io/sync-wave": "2" {{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }} spec: @@ -47,8 +51,8 @@ spec: version: {{ $infrastructureVersion }} {{- end }} {{- if $.Values.manager }} - manager: {{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $infrastructureName) }} + manager: {{- range $key, $value := $.Values.manager.featureGates }} {{- if eq $key $infrastructureName }} featureGates: diff --git a/packages/system/capi-operator/charts/cluster-api-operator/templates/ipam.yaml b/packages/system/capi-operator/charts/cluster-api-operator/templates/ipam.yaml index f64a0da8..06960afb 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/templates/ipam.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/templates/ipam.yaml @@ -26,8 +26,10 @@ apiVersion: v1 kind: Namespace metadata: annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" + {{- end }} "argocd.argoproj.io/sync-wave": "1" name: {{ $ipamNamespace }} --- @@ -37,8 +39,10 @@ metadata: name: {{ $ipamName }} namespace: {{ $ipamNamespace }} annotations: + {{- if $.Values.enableHelmHook }} "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" + {{- end }} "argocd.argoproj.io/sync-wave": "2" {{- if or $ipamVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }} spec: @@ -47,8 +51,8 @@ spec: version: {{ $ipamVersion }} {{- end }} {{- if $.Values.manager }} - manager: {{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $ipamName) }} + manager: {{- range $key, $value := $.Values.manager.featureGates }} {{- if eq $key $ipamName }} featureGates: diff --git a/packages/system/capi-operator/charts/cluster-api-operator/values.yaml b/packages/system/capi-operator/charts/cluster-api-operator/values.yaml index 080378fd..12507a3c 100644 --- a/packages/system/capi-operator/charts/cluster-api-operator/values.yaml +++ b/packages/system/capi-operator/charts/cluster-api-operator/values.yaml @@ -21,7 +21,7 @@ leaderElection: image: manager: repository: registry.k8s.io/capi-operator/cluster-api-operator - tag: v0.17.0 + tag: v0.18.1 pullPolicy: IfNotPresent env: manager: [] @@ -69,3 +69,4 @@ volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true +enableHelmHook: true diff --git a/packages/system/cilium-networkpolicy/Chart.yaml b/packages/system/cilium-networkpolicy/Chart.yaml new file mode 100644 index 00000000..49f64878 --- /dev/null +++ b/packages/system/cilium-networkpolicy/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozy-cilium-networkpolicy +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/cilium-networkpolicy/Makefile b/packages/system/cilium-networkpolicy/Makefile new file mode 100644 index 00000000..c81b87e9 --- /dev/null +++ b/packages/system/cilium-networkpolicy/Makefile @@ -0,0 +1,5 @@ +export NAME=cilium-networkpolicy +export NAMESPACE=cozy-$(NAME) + +include ../../../scripts/common-envs.mk +include ../../../scripts/package.mk diff --git a/packages/system/cilium-networkpolicy/templates/networkpolicy.yaml b/packages/system/cilium-networkpolicy/templates/networkpolicy.yaml new file mode 100644 index 00000000..3c0cf1af --- /dev/null +++ b/packages/system/cilium-networkpolicy/templates/networkpolicy.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: cilium.io/v2 +kind: CiliumClusterwideNetworkPolicy +metadata: + name: restrict-system-components +spec: + ingressDeny: + - fromEntities: + - world + toPorts: + - ports: + - port: "2379" # etcd + - port: "2380" # etcd + - port: "3367" # linstor + - port: "7473" # frr-metrics (metallb) + - port: "8123" # cozy assets server + - port: "9443" # kube-rbac-proxy + - port: "10250" # kubelet + - port: "10257" # kube-controller-manager + - port: "10259" # kube-scheduler + ingress: + - fromEntities: + - world + - host + - cluster + nodeSelector: + matchLabels: {} diff --git a/packages/system/cilium/charts/cilium/Chart.yaml b/packages/system/cilium/charts/cilium/Chart.yaml index 517e8007..b301aa4d 100644 --- a/packages/system/cilium/charts/cilium/Chart.yaml +++ b/packages/system/cilium/charts/cilium/Chart.yaml @@ -79,7 +79,7 @@ annotations: Pod IP Pool\n description: |\n CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAM mode).\n" apiVersion: v2 -appVersion: 1.17.1 +appVersion: 1.17.2 description: eBPF-based Networking, Security, and Observability home: https://cilium.io/ icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg @@ -95,4 +95,4 @@ kubeVersion: '>= 1.21.0-0' name: cilium sources: - https://github.com/cilium/cilium -version: 1.17.1 +version: 1.17.2 diff --git a/packages/system/cilium/charts/cilium/README.md b/packages/system/cilium/charts/cilium/README.md index 0f0ec17f..cab29347 100644 --- a/packages/system/cilium/charts/cilium/README.md +++ b/packages/system/cilium/charts/cilium/README.md @@ -1,6 +1,6 @@ # cilium -![Version: 1.17.1](https://img.shields.io/badge/Version-1.17.1-informational?style=flat-square) ![AppVersion: 1.17.1](https://img.shields.io/badge/AppVersion-1.17.1-informational?style=flat-square) +![Version: 1.17.2](https://img.shields.io/badge/Version-1.17.2-informational?style=flat-square) ![AppVersion: 1.17.2](https://img.shields.io/badge/AppVersion-1.17.2-informational?style=flat-square) Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as @@ -85,7 +85,7 @@ contributors across the globe, there is almost always someone available to help. | authentication.mutual.spire.install.agent.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | SPIRE agent tolerations configuration By default it follows the same tolerations as the agent itself to allow the Cilium agent on this node to connect to SPIRE. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | authentication.mutual.spire.install.enabled | bool | `true` | Enable SPIRE installation. This will only take effect only if authentication.mutual.spire.enabled is true | | authentication.mutual.spire.install.existingNamespace | bool | `false` | SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. | -| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:a5d0ce49aa801d475da48f8cb163c354ab95cab073cd3c138bd458fc8257fbf1","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server | +| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:498a000f370d8c37927118ed80afe8adc38d1edcbfc071627d17b25c88efcab0","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server | | authentication.mutual.spire.install.namespace | string | `"cilium-spire"` | SPIRE namespace to install into | | authentication.mutual.spire.install.server.affinity | object | `{}` | SPIRE server affinity configuration | | authentication.mutual.spire.install.server.annotations | object | `{}` | SPIRE server annotations | @@ -131,6 +131,8 @@ contributors across the globe, there is almost always someone available to help. | bpf.ctTcpMax | int | `524288` | Configure the maximum number of entries in the TCP connection tracking table. | | bpf.datapathMode | string | `veth` | Mode for Pod devices for the core datapath (veth, netkit, netkit-l2, lb-only) | | bpf.disableExternalIPMitigation | bool | `false` | Disable ExternalIP mitigation (CVE-2020-8554) | +| bpf.distributedLRU | object | `{"enabled":false}` | Control to use a distributed per-CPU backend memory for the core BPF LRU maps which Cilium uses. This improves performance significantly, but it is also recommended to increase BPF map sizing along with that. | +| bpf.distributedLRU.enabled | bool | `false` | Enable distributed LRU backend memory. For compatibility with existing installations it is off by default. | | bpf.enableTCX | bool | `true` | Attach endpoint programs using tcx instead of legacy tc hooks on supported kernels. | | bpf.events | object | `{"default":{"burstLimit":null,"rateLimit":null},"drop":{"enabled":true},"policyVerdict":{"enabled":true},"trace":{"enabled":true}}` | Control events generated by the Cilium datapath exposed to Cilium monitor and Hubble. Helm configuration for BPF events map rate limiting is experimental and might change in upcoming releases. | | bpf.events.default | object | `{"burstLimit":null,"rateLimit":null}` | Default settings for all types of events except dbg and pcap. | @@ -195,7 +197,7 @@ contributors across the globe, there is almost always someone available to help. | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. | | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. | | clustermesh.apiserver.healthPort | int | `9880` | TCP port for the clustermesh-apiserver health API. | -| clustermesh.apiserver.image | object | `{"digest":"sha256:1de22f46bfdd638de72c2224d5223ddc3bbeacda1803cb75799beca3d4bf7a4c","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.17.1","useDigest":true}` | Clustermesh API server image. | +| clustermesh.apiserver.image | object | `{"digest":"sha256:981250ebdc6e66e190992eaf75cfca169113a8f08d5c3793fe15822176980398","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.17.2","useDigest":true}` | Clustermesh API server image. | | clustermesh.apiserver.kvstoremesh.enabled | bool | `true` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. | | clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. | | clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. | @@ -375,7 +377,7 @@ contributors across the globe, there is almost always someone available to help. | envoy.healthPort | int | `9878` | TCP port for the health API. | | envoy.httpRetryCount | int | `3` | Maximum number of retries for each HTTP request | | envoy.idleTimeoutDurationSeconds | int | `60` | Set Envoy upstream HTTP idle connection timeout seconds. Does not apply to connections with pending requests. Default 60s | -| envoy.image | object | `{"digest":"sha256:fc708bd36973d306412b2e50c924cd8333de67e0167802c9b48506f9d772f521","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.31.5-1739264036-958bef243c6c66fcfd73ca319f2eb49fff1eb2ae","useDigest":true}` | Envoy container image. | +| envoy.image | object | `{"digest":"sha256:377c78c13d2731f3720f931721ee309159e782d882251709cb0fac3b42c03f4b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.31.5-1741765102-efed3defcc70ab5b263a0fc44c93d316b846a211","useDigest":true}` | Envoy container image. | | envoy.initialFetchTimeoutSeconds | int | `30` | Time in seconds after which the initial fetch on an xDS stream is considered timed out | | envoy.livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe | | envoy.livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe | @@ -392,6 +394,7 @@ contributors across the globe, there is almost always someone available to help. | envoy.podLabels | object | `{}` | Labels to be added to envoy pods | | envoy.podSecurityContext | object | `{"appArmorProfile":{"type":"Unconfined"}}` | Security Context for cilium-envoy pods. | | envoy.podSecurityContext.appArmorProfile | object | `{"type":"Unconfined"}` | AppArmorProfile options for the `cilium-agent` and init containers | +| envoy.policyRestoreTimeoutDuration | string | `nil` | Max duration to wait for endpoint policies to be restored on restart. Default "3m". | | envoy.priorityClassName | string | `nil` | The priority class to use for cilium-envoy. | | envoy.prometheus | object | `{"enabled":true,"port":"9964","serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","labels":{},"metricRelabelings":null,"relabelings":[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}]}}` | Configure Cilium Envoy Prometheus options. Note that some of these apply to either cilium-agent or cilium-envoy. | | envoy.prometheus.enabled | bool | `true` | Enable prometheus metrics for cilium-envoy | @@ -515,7 +518,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. | | hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay | | hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay | -| hubble.relay.image | object | `{"digest":"sha256:397e8fbb188157f744390a7b272a1dec31234e605bcbe22d8919a166d202a3dc","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.17.1","useDigest":true}` | Hubble-relay container image. | +| hubble.relay.image | object | `{"digest":"sha256:42a8db5c256c516cacb5b8937c321b2373ad7a6b0a1e5a5120d5028433d586cc","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.17.2","useDigest":true}` | Hubble-relay container image. | | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. | | hubble.relay.listenPort | string | `"4245"` | Port to listen to. | | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | @@ -582,7 +585,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.backend.extraEnv | list | `[]` | Additional hubble-ui backend environment variables. | | hubble.ui.backend.extraVolumeMounts | list | `[]` | Additional hubble-ui backend volumeMounts. | | hubble.ui.backend.extraVolumes | list | `[]` | Additional hubble-ui backend volumes. | -| hubble.ui.backend.image | object | `{"digest":"sha256:0e0eed917653441fded4e7cdb096b7be6a3bddded5a2dd10812a27b1fc6ed95b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.13.1","useDigest":true}` | Hubble-ui backend image. | +| hubble.ui.backend.image | object | `{"digest":"sha256:a034b7e98e6ea796ed26df8f4e71f83fc16465a19d166eff67a03b822c0bfa15","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.13.2","useDigest":true}` | Hubble-ui backend image. | | hubble.ui.backend.livenessProbe.enabled | bool | `false` | Enable liveness probe for Hubble-ui backend (requires Hubble-ui 0.12+) | | hubble.ui.backend.readinessProbe.enabled | bool | `false` | Enable readiness probe for Hubble-ui backend (requires Hubble-ui 0.12+) | | hubble.ui.backend.resources | object | `{}` | Resource requests and limits for the 'backend' container of the 'hubble-ui' deployment. | @@ -592,7 +595,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.frontend.extraEnv | list | `[]` | Additional hubble-ui frontend environment variables. | | hubble.ui.frontend.extraVolumeMounts | list | `[]` | Additional hubble-ui frontend volumeMounts. | | hubble.ui.frontend.extraVolumes | list | `[]` | Additional hubble-ui frontend volumes. | -| hubble.ui.frontend.image | object | `{"digest":"sha256:e2e9313eb7caf64b0061d9da0efbdad59c6c461f6ca1752768942bfeda0796c6","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.13.1","useDigest":true}` | Hubble-ui frontend image. | +| hubble.ui.frontend.image | object | `{"digest":"sha256:9e37c1296b802830834cc87342a9182ccbb71ffebb711971e849221bd9d59392","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.13.2","useDigest":true}` | Hubble-ui frontend image. | | hubble.ui.frontend.resources | object | `{}` | Resource requests and limits for the 'frontend' container of the 'hubble-ui' deployment. | | hubble.ui.frontend.securityContext | object | `{}` | Hubble-ui frontend security context. | | hubble.ui.frontend.server.ipv6 | object | `{"enabled":true}` | Controls server listener for ipv6 | @@ -622,7 +625,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. | | identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd`, `kvstore` or `doublewrite-readkvstore` / `doublewrite-readcrd` for migrating between identity backends). | | identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. | -| image | object | `{"digest":"sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.1","useDigest":true}` | Agent container image. | +| image | object | `{"digest":"sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.2","useDigest":true}` | Agent container image. | | imagePullSecrets | list | `[]` | Configure image pull secrets for pulling container images | | ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set | | ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. | @@ -759,7 +762,7 @@ contributors across the globe, there is almost always someone available to help. | operator.hostNetwork | bool | `true` | HostNetwork setting | | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. | | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. | -| operator.image | object | `{"alibabacloudDigest":"sha256:034b479fba340f9d98510e509c7ce1c36e8889a109d5f1c2240fcb0942bc772c","awsDigest":"sha256:da74748057c836471bfdc0e65bb29ba0edb82916ec4b99f6a4f002b2fcc849d6","azureDigest":"sha256:b9e3e3994f5fcf1832e1f344f3b3b544832851b1990f124b2c2c68e3ffe04a9b","genericDigest":"sha256:628becaeb3e4742a1c36c4897721092375891b58bae2bfcae48bbf4420aaee97","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.17.1","useDigest":true}` | cilium-operator image. | +| operator.image | object | `{"alibabacloudDigest":"sha256:7cb8c23417f65348bb810fe92fb05b41d926f019d77442f3fa1058d17fea7ffe","awsDigest":"sha256:955096183e22a203bbb198ca66e3266ce4dbc2b63f1a2fbd03f9373dcd97893c","azureDigest":"sha256:455fb88b558b1b8ba09d63302ccce76b4930581be89def027184ab04335c20e0","genericDigest":"sha256:81f2d7198366e8dec2903a3a8361e4c68d47d19c68a0d42f0b7b6e3f0523f249","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.17.2","useDigest":true}` | cilium-operator image. | | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. | | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods | @@ -809,7 +812,7 @@ contributors across the globe, there is almost always someone available to help. | preflight.extraEnv | list | `[]` | Additional preflight environment variables. | | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. | | preflight.extraVolumes | list | `[]` | Additional preflight volumes. | -| preflight.image | object | `{"digest":"sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.1","useDigest":true}` | Cilium pre-flight image. | +| preflight.image | object | `{"digest":"sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.2","useDigest":true}` | Cilium pre-flight image. | | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods | | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ | @@ -883,7 +886,7 @@ contributors across the globe, there is almost always someone available to help. | tls.caBundle.useSecret | bool | `false` | Use a Secret instead of a ConfigMap. | | tls.readSecretsOnlyFromSecretsNamespace | string | `nil` | Configure if the Cilium Agent will only look in `tls.secretsNamespace` for CiliumNetworkPolicy relevant Secrets. If false, the Cilium Agent will be granted READ (GET/LIST/WATCH) access to _all_ secrets in the entire cluster. This is not recommended and is included for backwards compatibility. This value obsoletes `tls.secretsBackend`, with `true` == `local` in the old setting, and `false` == `k8s`. | | tls.secretSync | object | `{"enabled":null}` | Configures settings for synchronization of TLS Interception Secrets | -| tls.secretSync.enabled | string | `nil` | Enable synchronization of Secrets for TLS Interception. If disabled and tls.secretsBackend is set to 'k8s', then secrets will be read directly by the agent. | +| tls.secretSync.enabled | string | `nil` | Enable synchronization of Secrets for TLS Interception. If disabled and tls.readSecretsOnlyFromSecretsNamespace is set to 'false', then secrets will be read directly by the agent. | | tls.secretsBackend | string | `nil` | This configures how the Cilium agent loads the secrets used TLS-aware CiliumNetworkPolicies (namely the secrets referenced by terminatingTLS and originatingTLS). This value is DEPRECATED and will be removed in a future version. Use `tls.readSecretsOnlyFromSecretsNamespace` instead. Possible values: - local - k8s | | tls.secretsNamespace | object | `{"create":true,"name":"cilium-secrets"}` | Configures where secrets used in CiliumNetworkPolicies will be looked for | | tls.secretsNamespace.create | bool | `true` | Create secrets namespace for TLS Interception secrets. | @@ -891,6 +894,7 @@ contributors across the globe, there is almost always someone available to help. | tolerations | list | `[{"operator":"Exists"}]` | Node tolerations for agent scheduling to nodes with taints ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | tunnelPort | int | Port 8472 for VXLAN, Port 6081 for Geneve | Configure VXLAN and Geneve tunnel port. | | tunnelProtocol | string | `"vxlan"` | Tunneling protocol to use in tunneling mode and for ad-hoc tunnels. Possible values: - "" - vxlan - geneve | +| tunnelSourcePortRange | string | 0-0 to let the kernel driver decide the range | Configure VXLAN and Geneve tunnel source port range hint. | | updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":2},"type":"RollingUpdate"}` | Cilium agent update strategy | | upgradeCompatibility | string | `nil` | upgradeCompatibility helps users upgrading to ensure that the configMap for Cilium will not change critical values to ensure continued operation This flag is not required for new installations. For example: '1.7', '1.8', '1.9' | | vtep.cidr | string | `""` | A space separated list of VTEP device CIDRs, for example "1.1.1.0/24 1.1.2.0/24" | diff --git a/packages/system/cilium/charts/cilium/files/cilium-envoy/configmap/bootstrap-config.yaml b/packages/system/cilium/charts/cilium/files/cilium-envoy/configmap/bootstrap-config.yaml index b6438cb6..3a26b3c2 100644 --- a/packages/system/cilium/charts/cilium/files/cilium-envoy/configmap/bootstrap-config.yaml +++ b/packages/system/cilium/charts/cilium/files/cilium-envoy/configmap/bootstrap-config.yaml @@ -7,8 +7,15 @@ staticResources: - name: "envoy-prometheus-metrics-listener" address: socketAddress: - address: "0.0.0.0" + address: {{ .Values.ipv4.enabled | ternary "0.0.0.0" "::" | quote }} portValue: {{ .Values.envoy.prometheus.port }} + {{- if and .Values.ipv4.enabled .Values.ipv6.enabled }} + additionalAddresses: + - address: + socketAddress: + address: "::" + portValue: {{ .Values.envoy.prometheus.port }} + {{- end }} filterChains: - filters: - name: "envoy.filters.network.http_connection_manager" @@ -289,7 +296,7 @@ overloadManager: applicationLogConfig: logFormat: {{- if .Values.envoy.log.format_json }} - jsonFormat: "{{ .Values.envoy.log.format_json | toJson }}" + jsonFormat: {{ .Values.envoy.log.format_json | toJson }} {{- else }} textFormat: "{{ .Values.envoy.log.format }}" {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml index efe748cc..a593db28 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml @@ -232,7 +232,7 @@ spec: resources: {{- toYaml . | trim | nindent 10 }} {{- end }} - {{- if or .Values.prometheus.enabled .Values.hubble.metrics.enabled }} + {{- if or .Values.prometheus.enabled (or .Values.hubble.metrics.enabled .Values.hubble.metrics.dynamic.enabled) }} ports: - name: peer-service containerPort: {{ .Values.hubble.peerService.targetPort }} @@ -364,7 +364,7 @@ spec: mountPath: {{ .Values.kubeConfigPath }} readOnly: true {{- end }} - {{- if and .Values.hubble.enabled .Values.hubble.metrics.enabled .Values.hubble.metrics.tls.enabled }} + {{- if and .Values.hubble.enabled (or .Values.hubble.metrics.enabled .Values.hubble.metrics.dynamic.enabled) .Values.hubble.metrics.tls.enabled }} - name: hubble-metrics-tls mountPath: /var/lib/cilium/tls/hubble-metrics readOnly: true @@ -999,7 +999,7 @@ spec: path: client-ca.crt {{- end }} {{- end }} - {{- if and .Values.hubble.enabled .Values.hubble.metrics.enabled .Values.hubble.metrics.tls.enabled }} + {{- if and .Values.hubble.enabled (or .Values.hubble.metrics.enabled .Values.hubble.metrics.dynamic.enabled) .Values.hubble.metrics.tls.enabled }} - name: hubble-metrics-tls projected: # note: the leading zero means this number is in octal representation: do not remove it diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/rolebinding.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/rolebinding.yaml index 01404e5f..87ffcc94 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/rolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/rolebinding.yaml @@ -39,6 +39,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -62,6 +65,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -85,6 +91,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -104,6 +113,9 @@ metadata: namespace: {{ .Values.bgpControlPlane.secretsNamespace.name | quote }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -123,6 +135,9 @@ metadata: namespace: {{ .Values.tls.secretsNamespace.name | quote }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/service.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/service.yaml index ecccdbe9..8f89eba6 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-agent/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/service.yaml @@ -46,6 +46,9 @@ metadata: k8s-app: cilium app.kubernetes.io/name: cilium-agent app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: clusterIP: None type: ClusterIP diff --git a/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml b/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml index aa461187..07754b67 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-configmap.yaml @@ -403,7 +403,7 @@ data: {{- if .Values.bpf.authMapMax }} # bpf-auth-map-max specifies the maximum number of entries in the auth map - bpf-auth-map-max: {{ .Values.bpf.authMapMax | quote }} + bpf-auth-map-max: "{{ .Values.bpf.authMapMax | int }}" {{- end }} {{- if or $bpfCtTcpMax $bpfCtAnyMax }} # bpf-ct-global-*-max specifies the maximum number of connections @@ -419,34 +419,34 @@ data: # For users upgrading from Cilium 1.2 or earlier, to minimize disruption # during the upgrade process, set bpf-ct-global-tcp-max to 1000000. {{- if $bpfCtTcpMax }} - bpf-ct-global-tcp-max: {{ $bpfCtTcpMax | quote }} + bpf-ct-global-tcp-max: "{{ $bpfCtTcpMax | int }}" {{- end }} {{- if $bpfCtAnyMax }} - bpf-ct-global-any-max: {{ $bpfCtAnyMax | quote }} + bpf-ct-global-any-max: "{{ $bpfCtAnyMax | int }}" {{- end }} {{- end }} {{- if .Values.bpf.ctAccounting }} - bpf-conntrack-accounting: "{{ .Values.bpf.ctAccounting }}" + bpf-conntrack-accounting: "{{ .Values.bpf.ctAccounting | int }}" {{- end }} {{- if .Values.bpf.natMax }} # bpf-nat-global-max specified the maximum number of entries in the # BPF NAT table. - bpf-nat-global-max: "{{ .Values.bpf.natMax }}" + bpf-nat-global-max: "{{ .Values.bpf.natMax | int }}" {{- end }} {{- if .Values.bpf.neighMax }} # bpf-neigh-global-max specified the maximum number of entries in the # BPF neighbor table. - bpf-neigh-global-max: "{{ .Values.bpf.neighMax }}" + bpf-neigh-global-max: "{{ .Values.bpf.neighMax | int }}" {{- end }} {{- if hasKey .Values.bpf "policyMapMax" }} # bpf-policy-map-max specifies the maximum number of entries in endpoint # policy map (per endpoint) - bpf-policy-map-max: "{{ .Values.bpf.policyMapMax }}" + bpf-policy-map-max: "{{ .Values.bpf.policyMapMax | int }}" {{- end }} {{- if hasKey .Values.bpf "lbMapMax" }} # bpf-lb-map-max specifies the maximum number of entries in bpf lb service, # backend and affinity maps. - bpf-lb-map-max: "{{ .Values.bpf.lbMapMax }}" + bpf-lb-map-max: "{{ .Values.bpf.lbMapMax | int }}" {{- end }} {{- if hasKey .Values.bpf "lbExternalClusterIP" }} bpf-lb-external-clusterip: {{ .Values.bpf.lbExternalClusterIP | quote }} @@ -461,6 +461,7 @@ data: bpf-lb-mode-annotation: {{ .Values.bpf.lbModeAnnotation | quote }} {{- end }} + bpf-distributed-lru: {{ .Values.bpf.distributedLRU.enabled | quote }} bpf-events-drop-enabled: {{ .Values.bpf.events.drop.enabled | quote }} bpf-events-policy-verdict-enabled: {{ .Values.bpf.events.policyVerdict.enabled | quote }} bpf-events-trace-enabled: {{ .Values.bpf.events.trace.enabled | quote }} @@ -513,6 +514,9 @@ data: {{- if .Values.tunnelPort }} tunnel-port: {{ .Values.tunnelPort | quote }} {{- end }} +{{- if .Values.tunnelSourcePortRange }} + tunnel-source-port-range: {{ .Values.tunnelSourcePortRange | quote }} +{{- end }} {{- if .Values.serviceNoBackendResponse }} service-no-backend-response: "{{ .Values.serviceNoBackendResponse }}" @@ -927,9 +931,8 @@ data: operator-api-serve-addr: {{ $defaultOperatorApiServeAddr | quote }} {{- end }} -{{- if .Values.hubble.enabled }} - # Enable Hubble gRPC service. enable-hubble: {{ .Values.hubble.enabled | quote }} +{{- if .Values.hubble.enabled }} # UNIX domain socket for Hubble server to listen to. hubble-socket-path: {{ .Values.hubble.socketPath | quote }} {{- if hasKey .Values.hubble "eventQueueSize" }} @@ -941,7 +944,7 @@ data: # Capacity of the buffer to store recent events. hubble-event-buffer-capacity: {{ .Values.hubble.eventBufferCapacity | quote }} {{- end }} -{{- if .Values.hubble.metrics.enabled }} +{{- if or .Values.hubble.metrics.enabled .Values.hubble.metrics.dynamic.enabled}} # Address to expose Hubble metrics (e.g. ":7070"). Metrics server will be disabled if this # field is not set. hubble-metrics-server: ":{{ .Values.hubble.metrics.port }}" @@ -953,14 +956,20 @@ data: hubble-metrics-server-tls-client-ca-files: /var/lib/cilium/tls/hubble-metrics/client-ca.crt {{- end }} {{- end }} +{{- end }} +{{- if .Values.hubble.metrics.enabled }} # A space separated list of metrics to enable. See [0] for available metrics. # # https://github.com/cilium/hubble/blob/master/Documentation/metrics.md hubble-metrics: {{- range .Values.hubble.metrics.enabled }} {{.}} + {{- end}} +{{- if .Values.hubble.metrics.dynamic.enabled }} + hubble-dynamic-metrics-config-path: /dynamic-metrics-config/dynamic-metrics.yaml {{- end }} enable-hubble-open-metrics: {{ .Values.hubble.metrics.enableOpenMetrics | quote }} {{- end }} + {{- if .Values.hubble.redact }} {{- if eq .Values.hubble.redact.enabled true }} # Enables hubble redact capabilities @@ -1004,10 +1013,6 @@ data: hubble-flowlogs-config-path: /flowlog-config/flowlogs.yaml {{- end }} {{- end }} -{{- if .Values.hubble.metrics.dynamic.enabled }} - hubble-dynamic-metrics-config-path: /dynamic-metrics-config/dynamic-metrics.yaml - hubble-metrics-server: ":{{ .Values.hubble.metrics.port }}" -{{- end }} {{- if hasKey .Values.hubble "listenAddress" }} # An additional address for Hubble server to listen to (e.g. ":4244"). hubble-listen-address: {{ .Values.hubble.listenAddress | quote }} @@ -1041,8 +1046,8 @@ data: {{- else }} ipam: {{ $ipam | quote }} {{- end }} -{{- if hasKey .Values.ipam "multiPoolPreAllocation" }} - ipam-multi-pool-pre-allocation: {{ .Values.ipam.multiPoolPreAllocation }} +{{- if .Values.ipam.multiPoolPreAllocation }} + ipam-multi-pool-pre-allocation: {{ .Values.ipam.multiPoolPreAllocation | quote }} {{- end }} {{- if .Values.ipam.ciliumNodeUpdateRate }} @@ -1335,6 +1340,10 @@ data: external-envoy-proxy: {{ include "envoyDaemonSetEnabled" . | quote }} envoy-base-id: {{ .Values.envoy.baseID | quote }} +{{- if .Values.envoy.policyRestoreTimeoutDuration }} + envoy-policy-restore-timeout: {{ .Values.envoy.policyRestoreTimeoutDuration | quote }} +{{- end }} + {{- if .Values.envoy.log.path }} envoy-log: {{ .Values.envoy.log.path | quote }} {{- end }} diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/role.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/role.yaml index 83d42480..8f7acd9f 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/role.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/role.yaml @@ -41,6 +41,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - "" @@ -66,6 +69,9 @@ metadata: {{- end }} labels: app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} rules: - apiGroups: - "" diff --git a/packages/system/cilium/charts/cilium/templates/cilium-operator/rolebinding.yaml b/packages/system/cilium/charts/cilium/templates/cilium-operator/rolebinding.yaml index 8e866e59..c77e39e9 100644 --- a/packages/system/cilium/charts/cilium/templates/cilium-operator/rolebinding.yaml +++ b/packages/system/cilium/charts/cilium/templates/cilium-operator/rolebinding.yaml @@ -7,24 +7,23 @@ kind: RoleBinding metadata: name: cilium-operator-ingress-secrets namespace: {{ .Values.ingressController.secretsNamespace.name | quote }} - {{- with .Values.commonLabels }} labels: + app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} {{- toYaml . | nindent 4 }} - {{- end }} + {{- end }} {{- with .Values.operator.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} - labels: - app.kubernetes.io/part-of: cilium roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: cilium-operator-ingress-secrets subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccounts.operator.name | quote }} - namespace: {{ include "cilium.namespace" . }} +- kind: ServiceAccount + name: {{ .Values.serviceAccounts.operator.name | quote }} + namespace: {{ include "cilium.namespace" . }} {{- end }} {{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create .Values.gatewayAPI.enabled .Values.gatewayAPI.secretsNamespace.sync .Values.gatewayAPI.secretsNamespace.name }} @@ -34,12 +33,15 @@ kind: RoleBinding metadata: name: cilium-operator-gateway-secrets namespace: {{ .Values.gatewayAPI.secretsNamespace.name | quote }} + labels: + app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.operator.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} - labels: - app.kubernetes.io/part-of: cilium roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -57,12 +59,15 @@ kind: RoleBinding metadata: name: cilium-operator-tlsinterception-secrets namespace: {{ .Values.tls.secretsNamespace.name | quote }} + labels: + app.kubernetes.io/part-of: cilium + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.operator.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} - labels: - app.kubernetes.io/part-of: cilium roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/packages/system/cilium/charts/cilium/templates/hubble/servicemonitor.yaml b/packages/system/cilium/charts/cilium/templates/hubble/servicemonitor.yaml index 1f4eccd5..1f3717fa 100644 --- a/packages/system/cilium/charts/cilium/templates/hubble/servicemonitor.yaml +++ b/packages/system/cilium/charts/cilium/templates/hubble/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.hubble.enabled .Values.hubble.metrics.enabled .Values.hubble.metrics.serviceMonitor.enabled }} +{{- if and .Values.hubble.enabled (or .Values.hubble.metrics.enabled .Values.hubble.metrics.dynamic.enabled) .Values.hubble.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/service.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/service.yaml index 376bb628..002863bc 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/service.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/service.yaml @@ -4,10 +4,13 @@ kind: Service metadata: name: spire-server namespace: {{ .Values.authentication.mutual.spire.install.namespace }} - {{- with .Values.commonLabels }} labels: + {{- with .Values.commonLabels }} {{- toYaml . | nindent 4 }} - {{- end }} + {{- end }} + {{- with .Values.authentication.mutual.spire.install.server.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.authentication.mutual.spire.install.server.service.annotations .Values.authentication.mutual.spire.annotations }} annotations: {{- with .Values.authentication.mutual.spire.annotations }} @@ -17,10 +20,6 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} - {{- with .Values.authentication.mutual.spire.install.server.service.labels }} - labels: - {{- toYaml . | nindent 8 }} - {{- end }} spec: type: {{ .Values.authentication.mutual.spire.install.server.service.type }} ports: diff --git a/packages/system/cilium/charts/cilium/templates/spire/server/statefulset.yaml b/packages/system/cilium/charts/cilium/templates/spire/server/statefulset.yaml index b515eadf..3b243fc8 100644 --- a/packages/system/cilium/charts/cilium/templates/spire/server/statefulset.yaml +++ b/packages/system/cilium/charts/cilium/templates/spire/server/statefulset.yaml @@ -4,10 +4,6 @@ kind: StatefulSet metadata: name: spire-server namespace: {{ .Values.authentication.mutual.spire.install.namespace }} - {{- with .Values.commonLabels }} - labels: - {{- toYaml . | nindent 4 }} - {{- end }} {{- if or .Values.authentication.mutual.spire.install.server.annotations .Values.authentication.mutual.spire.annotations }} annotations: {{- with .Values.authentication.mutual.spire.annotations }} @@ -19,9 +15,12 @@ metadata: {{- end }} labels: app: spire-server - {{- with .Values.authentication.mutual.spire.install.server.labels }} + {{- with .Values.commonLabels }} {{- toYaml . | nindent 4 }} - {{- end }} + {{- end }} + {{- with .Values.authentication.mutual.spire.install.server.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: 1 selector: diff --git a/packages/system/cilium/charts/cilium/values.schema.json b/packages/system/cilium/charts/cilium/values.schema.json index 634e6fc8..b84366a1 100644 --- a/packages/system/cilium/charts/cilium/values.schema.json +++ b/packages/system/cilium/charts/cilium/values.schema.json @@ -519,6 +519,14 @@ "disableExternalIPMitigation": { "type": "boolean" }, + "distributedLRU": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, "enableTCX": { "type": "boolean" }, @@ -2110,6 +2118,12 @@ }, "type": "object" }, + "policyRestoreTimeoutDuration": { + "type": [ + "null", + "string" + ] + }, "priorityClassName": { "type": [ "null", @@ -5462,6 +5476,9 @@ "tunnelProtocol": { "type": "string" }, + "tunnelSourcePortRange": { + "type": "string" + }, "updateStrategy": { "properties": { "rollingUpdate": { diff --git a/packages/system/cilium/charts/cilium/values.yaml b/packages/system/cilium/charts/cilium/values.yaml index 0668966f..8a84dfe8 100644 --- a/packages/system/cilium/charts/cilium/values.yaml +++ b/packages/system/cilium/charts/cilium/values.yaml @@ -191,10 +191,10 @@ image: # @schema override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.17.1" + tag: "v1.17.2" pullPolicy: "IfNotPresent" # cilium-digest - digest: "sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866" + digest: "sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1" useDigest: true # -- Scheduling configurations for cilium pods scheduling: @@ -495,6 +495,13 @@ bpf: # tracking table. # @default -- `262144` ctAnyMax: ~ + # -- Control to use a distributed per-CPU backend memory for the core BPF LRU maps + # which Cilium uses. This improves performance significantly, but it is also + # recommended to increase BPF map sizing along with that. + distributedLRU: + # -- Enable distributed LRU backend memory. For compatibility with existing + # installations it is off by default. + enabled: false # -- Control events generated by the Cilium datapath exposed to Cilium monitor and Hubble. # Helm configuration for BPF events map rate limiting is experimental and might change # in upcoming releases. @@ -1433,9 +1440,9 @@ hubble: # @schema override: ~ repository: "quay.io/cilium/hubble-relay" - tag: "v1.17.1" + tag: "v1.17.2" # hubble-relay-digest - digest: "sha256:397e8fbb188157f744390a7b272a1dec31234e605bcbe22d8919a166d202a3dc" + digest: "sha256:42a8db5c256c516cacb5b8937c321b2373ad7a6b0a1e5a5120d5028433d586cc" useDigest: true pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods @@ -1684,8 +1691,8 @@ hubble: # @schema override: ~ repository: "quay.io/cilium/hubble-ui-backend" - tag: "v0.13.1" - digest: "sha256:0e0eed917653441fded4e7cdb096b7be6a3bddded5a2dd10812a27b1fc6ed95b" + tag: "v0.13.2" + digest: "sha256:a034b7e98e6ea796ed26df8f4e71f83fc16465a19d166eff67a03b822c0bfa15" useDigest: true pullPolicy: "IfNotPresent" # -- Hubble-ui backend security context. @@ -1718,8 +1725,8 @@ hubble: # @schema override: ~ repository: "quay.io/cilium/hubble-ui" - tag: "v0.13.1" - digest: "sha256:e2e9313eb7caf64b0061d9da0efbdad59c6c461f6ca1752768942bfeda0796c6" + tag: "v0.13.2" + digest: "sha256:9e37c1296b802830834cc87342a9182ccbb71ffebb711971e849221bd9d59392" useDigest: true pullPolicy: "IfNotPresent" # -- Hubble-ui frontend security context. @@ -2332,6 +2339,11 @@ envoy: xffNumTrustedHopsL7PolicyIngress: 0 # -- Number of trusted hops regarding the x-forwarded-for and related HTTP headers for the egress L7 policy enforcement Envoy listeners. xffNumTrustedHopsL7PolicyEgress: 0 + # @schema + # type: [null, string] + # @schema + # -- Max duration to wait for endpoint policies to be restored on restart. Default "3m". + policyRestoreTimeoutDuration: null # -- Envoy container image. image: # @schema @@ -2339,9 +2351,9 @@ envoy: # @schema override: ~ repository: "quay.io/cilium/cilium-envoy" - tag: "v1.31.5-1739264036-958bef243c6c66fcfd73ca319f2eb49fff1eb2ae" + tag: "v1.31.5-1741765102-efed3defcc70ab5b263a0fc44c93d316b846a211" pullPolicy: "IfNotPresent" - digest: "sha256:fc708bd36973d306412b2e50c924cd8333de67e0167802c9b48506f9d772f521" + digest: "sha256:377c78c13d2731f3720f931721ee309159e782d882251709cb0fac3b42c03f4b" useDigest: true # -- Additional containers added to the cilium Envoy DaemonSet. extraContainers: [] @@ -2605,7 +2617,7 @@ tls: # type: [null, boolean] # @schema # -- Enable synchronization of Secrets for TLS Interception. If disabled and - # tls.secretsBackend is set to 'k8s', then secrets will be read directly by the agent. + # tls.readSecretsOnlyFromSecretsNamespace is set to 'false', then secrets will be read directly by the agent. enabled: ~ # -- Base64 encoded PEM values for the CA certificate and private key. # This can be used as common CA to generate certificates used by hubble and clustermesh components. @@ -2658,6 +2670,9 @@ routingMode: "" # -- Configure VXLAN and Geneve tunnel port. # @default -- Port 8472 for VXLAN, Port 6081 for Geneve tunnelPort: 0 +# -- Configure VXLAN and Geneve tunnel source port range hint. +# @default -- 0-0 to let the kernel driver decide the range +tunnelSourcePortRange: 0-0 # -- Configure what the response should be to traffic for a service without backends. # Possible values: # - reject (default) @@ -2693,15 +2708,15 @@ operator: # @schema override: ~ repository: "quay.io/cilium/operator" - tag: "v1.17.1" + tag: "v1.17.2" # operator-generic-digest - genericDigest: "sha256:628becaeb3e4742a1c36c4897721092375891b58bae2bfcae48bbf4420aaee97" + genericDigest: "sha256:81f2d7198366e8dec2903a3a8361e4c68d47d19c68a0d42f0b7b6e3f0523f249" # operator-azure-digest - azureDigest: "sha256:b9e3e3994f5fcf1832e1f344f3b3b544832851b1990f124b2c2c68e3ffe04a9b" + azureDigest: "sha256:455fb88b558b1b8ba09d63302ccce76b4930581be89def027184ab04335c20e0" # operator-aws-digest - awsDigest: "sha256:da74748057c836471bfdc0e65bb29ba0edb82916ec4b99f6a4f002b2fcc849d6" + awsDigest: "sha256:955096183e22a203bbb198ca66e3266ce4dbc2b63f1a2fbd03f9373dcd97893c" # operator-alibabacloud-digest - alibabacloudDigest: "sha256:034b479fba340f9d98510e509c7ce1c36e8889a109d5f1c2240fcb0942bc772c" + alibabacloudDigest: "sha256:7cb8c23417f65348bb810fe92fb05b41d926f019d77442f3fa1058d17fea7ffe" useDigest: true pullPolicy: "IfNotPresent" suffix: "" @@ -2976,9 +2991,9 @@ preflight: # @schema override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.17.1" + tag: "v1.17.2" # cilium-digest - digest: "sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866" + digest: "sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1" useDigest: true pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. @@ -3125,9 +3140,9 @@ clustermesh: # @schema override: ~ repository: "quay.io/cilium/clustermesh-apiserver" - tag: "v1.17.1" + tag: "v1.17.2" # clustermesh-apiserver-digest - digest: "sha256:1de22f46bfdd638de72c2224d5223ddc3bbeacda1803cb75799beca3d4bf7a4c" + digest: "sha256:981250ebdc6e66e190992eaf75cfca169113a8f08d5c3793fe15822176980398" useDigest: true pullPolicy: "IfNotPresent" # -- TCP port for the clustermesh-apiserver health API. @@ -3634,7 +3649,7 @@ authentication: override: ~ repository: "docker.io/library/busybox" tag: "1.37.0" - digest: "sha256:a5d0ce49aa801d475da48f8cb163c354ab95cab073cd3c138bd458fc8257fbf1" + digest: "sha256:498a000f370d8c37927118ed80afe8adc38d1edcbfc071627d17b25c88efcab0" useDigest: true pullPolicy: "IfNotPresent" # SPIRE agent configuration diff --git a/packages/system/cilium/charts/cilium/values.yaml.tmpl b/packages/system/cilium/charts/cilium/values.yaml.tmpl index 4a4b7eb3..a894e4f6 100644 --- a/packages/system/cilium/charts/cilium/values.yaml.tmpl +++ b/packages/system/cilium/charts/cilium/values.yaml.tmpl @@ -500,6 +500,13 @@ bpf: # tracking table. # @default -- `262144` ctAnyMax: ~ + # -- Control to use a distributed per-CPU backend memory for the core BPF LRU maps + # which Cilium uses. This improves performance significantly, but it is also + # recommended to increase BPF map sizing along with that. + distributedLRU: + # -- Enable distributed LRU backend memory. For compatibility with existing + # installations it is off by default. + enabled: false # -- Control events generated by the Cilium datapath exposed to Cilium monitor and Hubble. # Helm configuration for BPF events map rate limiting is experimental and might change # in upcoming releases. @@ -2351,6 +2358,11 @@ envoy: xffNumTrustedHopsL7PolicyIngress: 0 # -- Number of trusted hops regarding the x-forwarded-for and related HTTP headers for the egress L7 policy enforcement Envoy listeners. xffNumTrustedHopsL7PolicyEgress: 0 + # @schema + # type: [null, string] + # @schema + # -- Max duration to wait for endpoint policies to be restored on restart. Default "3m". + policyRestoreTimeoutDuration: null # -- Envoy container image. image: # @schema @@ -2626,7 +2638,7 @@ tls: # type: [null, boolean] # @schema # -- Enable synchronization of Secrets for TLS Interception. If disabled and - # tls.secretsBackend is set to 'k8s', then secrets will be read directly by the agent. + # tls.readSecretsOnlyFromSecretsNamespace is set to 'false', then secrets will be read directly by the agent. enabled: ~ # -- Base64 encoded PEM values for the CA certificate and private key. # This can be used as common CA to generate certificates used by hubble and clustermesh components. @@ -2679,6 +2691,9 @@ routingMode: "" # -- Configure VXLAN and Geneve tunnel port. # @default -- Port 8472 for VXLAN, Port 6081 for Geneve tunnelPort: 0 +# -- Configure VXLAN and Geneve tunnel source port range hint. +# @default -- 0-0 to let the kernel driver decide the range +tunnelSourcePortRange: 0-0 # -- Configure what the response should be to traffic for a service without backends. # Possible values: # - reject (default) diff --git a/packages/system/cilium/images/cilium/Dockerfile b/packages/system/cilium/images/cilium/Dockerfile index 9ea72945..7d855c32 100644 --- a/packages/system/cilium/images/cilium/Dockerfile +++ b/packages/system/cilium/images/cilium/Dockerfile @@ -1,2 +1,2 @@ -ARG VERSION=v1.17.1 +ARG VERSION=v1.17.2 FROM quay.io/cilium/cilium:${VERSION} diff --git a/packages/system/cilium/values.yaml b/packages/system/cilium/values.yaml index 476fc0b4..32e14b1d 100644 --- a/packages/system/cilium/values.yaml +++ b/packages/system/cilium/values.yaml @@ -1,5 +1,7 @@ cilium: kubeProxyReplacement: true + hostFirewall: + enabled: true hubble: enabled: false externalIPs: @@ -12,7 +14,7 @@ cilium: mode: "kubernetes" image: repository: ghcr.io/cozystack/cozystack/cilium - tag: 1.17.1 - digest: "sha256:bb2ad64dfc01f774b429a96108527740c1f08230cac4b848a4939627dfce7a4a" + tag: 1.17.2 + digest: "sha256:bc6a8ec326188960ac36584873e07801bcbc56cb862e2ec8bf87a7926f66abf1" envoy: enabled: false diff --git a/packages/system/cozystack-api/values.yaml b/packages/system/cozystack-api/values.yaml index 52713f02..cd84a040 100644 --- a/packages/system/cozystack-api/values.yaml +++ b/packages/system/cozystack-api/values.yaml @@ -1,2 +1,2 @@ cozystackAPI: - image: ghcr.io/cozystack/cozystack/cozystack-api:v0.28.0@sha256:718d6fbbb9806e3704c42b48ab28547da0618539761c5b2fa8740043966d7073 + image: ghcr.io/cozystack/cozystack/cozystack-api:v0.30.0@sha256:7ef370dc8aeac0a6b2a50b7d949f070eb21d267ba0a70e7fc7c1564bfe6d4f83 diff --git a/packages/system/cozystack-controller/templates/rbac.yaml b/packages/system/cozystack-controller/templates/rbac.yaml index be3f28f8..af3dae33 100644 --- a/packages/system/cozystack-controller/templates/rbac.yaml +++ b/packages/system/cozystack-controller/templates/rbac.yaml @@ -4,7 +4,7 @@ metadata: name: cozystack-controller rules: - apiGroups: [""] - resources: ["configmaps", "pods", "namespaces", "nodes", "services", "persistentvolumes"] + resources: ["configmaps", "pods", "namespaces", "nodes", "services", "persistentvolumes", "persistentvolumeclaims"] verbs: ["get", "watch", "list"] - apiGroups: ['cozystack.io'] resources: ['*'] diff --git a/packages/system/cozystack-controller/values.yaml b/packages/system/cozystack-controller/values.yaml index 50fa7bc9..fbc3e290 100644 --- a/packages/system/cozystack-controller/values.yaml +++ b/packages/system/cozystack-controller/values.yaml @@ -1,5 +1,5 @@ cozystackController: - image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.28.0@sha256:6f6d356c4efcbb4faa1e636d3bda129626773894ce0c4d55a80a552ab9dbd06a + image: ghcr.io/cozystack/cozystack/cozystack-controller:v0.30.0@sha256:5b87a8ea0dcde1671f44532c1ee6db11a5dd922d1a009078ecf6495ec193e52a debug: false disableTelemetry: false - cozystackVersion: "v0.28.0" + cozystackVersion: "v0.30.0" diff --git a/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml b/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml index b1de4aea..24f1bcf8 100644 --- a/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml +++ b/packages/system/dashboard/charts/kubeapps/templates/dashboard/configmap.yaml @@ -76,7 +76,7 @@ data: "kubeappsNamespace": {{ .Release.Namespace | quote }}, "helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }}, "carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }}, - "appVersion": "v0.28.0", + "appVersion": "v0.30.0", "authProxyEnabled": {{ .Values.authProxy.enabled }}, "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }}, "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }}, diff --git a/packages/system/dashboard/values.yaml b/packages/system/dashboard/values.yaml index 2b02cf89..71da7e38 100644 --- a/packages/system/dashboard/values.yaml +++ b/packages/system/dashboard/values.yaml @@ -18,14 +18,14 @@ kubeapps: image: registry: ghcr.io/cozystack/cozystack repository: dashboard - tag: v0.28.0 - digest: "sha256:ebef6a0c4b0c9f0857fc82699abcaa7a135d18b5dafe129febc0bf90707f2f48" + tag: v0.30.0 + digest: "sha256:a83fe4654f547469cfa469a02bda1273c54bca103a41eb007fdb2e18a7a91e93" kubeappsapis: image: registry: ghcr.io/cozystack/cozystack repository: kubeapps-apis - tag: v0.28.0 - digest: "sha256:281093b1e80221074188fdfea97775494de1cdef16974ee1f3c3d47b313eee0e" + tag: v0.30.0 + digest: "sha256:5019c8fc4a5d4437cae32a635303ceebcb489c582092fd4bcfc04353b4582233" pluginConfig: flux: packages: diff --git a/packages/system/gpu-operator/Chart.yaml b/packages/system/gpu-operator/Chart.yaml new file mode 100644 index 00000000..7403b89c --- /dev/null +++ b/packages/system/gpu-operator/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozy-gpu-operator +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/gpu-operator/Makefile b/packages/system/gpu-operator/Makefile new file mode 100644 index 00000000..286451f3 --- /dev/null +++ b/packages/system/gpu-operator/Makefile @@ -0,0 +1,11 @@ +export NAME=gpu-operator +export NAMESPACE=cozy-$(NAME) + +include ../../../scripts/common-envs.mk +include ../../../scripts/package.mk + +update: + rm -rf charts + helm repo add nvidia https://helm.ngc.nvidia.com/nvidia + helm repo update nvidia + helm pull nvidia/gpu-operator --untar --untardir charts diff --git a/packages/system/gpu-operator/charts/gpu-operator/.helmignore b/packages/system/gpu-operator/charts/gpu-operator/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packages/system/gpu-operator/charts/gpu-operator/Chart.lock b/packages/system/gpu-operator/charts/gpu-operator/Chart.lock new file mode 100644 index 00000000..14674306 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: node-feature-discovery + repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts + version: 0.17.2 +digest: sha256:4c55d30d958027ef8997a2976449326de3c90049025c3ebb9bee017cad32cc3f +generated: "2025-02-25T09:08:49.128088-08:00" diff --git a/packages/system/gpu-operator/charts/gpu-operator/Chart.yaml b/packages/system/gpu-operator/charts/gpu-operator/Chart.yaml new file mode 100644 index 00000000..f14fc2ad --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +appVersion: v25.3.0 +dependencies: +- condition: nfd.enabled + name: node-feature-discovery + repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts + version: v0.17.2 +description: NVIDIA GPU Operator creates/configures/manages GPUs atop Kubernetes +home: https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/overview.html +icon: https://assets.nvidiagrid.net/ngc/logos/GPUoperator.png +keywords: +- gpu +- cuda +- compute +- operator +- deep learning +- monitoring +- tesla +kubeVersion: '>= 1.16.0-0' +name: gpu-operator +sources: +- https://github.com/NVIDIA/gpu-operator +version: v25.3.0 diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/.helmignore b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/Chart.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/Chart.yaml new file mode 100644 index 00000000..f62d84c2 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v2 +appVersion: v0.17.2 +description: 'Detects hardware features available on each node in a Kubernetes cluster, + and advertises those features using node labels. ' +home: https://github.com/kubernetes-sigs/node-feature-discovery +keywords: +- feature-discovery +- feature-detection +- node-labels +name: node-feature-discovery +sources: +- https://github.com/kubernetes-sigs/node-feature-discovery +type: application +version: 0.17.2 diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/README.md b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/README.md new file mode 100644 index 00000000..02f7b170 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/README.md @@ -0,0 +1,10 @@ +# Node Feature Discovery + +Node Feature Discovery (NFD) is a Kubernetes add-on for detecting hardware +features and system configuration. Detected features are advertised as node +labels. NFD provides flexible configuration and extension points for a wide +range of vendor and application specific node labeling needs. + +See +[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.17/deployment/helm.html) +for deployment instructions. diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/crds/nfd-api-crds.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/crds/nfd-api-crds.yaml new file mode 100644 index 00000000..9f62da6f --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/crds/nfd-api-crds.yaml @@ -0,0 +1,711 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: nodefeatures.nfd.k8s-sigs.io +spec: + group: nfd.k8s-sigs.io + names: + kind: NodeFeature + listKind: NodeFeatureList + plural: nodefeatures + singular: nodefeature + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + NodeFeature resource holds the features discovered for one node in the + cluster. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Specification of the NodeFeature, containing features discovered + for a node. + properties: + features: + description: Features is the full "raw" features data that has been + discovered. + properties: + attributes: + additionalProperties: + description: AttributeFeatureSet is a set of features having + string value. + properties: + elements: + additionalProperties: + type: string + description: Individual features of the feature set. + type: object + required: + - elements + type: object + description: Attributes contains all the attribute-type features + of the node. + type: object + flags: + additionalProperties: + description: FlagFeatureSet is a set of simple features only + containing names without values. + properties: + elements: + additionalProperties: + description: |- + Nil is a dummy empty struct for protobuf compatibility. + NOTE: protobuf definitions have been removed but this is kept for API compatibility. + type: object + description: Individual features of the feature set. + type: object + required: + - elements + type: object + description: Flags contains all the flag-type features of the + node. + type: object + instances: + additionalProperties: + description: InstanceFeatureSet is a set of features each of + which is an instance having multiple attributes. + properties: + elements: + description: Individual features of the feature set. + items: + description: InstanceFeature represents one instance of + a complex features, e.g. a device. + properties: + attributes: + additionalProperties: + type: string + description: Attributes of the instance feature. + type: object + required: + - attributes + type: object + type: array + required: + - elements + type: object + description: Instances contains all the instance-type features + of the node. + type: object + type: object + labels: + additionalProperties: + type: string + description: Labels is the set of node labels that are requested to + be created. + type: object + type: object + required: + - spec + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: nodefeaturegroups.nfd.k8s-sigs.io +spec: + group: nfd.k8s-sigs.io + names: + kind: NodeFeatureGroup + listKind: NodeFeatureGroupList + plural: nodefeaturegroups + shortNames: + - nfg + singular: nodefeaturegroup + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: NodeFeatureGroup resource holds Node pools by featureGroup + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the rules to be evaluated. + properties: + featureGroupRules: + description: List of rules to evaluate to determine nodes that belong + in this group. + items: + description: GroupRule defines a rule for nodegroup filtering. + properties: + matchAny: + description: MatchAny specifies a list of matchers one of which + must match. + items: + description: MatchAnyElem specifies one sub-matcher of MatchAny. + properties: + matchFeatures: + description: MatchFeatures specifies a set of matcher + terms all of which must match. + items: + description: |- + FeatureMatcherTerm defines requirements against one feature set. All + requirements (specified as MatchExpressions) are evaluated against each + element in the feature set. + properties: + feature: + description: Feature is the name of the feature + set to match against. + type: string + matchExpressions: + additionalProperties: + description: |- + MatchExpression specifies an expression to evaluate against a set of input + values. It contains an operator that is applied when matching the input and + an array of values that the operator evaluates the input against. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Lt + - GtLt + - IsTrue + - IsFalse + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + description: |- + MatchExpressions is the set of per-element expressions evaluated. These + match against the value of the specified elements. + type: object + matchName: + description: |- + MatchName in an expression that is matched against the name of each + element in the feature set. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Lt + - GtLt + - IsTrue + - IsFalse + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + required: + - feature + type: object + type: array + required: + - matchFeatures + type: object + type: array + matchFeatures: + description: MatchFeatures specifies a set of matcher terms + all of which must match. + items: + description: |- + FeatureMatcherTerm defines requirements against one feature set. All + requirements (specified as MatchExpressions) are evaluated against each + element in the feature set. + properties: + feature: + description: Feature is the name of the feature set to + match against. + type: string + matchExpressions: + additionalProperties: + description: |- + MatchExpression specifies an expression to evaluate against a set of input + values. It contains an operator that is applied when matching the input and + an array of values that the operator evaluates the input against. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Lt + - GtLt + - IsTrue + - IsFalse + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + description: |- + MatchExpressions is the set of per-element expressions evaluated. These + match against the value of the specified elements. + type: object + matchName: + description: |- + MatchName in an expression that is matched against the name of each + element in the feature set. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Lt + - GtLt + - IsTrue + - IsFalse + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + required: + - feature + type: object + type: array + name: + description: Name of the rule. + type: string + required: + - name + type: object + type: array + required: + - featureGroupRules + type: object + status: + description: |- + Status of the NodeFeatureGroup after the most recent evaluation of the + specification. + properties: + nodes: + description: Nodes is a list of FeatureGroupNode in the cluster that + match the featureGroupRules + items: + properties: + name: + description: Name of the node. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: nodefeaturerules.nfd.k8s-sigs.io +spec: + group: nfd.k8s-sigs.io + names: + kind: NodeFeatureRule + listKind: NodeFeatureRuleList + plural: nodefeaturerules + shortNames: + - nfr + singular: nodefeaturerule + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + NodeFeatureRule resource specifies a configuration for feature-based + customization of node objects, such as node labeling. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the rules to be evaluated. + properties: + rules: + description: Rules is a list of node customization rules. + items: + description: Rule defines a rule for node customization such as + labeling. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to create if the rule matches. + type: object + extendedResources: + additionalProperties: + type: string + description: ExtendedResources to create if the rule matches. + type: object + labels: + additionalProperties: + type: string + description: Labels to create if the rule matches. + type: object + labelsTemplate: + description: |- + LabelsTemplate specifies a template to expand for dynamically generating + multiple labels. Data (after template expansion) must be keys with an + optional value ([=]) separated by newlines. + type: string + matchAny: + description: MatchAny specifies a list of matchers one of which + must match. + items: + description: MatchAnyElem specifies one sub-matcher of MatchAny. + properties: + matchFeatures: + description: MatchFeatures specifies a set of matcher + terms all of which must match. + items: + description: |- + FeatureMatcherTerm defines requirements against one feature set. All + requirements (specified as MatchExpressions) are evaluated against each + element in the feature set. + properties: + feature: + description: Feature is the name of the feature + set to match against. + type: string + matchExpressions: + additionalProperties: + description: |- + MatchExpression specifies an expression to evaluate against a set of input + values. It contains an operator that is applied when matching the input and + an array of values that the operator evaluates the input against. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Lt + - GtLt + - IsTrue + - IsFalse + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + description: |- + MatchExpressions is the set of per-element expressions evaluated. These + match against the value of the specified elements. + type: object + matchName: + description: |- + MatchName in an expression that is matched against the name of each + element in the feature set. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Lt + - GtLt + - IsTrue + - IsFalse + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + required: + - feature + type: object + type: array + required: + - matchFeatures + type: object + type: array + matchFeatures: + description: MatchFeatures specifies a set of matcher terms + all of which must match. + items: + description: |- + FeatureMatcherTerm defines requirements against one feature set. All + requirements (specified as MatchExpressions) are evaluated against each + element in the feature set. + properties: + feature: + description: Feature is the name of the feature set to + match against. + type: string + matchExpressions: + additionalProperties: + description: |- + MatchExpression specifies an expression to evaluate against a set of input + values. It contains an operator that is applied when matching the input and + an array of values that the operator evaluates the input against. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Lt + - GtLt + - IsTrue + - IsFalse + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + description: |- + MatchExpressions is the set of per-element expressions evaluated. These + match against the value of the specified elements. + type: object + matchName: + description: |- + MatchName in an expression that is matched against the name of each + element in the feature set. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Lt + - GtLt + - IsTrue + - IsFalse + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + required: + - feature + type: object + type: array + name: + description: Name of the rule. + type: string + taints: + description: Taints to create if the rule matches. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + vars: + additionalProperties: + type: string + description: |- + Vars is the variables to store if the rule matches. Variables do not + directly inflict any changes in the node object. However, they can be + referenced from other rules enabling more complex rule hierarchies, + without exposing intermediary output values as labels. + type: object + varsTemplate: + description: |- + VarsTemplate specifies a template to expand for dynamically generating + multiple variables. Data (after template expansion) must be keys with an + optional value ([=]) separated by newlines. + type: string + required: + - name + type: object + type: array + required: + - rules + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/_helpers.tpl b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/_helpers.tpl new file mode 100644 index 00000000..928ece78 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/_helpers.tpl @@ -0,0 +1,107 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "node-feature-discovery.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "node-feature-discovery.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "node-feature-discovery.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "node-feature-discovery.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "node-feature-discovery.labels" -}} +helm.sh/chart: {{ include "node-feature-discovery.chart" . }} +{{ include "node-feature-discovery.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "node-feature-discovery.selectorLabels" -}} +app.kubernetes.io/name: {{ include "node-feature-discovery.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account which the nfd master will use +*/}} +{{- define "node-feature-discovery.master.serviceAccountName" -}} +{{- if .Values.master.serviceAccount.create -}} + {{ default (include "node-feature-discovery.fullname" .) .Values.master.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.master.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account which the nfd worker will use +*/}} +{{- define "node-feature-discovery.worker.serviceAccountName" -}} +{{- if .Values.worker.serviceAccount.create -}} + {{ default (printf "%s-worker" (include "node-feature-discovery.fullname" .)) .Values.worker.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.worker.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account which topologyUpdater will use +*/}} +{{- define "node-feature-discovery.topologyUpdater.serviceAccountName" -}} +{{- if .Values.topologyUpdater.serviceAccount.create -}} + {{ default (printf "%s-topology-updater" (include "node-feature-discovery.fullname" .)) .Values.topologyUpdater.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.topologyUpdater.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account which nfd-gc will use +*/}} +{{- define "node-feature-discovery.gc.serviceAccountName" -}} +{{- if .Values.gc.serviceAccount.create -}} + {{ default (printf "%s-gc" (include "node-feature-discovery.fullname" .)) .Values.gc.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.gc.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/clusterrole.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/clusterrole.yaml new file mode 100644 index 00000000..ea6e3e30 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/clusterrole.yaml @@ -0,0 +1,140 @@ +{{- if and .Values.master.enable .Values.master.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "node-feature-discovery.fullname" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - watch + - list +- apiGroups: + - "" + resources: + - nodes + - nodes/status + verbs: + - get + - patch + - update + - list +- apiGroups: + - nfd.k8s-sigs.io + resources: + - nodefeatures + - nodefeaturerules + - nodefeaturegroups + verbs: + - get + - list + - watch +- apiGroups: + - nfd.k8s-sigs.io + resources: + - nodefeaturegroups/status + verbs: + - patch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - "nfd-master.nfd.kubernetes.io" + verbs: + - get + - update +{{- end }} + +{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-topology-updater + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - nodes/proxy + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - topology.node.k8s.io + resources: + - noderesourcetopologies + verbs: + - create + - get + - update +{{- end }} + +{{- if and .Values.gc.enable .Values.gc.rbac.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-gc + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes/proxy + verbs: + - get +- apiGroups: + - topology.node.k8s.io + resources: + - noderesourcetopologies + verbs: + - delete + - list +- apiGroups: + - nfd.k8s-sigs.io + resources: + - nodefeatures + verbs: + - delete + - list +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/clusterrolebinding.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..8331019d --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/clusterrolebinding.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.master.enable .Values.master.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "node-feature-discovery.fullname" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "node-feature-discovery.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "node-feature-discovery.master.serviceAccountName" . }} + namespace: {{ include "node-feature-discovery.namespace" . }} +{{- end }} + +{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-topology-updater + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "node-feature-discovery.fullname" . }}-topology-updater +subjects: +- kind: ServiceAccount + name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }} + namespace: {{ include "node-feature-discovery.namespace" . }} +{{- end }} + +{{- if and .Values.gc.enable .Values.gc.rbac.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-gc + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "node-feature-discovery.fullname" . }}-gc +subjects: +- kind: ServiceAccount + name: {{ include "node-feature-discovery.gc.serviceAccountName" . }} + namespace: {{ include "node-feature-discovery.namespace" . }} +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/master.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/master.yaml new file mode 100644 index 00000000..da3ca240 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/master.yaml @@ -0,0 +1,170 @@ +{{- if .Values.master.enable }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-master + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + role: master + {{- with .Values.master.deploymentAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.master.replicaCount }} + revisionHistoryLimit: {{ .Values.master.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} + role: master + template: + metadata: + labels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} + role: master + annotations: + checksum/config: {{ include (print $.Template.BasePath "/nfd-master-conf.yaml") . | sha256sum }} + {{- with .Values.master.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "node-feature-discovery.master.serviceAccountName" . }} + enableServiceLinks: false + securityContext: + {{- toYaml .Values.master.podSecurityContext | nindent 8 }} + hostNetwork: {{ .Values.master.hostNetwork }} + containers: + - name: master + securityContext: + {{- toYaml .Values.master.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + startupProbe: + grpc: + port: {{ .Values.master.healthPort | default "8082" }} + {{- with .Values.master.startupProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.master.startupProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.master.startupProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.master.startupProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + livenessProbe: + grpc: + port: {{ .Values.master.healthPort | default "8082" }} + {{- with .Values.master.livenessProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.master.livenessProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.master.livenessProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.master.livenessProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + readinessProbe: + grpc: + port: {{ .Values.master.healthPort | default "8082" }} + {{- with .Values.master.readinessProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.master.readinessProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.master.readinessProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.master.readinessProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + {{- with .Values.master.readinessProbe.successThreshold }} + successThreshold: {{ . }} + {{- end }} + ports: + - containerPort: {{ .Values.master.metricsPort | default "8081" }} + name: metrics + - containerPort: {{ .Values.master.healthPort | default "8082" }} + name: health + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- with .Values.master.extraEnvs }} + {{- toYaml . | nindent 8 }} + {{- end}} + command: + - "nfd-master" + resources: + {{- toYaml .Values.master.resources | nindent 12 }} + args: + {{- if .Values.master.instance | empty | not }} + - "-instance={{ .Values.master.instance }}" + {{- end }} + - "-enable-leader-election" + {{- if .Values.master.extraLabelNs | empty | not }} + - "-extra-label-ns={{- join "," .Values.master.extraLabelNs }}" + {{- end }} + {{- if .Values.master.denyLabelNs | empty | not }} + - "-deny-label-ns={{- join "," .Values.master.denyLabelNs }}" + {{- end }} + {{- if .Values.master.enableTaints }} + - "-enable-taints" + {{- end }} + {{- if .Values.master.featureRulesController | kindIs "invalid" | not }} + - "-featurerules-controller={{ .Values.master.featureRulesController }}" + {{- end }} + {{- if .Values.master.resyncPeriod }} + - "-resync-period={{ .Values.master.resyncPeriod }}" + {{- end }} + {{- if .Values.master.nfdApiParallelism | empty | not }} + - "-nfd-api-parallelism={{ .Values.master.nfdApiParallelism }}" + {{- end }} + # Go over featureGates and add the feature-gate flag + {{- range $key, $value := .Values.featureGates }} + - "-feature-gates={{ $key }}={{ $value }}" + {{- end }} + - "-metrics={{ .Values.master.metricsPort | default "8081" }}" + - "-grpc-health={{ .Values.master.healthPort | default "8082" }}" + {{- with .Values.master.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: nfd-master-conf + mountPath: "/etc/kubernetes/node-feature-discovery" + readOnly: true + volumes: + - name: nfd-master-conf + configMap: + name: {{ include "node-feature-discovery.fullname" . }}-master-conf + items: + - key: nfd-master.conf + path: nfd-master.conf + {{- with .Values.master.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/nfd-gc.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/nfd-gc.yaml new file mode 100644 index 00000000..3642aa64 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/nfd-gc.yaml @@ -0,0 +1,88 @@ +{{- if and .Values.gc.enable -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-gc + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + role: gc + {{- with .Values.gc.deploymentAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.gc.replicaCount | default 1 }} + revisionHistoryLimit: {{ .Values.gc.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} + role: gc + template: + metadata: + labels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} + role: gc + {{- with .Values.gc.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "node-feature-discovery.gc.serviceAccountName" . }} + dnsPolicy: ClusterFirstWithHostNet + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.gc.podSecurityContext | nindent 8 }} + hostNetwork: {{ .Values.gc.hostNetwork }} + containers: + - name: gc + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- with .Values.gc.extraEnvs }} + {{- toYaml . | nindent 8 }} + {{- end}} + command: + - "nfd-gc" + args: + {{- if .Values.gc.interval | empty | not }} + - "-gc-interval={{ .Values.gc.interval }}" + {{- end }} + {{- with .Values.gc.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} + resources: + {{- toYaml .Values.gc.resources | nindent 12 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: [ "ALL" ] + readOnlyRootFilesystem: true + runAsNonRoot: true + ports: + - name: metrics + containerPort: {{ .Values.gc.metricsPort | default "8081"}} + + {{- with .Values.gc.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.gc.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.gc.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/nfd-master-conf.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/nfd-master-conf.yaml new file mode 100644 index 00000000..9c6e01cd --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/nfd-master-conf.yaml @@ -0,0 +1,12 @@ +{{- if .Values.master.enable }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-master-conf + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +data: + nfd-master.conf: |- + {{- .Values.master.config | toYaml | nindent 4 }} +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/nfd-topologyupdater-conf.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/nfd-topologyupdater-conf.yaml new file mode 100644 index 00000000..8d03aa2d --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/nfd-topologyupdater-conf.yaml @@ -0,0 +1,12 @@ +{{- if .Values.topologyUpdater.enable -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-topology-updater-conf + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +data: + nfd-topology-updater.conf: |- + {{- .Values.topologyUpdater.config | toYaml | nindent 4 }} +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/nfd-worker-conf.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/nfd-worker-conf.yaml new file mode 100644 index 00000000..a2299dea --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/nfd-worker-conf.yaml @@ -0,0 +1,12 @@ +{{- if .Values.worker.enable }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-worker-conf + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +data: + nfd-worker.conf: |- + {{- .Values.worker.config | toYaml | nindent 4 }} +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/post-delete-job.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/post-delete-job.yaml new file mode 100644 index 00000000..4364f1aa --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/post-delete-job.yaml @@ -0,0 +1,94 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-prune + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-prune + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +rules: +- apiGroups: + - "" + resources: + - nodes + - nodes/status + verbs: + - get + - patch + - update + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-prune + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "node-feature-discovery.fullname" . }}-prune +subjects: +- kind: ServiceAccount + name: {{ include "node-feature-discovery.fullname" . }}-prune + namespace: {{ include "node-feature-discovery.namespace" . }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-prune + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + metadata: + labels: + {{- include "node-feature-discovery.labels" . | nindent 8 }} + role: prune + spec: + serviceAccountName: {{ include "node-feature-discovery.fullname" . }}-prune + containers: + - name: nfd-master + securityContext: + {{- toYaml .Values.master.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - "nfd-master" + args: + - "-prune" + {{- if .Values.master.instance | empty | not }} + - "-instance={{ .Values.master.instance }}" + {{- end }} + restartPolicy: Never + {{- with .Values.master.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/prometheus.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/prometheus.yaml new file mode 100644 index 00000000..3d680e24 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/prometheus.yaml @@ -0,0 +1,26 @@ +{{- if .Values.prometheus.enable }} +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ include "node-feature-discovery.fullname" . }} + labels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 4 }} + {{- with .Values.prometheus.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + podMetricsEndpoints: + - honorLabels: true + interval: {{ .Values.prometheus.scrapeInterval }} + path: /metrics + port: metrics + scheme: http + namespaceSelector: + matchNames: + - {{ include "node-feature-discovery.namespace" . }} + selector: + matchExpressions: + - {key: app.kubernetes.io/instance, operator: In, values: ["{{ .Release.Name }}"]} + - {key: app.kubernetes.io/name, operator: In, values: ["{{ include "node-feature-discovery.name" . }}"]} +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/role.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/role.yaml new file mode 100644 index 00000000..ed12ef2c --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/role.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.worker.enable .Values.worker.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-worker + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +rules: +- apiGroups: + - nfd.k8s-sigs.io + resources: + - nodefeatures + verbs: + - create + - get + - update + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/rolebinding.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/rolebinding.yaml new file mode 100644 index 00000000..a640d5f8 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/rolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.worker.enable .Values.worker.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-worker + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "node-feature-discovery.fullname" . }}-worker +subjects: +- kind: ServiceAccount + name: {{ include "node-feature-discovery.worker.serviceAccountName" . }} + namespace: {{ include "node-feature-discovery.namespace" . }} +{{- end }} + diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/serviceaccount.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/serviceaccount.yaml new file mode 100644 index 00000000..47c75a7e --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/serviceaccount.yaml @@ -0,0 +1,58 @@ +{{- if and .Values.master.enable .Values.master.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "node-feature-discovery.master.serviceAccountName" . }} + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + {{- with .Values.master.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} + +{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.serviceAccount.create }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }} + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + {{- with .Values.topologyUpdater.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} + +{{- if and .Values.gc.enable .Values.gc.serviceAccount.create }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "node-feature-discovery.gc.serviceAccountName" . }} + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + {{- with .Values.gc.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} + +{{- if and .Values.worker.enable .Values.worker.serviceAccount.create }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "node-feature-discovery.worker.serviceAccountName" . }} + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + {{- with .Values.worker.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/topologyupdater-crds.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/topologyupdater-crds.yaml new file mode 100644 index 00000000..b6b91968 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/topologyupdater-crds.yaml @@ -0,0 +1,278 @@ +{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.createCRDs -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes/enhancements/pull/1870 + controller-gen.kubebuilder.io/version: v0.11.2 + creationTimestamp: null + name: noderesourcetopologies.topology.node.k8s.io +spec: + group: topology.node.k8s.io + names: + kind: NodeResourceTopology + listKind: NodeResourceTopologyList + plural: noderesourcetopologies + shortNames: + - node-res-topo + singular: noderesourcetopology + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: NodeResourceTopology describes node resources and their topology. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + topologyPolicies: + items: + type: string + type: array + zones: + description: ZoneList contains an array of Zone objects. + items: + description: Zone represents a resource topology zone, e.g. socket, + node, die or core. + properties: + attributes: + description: AttributeList contains an array of AttributeInfo objects. + items: + description: AttributeInfo contains one attribute of a Zone. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + costs: + description: CostList contains an array of CostInfo objects. + items: + description: CostInfo describes the cost (or distance) between + two Zones. + properties: + name: + type: string + value: + format: int64 + type: integer + required: + - name + - value + type: object + type: array + name: + type: string + parent: + type: string + resources: + description: ResourceInfoList contains an array of ResourceInfo + objects. + items: + description: ResourceInfo contains information about one resource + type. + properties: + allocatable: + anyOf: + - type: integer + - type: string + description: Allocatable quantity of the resource, corresponding + to allocatable in node status, i.e. total amount of this + resource available to be used by pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + available: + anyOf: + - type: integer + - type: string + description: Available is the amount of this resource currently + available for new (to be scheduled) pods, i.e. Allocatable + minus the resources reserved by currently running pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + capacity: + anyOf: + - type: integer + - type: string + description: Capacity of the resource, corresponding to capacity + in node status, i.e. total amount of this resource that + the node has. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + name: + description: Name of the resource. + type: string + required: + - allocatable + - available + - capacity + - name + type: object + type: array + type: + type: string + required: + - name + - type + type: object + type: array + required: + - topologyPolicies + - zones + type: object + served: true + storage: false + - name: v1alpha2 + schema: + openAPIV3Schema: + description: NodeResourceTopology describes node resources and their topology. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + attributes: + description: AttributeList contains an array of AttributeInfo objects. + items: + description: AttributeInfo contains one attribute of a Zone. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + topologyPolicies: + description: 'DEPRECATED (to be removed in v1beta1): use top level attributes + if needed' + items: + type: string + type: array + zones: + description: ZoneList contains an array of Zone objects. + items: + description: Zone represents a resource topology zone, e.g. socket, + node, die or core. + properties: + attributes: + description: AttributeList contains an array of AttributeInfo objects. + items: + description: AttributeInfo contains one attribute of a Zone. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + costs: + description: CostList contains an array of CostInfo objects. + items: + description: CostInfo describes the cost (or distance) between + two Zones. + properties: + name: + type: string + value: + format: int64 + type: integer + required: + - name + - value + type: object + type: array + name: + type: string + parent: + type: string + resources: + description: ResourceInfoList contains an array of ResourceInfo + objects. + items: + description: ResourceInfo contains information about one resource + type. + properties: + allocatable: + anyOf: + - type: integer + - type: string + description: Allocatable quantity of the resource, corresponding + to allocatable in node status, i.e. total amount of this + resource available to be used by pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + available: + anyOf: + - type: integer + - type: string + description: Available is the amount of this resource currently + available for new (to be scheduled) pods, i.e. Allocatable + minus the resources reserved by currently running pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + capacity: + anyOf: + - type: integer + - type: string + description: Capacity of the resource, corresponding to capacity + in node status, i.e. total amount of this resource that + the node has. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + name: + description: Name of the resource. + type: string + required: + - allocatable + - available + - capacity + - name + type: object + type: array + type: + type: string + required: + - name + - type + type: object + type: array + required: + - zones + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/topologyupdater.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/topologyupdater.yaml new file mode 100644 index 00000000..9a466f88 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/topologyupdater.yaml @@ -0,0 +1,188 @@ +{{- if .Values.topologyUpdater.enable -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-topology-updater + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + role: topology-updater + {{- with .Values.topologyUpdater.daemonsetAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.topologyUpdater.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} + role: topology-updater + template: + metadata: + labels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} + role: topology-updater + annotations: + checksum/config: {{ include (print $.Template.BasePath "/nfd-topologyupdater-conf.yaml") . | sha256sum }} + {{- with .Values.topologyUpdater.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }} + dnsPolicy: ClusterFirstWithHostNet + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.topologyUpdater.podSecurityContext | nindent 8 }} + hostNetwork: {{ .Values.topologyUpdater.hostNetwork }} + containers: + - name: topology-updater + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + livenessProbe: + grpc: + port: {{ .Values.topologyUpdater.healthPort | default "8082" }} + {{- with .Values.topologyUpdater.livenessProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.topologyUpdater.livenessProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.topologyUpdater.livenessProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.topologyUpdater.livenessProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + readinessProbe: + grpc: + port: {{ .Values.topologyUpdater.healthPort | default "8082" }} + {{- with .Values.topologyUpdater.readinessProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.topologyUpdater.readinessProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.topologyUpdater.readinessProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.topologyUpdater.readinessProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + {{- with .Values.topologyUpdater.readinessProbe.successThreshold }} + successThreshold: {{ . }} + {{- end }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: NODE_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + {{- with .Values.topologyUpdater.extraEnvs }} + {{- toYaml . | nindent 8 }} + {{- end}} + command: + - "nfd-topology-updater" + args: + - "-podresources-socket=/host-var/lib/kubelet-podresources/kubelet.sock" + {{- if .Values.topologyUpdater.updateInterval | empty | not }} + - "-sleep-interval={{ .Values.topologyUpdater.updateInterval }}" + {{- else }} + - "-sleep-interval=3s" + {{- end }} + {{- if .Values.topologyUpdater.watchNamespace | empty | not }} + - "-watch-namespace={{ .Values.topologyUpdater.watchNamespace }}" + {{- else }} + - "-watch-namespace=*" + {{- end }} + {{- if not .Values.topologyUpdater.podSetFingerprint }} + - "-pods-fingerprint=false" + {{- end }} + {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }} + - "-kubelet-config-uri=file:///host-var/kubelet-config" + {{- end }} + {{- if .Values.topologyUpdater.kubeletStateDir | empty }} + # Disable kubelet state tracking by giving an empty path + - "-kubelet-state-dir=" + {{- end }} + - "-metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}}" + - "-grpc-health={{ .Values.topologyUpdater.healthPort | default "8082" }}" + {{- with .Values.topologyUpdater.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}} + name: metrics + - containerPort: {{ .Values.topologyUpdater.healthPort | default "8082" }} + name: health + volumeMounts: + {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }} + - name: kubelet-config + mountPath: /host-var/kubelet-config + {{- end }} + - name: kubelet-podresources-sock + mountPath: /host-var/lib/kubelet-podresources/kubelet.sock + - name: host-sys + mountPath: /host-sys + {{- if .Values.topologyUpdater.kubeletStateDir | empty | not }} + - name: kubelet-state-files + mountPath: /host-var/lib/kubelet + readOnly: true + {{- end }} + - name: nfd-topology-updater-conf + mountPath: "/etc/kubernetes/node-feature-discovery" + readOnly: true + + resources: + {{- toYaml .Values.topologyUpdater.resources | nindent 12 }} + securityContext: + {{- toYaml .Values.topologyUpdater.securityContext | nindent 12 }} + volumes: + - name: host-sys + hostPath: + path: "/sys" + {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }} + - name: kubelet-config + hostPath: + path: {{ .Values.topologyUpdater.kubeletConfigPath }} + {{- end }} + - name: kubelet-podresources-sock + hostPath: + {{- if .Values.topologyUpdater.kubeletPodResourcesSockPath | empty | not }} + path: {{ .Values.topologyUpdater.kubeletPodResourcesSockPath }} + {{- else }} + path: /var/lib/kubelet/pod-resources/kubelet.sock + {{- end }} + {{- if .Values.topologyUpdater.kubeletStateDir | empty | not }} + - name: kubelet-state-files + hostPath: + path: {{ .Values.topologyUpdater.kubeletStateDir }} + {{- end }} + - name: nfd-topology-updater-conf + configMap: + name: {{ include "node-feature-discovery.fullname" . }}-topology-updater-conf + items: + - key: nfd-topology-updater.conf + path: nfd-topology-updater.conf + + {{- with .Values.topologyUpdater.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologyUpdater.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologyUpdater.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/worker.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/worker.yaml new file mode 100644 index 00000000..4aadd800 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/templates/worker.yaml @@ -0,0 +1,195 @@ +{{- if .Values.worker.enable }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-worker + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + role: worker + {{- with .Values.worker.daemonsetAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.worker.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} + role: worker + template: + metadata: + labels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} + role: worker + annotations: + checksum/config: {{ include (print $.Template.BasePath "/nfd-worker-conf.yaml") . | sha256sum }} + {{- with .Values.worker.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + dnsPolicy: ClusterFirstWithHostNet + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "node-feature-discovery.worker.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.worker.podSecurityContext | nindent 8 }} + hostNetwork: {{ .Values.worker.hostNetwork }} + containers: + - name: worker + securityContext: + {{- toYaml .Values.worker.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + livenessProbe: + grpc: + port: {{ .Values.worker.healthPort | default "8082" }} + {{- with .Values.worker.livenessProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.worker.livenessProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.worker.livenessProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.worker.livenessProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + readinessProbe: + grpc: + port: {{ .Values.worker.healthPort | default "8082" }} + {{- with .Values.worker.readinessProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.worker.readinessProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.worker.readinessProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.worker.readinessProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + {{- with .Values.worker.readinessProbe.successThreshold }} + successThreshold: {{ . }} + {{- end }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + {{- with .Values.worker.extraEnvs }} + {{- toYaml . | nindent 8 }} + {{- end}} + resources: + {{- toYaml .Values.worker.resources | nindent 12 }} + command: + - "nfd-worker" + args: + # Go over featureGate and add the feature-gate flag + {{- range $key, $value := .Values.featureGates }} + - "-feature-gates={{ $key }}={{ $value }}" + {{- end }} + - "-metrics={{ .Values.worker.metricsPort | default "8081"}}" + - "-grpc-health={{ .Values.worker.healthPort | default "8082" }}" + {{- with .Values.worker.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + ports: + - containerPort: {{ .Values.worker.metricsPort | default "8081"}} + name: metrics + - containerPort: {{ .Values.worker.healthPort | default "8082" }} + name: health + volumeMounts: + - name: host-boot + mountPath: "/host-boot" + readOnly: true + - name: host-os-release + mountPath: "/host-etc/os-release" + readOnly: true + - name: host-sys + mountPath: "/host-sys" + readOnly: true + - name: host-usr-lib + mountPath: "/host-usr/lib" + readOnly: true + - name: host-lib + mountPath: "/host-lib" + readOnly: true + - name: host-proc-swaps + mountPath: "/host-proc/swaps" + readOnly: true + {{- if .Values.worker.mountUsrSrc }} + - name: host-usr-src + mountPath: "/host-usr/src" + readOnly: true + {{- end }} + - name: features-d + mountPath: "/etc/kubernetes/node-feature-discovery/features.d/" + readOnly: true + - name: nfd-worker-conf + mountPath: "/etc/kubernetes/node-feature-discovery" + readOnly: true + volumes: + - name: host-boot + hostPath: + path: "/boot" + - name: host-os-release + hostPath: + path: "/etc/os-release" + - name: host-sys + hostPath: + path: "/sys" + - name: host-usr-lib + hostPath: + path: "/usr/lib" + - name: host-lib + hostPath: + path: "/lib" + - name: host-proc-swaps + hostPath: + path: "/proc/swaps" + {{- if .Values.worker.mountUsrSrc }} + - name: host-usr-src + hostPath: + path: "/usr/src" + {{- end }} + - name: features-d + hostPath: + path: "/etc/kubernetes/node-feature-discovery/features.d/" + - name: nfd-worker-conf + configMap: + name: {{ include "node-feature-discovery.fullname" . }}-worker-conf + items: + - key: nfd-worker.conf + path: nfd-worker.conf + {{- with .Values.worker.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.priorityClassName }} + priorityClassName: {{ . | quote }} + {{- end }} +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/values.yaml b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/values.yaml new file mode 100644 index 00000000..18aa7bcb --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/charts/node-feature-discovery/values.yaml @@ -0,0 +1,599 @@ +image: + repository: registry.k8s.io/nfd/node-feature-discovery + # This should be set to 'IfNotPresent' for released version + pullPolicy: IfNotPresent + # tag, if defined will use the given image tag, else Chart.AppVersion will be used + # tag +imagePullSecrets: [] + +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +featureGates: + NodeFeatureGroupAPI: false + +priorityClassName: "" + +master: + enable: true + extraArgs: [] + extraEnvs: [] + hostNetwork: false + config: ### + # noPublish: false + # autoDefaultNs: true + # extraLabelNs: ["added.ns.io","added.kubernets.io"] + # denyLabelNs: ["denied.ns.io","denied.kubernetes.io"] + # enableTaints: false + # labelWhiteList: "foo" + # resyncPeriod: "2h" + # restrictions: + # disableLabels: true + # disableTaints: true + # disableExtendedResources: true + # disableAnnotations: true + # allowOverwrite: false + # denyNodeFeatureLabels: true + # nodeFeatureNamespaceSelector: + # matchLabels: + # kubernetes.io/metadata.name: "node-feature-discovery" + # matchExpressions: + # - key: "kubernetes.io/metadata.name" + # operator: "In" + # values: + # - "node-feature-discovery" + # klog: + # addDirHeader: false + # alsologtostderr: false + # logBacktraceAt: + # logtostderr: true + # skipHeaders: false + # stderrthreshold: 2 + # v: 0 + # vmodule: + ## NOTE: the following options are not dynamically run-time configurable + ## and require a nfd-master restart to take effect after being changed + # logDir: + # logFile: + # logFileMaxSize: 1800 + # skipLogHeaders: false + # leaderElection: + # leaseDuration: 15s + # # this value has to be lower than leaseDuration and greater than retryPeriod*1.2 + # renewDeadline: 10s + # # this value has to be greater than 0 + # retryPeriod: 2s + # nfdApiParallelism: 10 + ### + metricsPort: 8081 + healthPort: 8082 + instance: + featureApi: + resyncPeriod: + denyLabelNs: [] + extraLabelNs: [] + enableTaints: false + featureRulesController: null + nfdApiParallelism: null + deploymentAnnotations: {} + replicaCount: 1 + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: [ "ALL" ] + readOnlyRootFilesystem: true + runAsNonRoot: true + # runAsUser: 1000 + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + + # specify how many old ReplicaSets for the Deployment to retain. + revisionHistoryLimit: + + rbac: + create: true + + resources: + limits: + memory: 4Gi + requests: + cpu: 100m + # You may want to use the same value for `requests.memory` and `limits.memory`. The “requests” value affects scheduling to accommodate pods on nodes. + # If there is a large difference between “requests” and “limits” and nodes experience memory pressure, the kernel may invoke + # the OOM Killer, even if the memory does not exceed the “limits” threshold. This can cause unexpected pod evictions. Memory + # cannot be compressed and once allocated to a pod, it can only be reclaimed by killing the pod. + # Natan Yellin 22/09/2022 https://home.robusta.dev/blog/kubernetes-memory-limit + memory: 128Mi + + nodeSelector: {} + + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Equal" + value: "" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Equal" + value: "" + effect: "NoSchedule" + + annotations: {} + + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: "node-role.kubernetes.io/master" + operator: In + values: [""] + - weight: 1 + preference: + matchExpressions: + - key: "node-role.kubernetes.io/control-plane" + operator: In + values: [""] + + startupProbe: + grpc: + port: 8082 + failureThreshold: 30 + # periodSeconds: 10 + livenessProbe: + grpc: + port: 8082 + # failureThreshold: 3 + # initialDelaySeconds: 0 + # periodSeconds: 10 + # timeoutSeconds: 1 + readinessProbe: + grpc: + port: 8082 + failureThreshold: 10 + # initialDelaySeconds: 0 + # periodSeconds: 10 + # timeoutSeconds: 1 + # successThreshold: 1 + +worker: + enable: true + extraArgs: [] + extraEnvs: [] + hostNetwork: false + config: ### + #core: + # labelWhiteList: + # noPublish: false + # noOwnerRefs: false + # sleepInterval: 60s + # featureSources: [all] + # labelSources: [all] + # klog: + # addDirHeader: false + # alsologtostderr: false + # logBacktraceAt: + # logtostderr: true + # skipHeaders: false + # stderrthreshold: 2 + # v: 0 + # vmodule: + ## NOTE: the following options are not dynamically run-time configurable + ## and require a nfd-worker restart to take effect after being changed + # logDir: + # logFile: + # logFileMaxSize: 1800 + # skipLogHeaders: false + #sources: + # cpu: + # cpuid: + ## NOTE: whitelist has priority over blacklist + # attributeBlacklist: + # - "AVX10" + # - "BMI1" + # - "BMI2" + # - "CLMUL" + # - "CMOV" + # - "CX16" + # - "ERMS" + # - "F16C" + # - "HTT" + # - "LZCNT" + # - "MMX" + # - "MMXEXT" + # - "NX" + # - "POPCNT" + # - "RDRAND" + # - "RDSEED" + # - "RDTSCP" + # - "SGX" + # - "SSE" + # - "SSE2" + # - "SSE3" + # - "SSE4" + # - "SSE42" + # - "SSSE3" + # - "TDX_GUEST" + # attributeWhitelist: + # kernel: + # kconfigFile: "/path/to/kconfig" + # configOpts: + # - "NO_HZ" + # - "X86" + # - "DMI" + # pci: + # deviceClassWhitelist: + # - "0200" + # - "03" + # - "12" + # deviceLabelFields: + # - "class" + # - "vendor" + # - "device" + # - "subsystem_vendor" + # - "subsystem_device" + # usb: + # deviceClassWhitelist: + # - "0e" + # - "ef" + # - "fe" + # - "ff" + # deviceLabelFields: + # - "class" + # - "vendor" + # - "device" + # custom: + # # The following feature demonstrates the capabilities of the matchFeatures + # - name: "my custom rule" + # labels: + # "vendor.io/my-ng-feature": "true" + # # matchFeatures implements a logical AND over all matcher terms in the + # # list (i.e. all of the terms, or per-feature matchers, must match) + # matchFeatures: + # - feature: cpu.cpuid + # matchExpressions: + # AVX512F: {op: Exists} + # - feature: cpu.cstate + # matchExpressions: + # enabled: {op: IsTrue} + # - feature: cpu.pstate + # matchExpressions: + # no_turbo: {op: IsFalse} + # scaling_governor: {op: In, value: ["performance"]} + # - feature: cpu.rdt + # matchExpressions: + # RDTL3CA: {op: Exists} + # - feature: cpu.sst + # matchExpressions: + # bf.enabled: {op: IsTrue} + # - feature: cpu.topology + # matchExpressions: + # hardware_multithreading: {op: IsFalse} + # + # - feature: kernel.config + # matchExpressions: + # X86: {op: Exists} + # LSM: {op: InRegexp, value: ["apparmor"]} + # - feature: kernel.loadedmodule + # matchExpressions: + # e1000e: {op: Exists} + # - feature: kernel.selinux + # matchExpressions: + # enabled: {op: IsFalse} + # - feature: kernel.version + # matchExpressions: + # major: {op: In, value: ["5"]} + # minor: {op: Gt, value: ["10"]} + # + # - feature: storage.block + # matchExpressions: + # rotational: {op: In, value: ["0"]} + # dax: {op: In, value: ["0"]} + # + # - feature: network.device + # matchExpressions: + # operstate: {op: In, value: ["up"]} + # speed: {op: Gt, value: ["100"]} + # + # - feature: memory.numa + # matchExpressions: + # node_count: {op: Gt, value: ["2"]} + # - feature: memory.nv + # matchExpressions: + # devtype: {op: In, value: ["nd_dax"]} + # mode: {op: In, value: ["memory"]} + # + # - feature: system.osrelease + # matchExpressions: + # ID: {op: In, value: ["fedora", "centos"]} + # - feature: system.name + # matchExpressions: + # nodename: {op: InRegexp, value: ["^worker-X"]} + # + # - feature: local.label + # matchExpressions: + # custom-feature-knob: {op: Gt, value: ["100"]} + # + # # The following feature demonstrates the capabilities of the matchAny + # - name: "my matchAny rule" + # labels: + # "vendor.io/my-ng-feature-2": "my-value" + # # matchAny implements a logical IF over all elements (sub-matchers) in + # # the list (i.e. at least one feature matcher must match) + # matchAny: + # - matchFeatures: + # - feature: kernel.loadedmodule + # matchExpressions: + # driver-module-X: {op: Exists} + # - feature: pci.device + # matchExpressions: + # vendor: {op: In, value: ["8086"]} + # class: {op: In, value: ["0200"]} + # - matchFeatures: + # - feature: kernel.loadedmodule + # matchExpressions: + # driver-module-Y: {op: Exists} + # - feature: usb.device + # matchExpressions: + # vendor: {op: In, value: ["8086"]} + # class: {op: In, value: ["02"]} + # + # - name: "avx wildcard rule" + # labels: + # "my-avx-feature": "true" + # matchFeatures: + # - feature: cpu.cpuid + # matchName: {op: InRegexp, value: ["^AVX512"]} + # + # # The following features demonstreate label templating capabilities + # - name: "my template rule" + # labelsTemplate: | + # {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }} + # {{ end }} + # matchFeatures: + # - feature: system.osrelease + # matchExpressions: + # ID: {op: InRegexp, value: ["^open.*"]} + # VERSION_ID.major: {op: In, value: ["13", "15"]} + # + # - name: "my template rule 2" + # labelsTemplate: | + # {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid + # {{ end }} + # matchFeatures: + # - feature: pci.device + # matchExpressions: + # class: {op: InRegexp, value: ["^06"]} + # vendor: ["8086"] + # - feature: cpu.cpuid + # matchExpressions: + # AVX: {op: Exists} + # + # # The following examples demonstrate vars field and back-referencing + # # previous labels and vars + # - name: "my dummy kernel rule" + # labels: + # "vendor.io/my.kernel.feature": "true" + # matchFeatures: + # - feature: kernel.version + # matchExpressions: + # major: {op: Gt, value: ["2"]} + # + # - name: "my dummy rule with no labels" + # vars: + # "my.dummy.var": "1" + # matchFeatures: + # - feature: cpu.cpuid + # matchExpressions: {} + # + # - name: "my rule using backrefs" + # labels: + # "vendor.io/my.backref.feature": "true" + # matchFeatures: + # - feature: rule.matched + # matchExpressions: + # vendor.io/my.kernel.feature: {op: IsTrue} + # my.dummy.var: {op: Gt, value: ["0"]} + # + # - name: "kconfig template rule" + # labelsTemplate: | + # {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }} + # {{ end }} + # matchFeatures: + # - feature: kernel.config + # matchName: {op: In, value: ["SWAP", "X86", "ARM"]} +### + + metricsPort: 8081 + healthPort: 8082 + daemonsetAnnotations: {} + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: [ "ALL" ] + readOnlyRootFilesystem: true + runAsNonRoot: true + # runAsUser: 1000 + + livenessProbe: + grpc: + port: 8082 + initialDelaySeconds: 10 + # failureThreshold: 3 + # periodSeconds: 10 + # timeoutSeconds: 1 + readinessProbe: + grpc: + port: 8082 + initialDelaySeconds: 5 + failureThreshold: 10 + # periodSeconds: 10 + # timeoutSeconds: 1 + # successThreshold: 1 + + serviceAccount: + # Specifies whether a service account should be created. + # We create this by default to make it easier for downstream users to apply PodSecurityPolicies. + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + + # specify how many old ControllerRevisions for the DaemonSet to retain. + revisionHistoryLimit: + + rbac: + create: true + + # Allow users to mount the hostPath /usr/src, useful for RHCOS on s390x + # Does not work on systems without /usr/src AND a read-only /usr, such as Talos + mountUsrSrc: false + + resources: + limits: + memory: 512Mi + requests: + cpu: 5m + memory: 64Mi + + nodeSelector: {} + + tolerations: [] + + annotations: {} + + affinity: {} + + priorityClassName: "" + +topologyUpdater: + config: ### + ## key = node name, value = list of resources to be excluded. + ## use * to exclude from all nodes. + ## an example for how the exclude list should looks like + #excludeList: + # node1: [cpu] + # node2: [memory, example/deviceA] + # *: [hugepages-2Mi] +### + + enable: false + createCRDs: false + extraArgs: [] + extraEnvs: [] + hostNetwork: false + + serviceAccount: + create: true + annotations: {} + name: + + # specify how many old ControllerRevisions for the DaemonSet to retain. + revisionHistoryLimit: + + rbac: + create: true + + metricsPort: 8081 + healthPort: 8082 + kubeletConfigPath: + kubeletPodResourcesSockPath: + updateInterval: 60s + watchNamespace: "*" + kubeletStateDir: /var/lib/kubelet + + podSecurityContext: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: [ "ALL" ] + readOnlyRootFilesystem: true + runAsUser: 0 + + livenessProbe: + grpc: + port: 8082 + initialDelaySeconds: 10 + # failureThreshold: 3 + # periodSeconds: 10 + # timeoutSeconds: 1 + readinessProbe: + grpc: + port: 8082 + initialDelaySeconds: 5 + failureThreshold: 10 + # periodSeconds: 10 + # timeoutSeconds: 1 + # successThreshold: 1 + + resources: + limits: + memory: 60Mi + requests: + cpu: 50m + memory: 40Mi + + nodeSelector: {} + tolerations: [] + annotations: {} + daemonsetAnnotations: {} + affinity: {} + podSetFingerprint: true + +gc: + enable: true + extraArgs: [] + extraEnvs: [] + hostNetwork: false + replicaCount: 1 + + serviceAccount: + create: true + annotations: {} + name: + rbac: + create: true + + interval: 1h + + podSecurityContext: {} + + resources: + limits: + memory: 1Gi + requests: + cpu: 10m + memory: 128Mi + + metricsPort: 8081 + + nodeSelector: {} + tolerations: [] + annotations: {} + deploymentAnnotations: {} + affinity: {} + + # specify how many old ReplicaSets for the Deployment to retain. + revisionHistoryLimit: + +prometheus: + enable: false + scrapeInterval: 10s + labels: {} diff --git a/packages/system/gpu-operator/charts/gpu-operator/crds/nvidia.com_clusterpolicies.yaml b/packages/system/gpu-operator/charts/gpu-operator/crds/nvidia.com_clusterpolicies.yaml new file mode 100644 index 00000000..5a9f99e1 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/crds/nvidia.com_clusterpolicies.yaml @@ -0,0 +1,2396 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: clusterpolicies.nvidia.com +spec: + group: nvidia.com + names: + kind: ClusterPolicy + listKind: ClusterPolicyList + plural: clusterpolicies + singular: clusterpolicy + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterPolicy is the Schema for the clusterpolicies API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterPolicySpec defines the desired state of ClusterPolicy + properties: + ccManager: + description: CCManager component spec + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + defaultMode: + description: Default CC mode setting for compatible GPUs on the + node + enum: + - "on" + - "off" + - devtools + type: string + enabled: + description: Enabled indicates if deployment of CC Manager is + enabled + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: CC Manager image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: CC Manager image repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + version: + description: CC Manager image tag + type: string + type: object + cdi: + description: CDI configures how the Container Device Interface is + used in the cluster + properties: + default: + default: false + description: Default indicates whether to use CDI as the default + mechanism for providing GPU access to containers. + type: boolean + enabled: + default: false + description: Enabled indicates whether CDI can be used to make + GPUs accessible to containers. + type: boolean + type: object + daemonsets: + description: Daemonset defines common configuration for all Daemonsets + properties: + annotations: + additionalProperties: + type: string + description: |- + Optional: Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + type: object + labels: + additionalProperties: + type: string + description: |- + Optional: Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: object + priorityClassName: + type: string + rollingUpdate: + description: 'Optional: Configuration for rolling update of all + DaemonSet pods' + properties: + maxUnavailable: + type: string + type: object + tolerations: + description: 'Optional: Set tolerations' + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + updateStrategy: + default: RollingUpdate + enum: + - RollingUpdate + - OnDelete + type: string + type: object + dcgm: + description: DCGM component spec + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + enabled: + description: Enabled indicates if deployment of NVIDIA DCGM Hostengine + as a separate pod is enabled. + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + hostPort: + description: 'Deprecated: HostPort represents host port that needs + to be bound for DCGM engine (Default: 5555)' + format: int32 + type: integer + image: + description: NVIDIA DCGM image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: NVIDIA DCGM image repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + version: + description: NVIDIA DCGM image tag + type: string + type: object + dcgmExporter: + description: DCGMExporter spec + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + config: + description: 'Optional: Custom metrics configuration for NVIDIA + DCGM Exporter' + properties: + name: + description: ConfigMap name with file dcgm-metrics.csv for + metrics to be collected by NVIDIA DCGM Exporter + type: string + type: object + enabled: + description: Enabled indicates if deployment of NVIDIA DCGM Exporter + through operator is enabled + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: NVIDIA DCGM Exporter image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: NVIDIA DCGM Exporter image repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + serviceMonitor: + description: 'Optional: ServiceMonitor configuration for NVIDIA + DCGM Exporter' + properties: + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels to add to ServiceMonitor instance + for NVIDIA DCGM Exporter + type: object + enabled: + description: Enabled indicates if ServiceMonitor is deployed + for NVIDIA DCGM Exporter + type: boolean + honorLabels: + description: HonorLabels chooses the metric’s labels on collisions + with target labels. + type: boolean + interval: + description: |- + Interval which metrics should be scraped from NVIDIA DCGM Exporter. If not specified Prometheus’ global scrape interval is used. + Supported units: y, w, d, h, m, s, ms + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + relabelings: + description: Relabelings allows to rewrite labels on metric + sets for NVIDIA DCGM Exporter + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set for targets, alerts, + scraped samples and remote write samples. + + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + properties: + action: + default: replace + description: |- + Action to perform based on the regex matching. + + `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. + `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. + + Default: "Replace" + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: |- + Modulus to take of the hash of the source label values. + + Only applicable when the action is `HashMod`. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. + type: string + replacement: + description: |- + Replacement value against which a Replace action is performed if the + regular expression matches. + + Regex capture groups are available. + type: string + separator: + description: Separator is the string between concatenated + SourceLabels. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is + concatenated using the configured Separator and matched against the + configured regular expression. + items: + description: |- + LabelName is a valid Prometheus label name which may only contain ASCII + letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: |- + Label to which the resulting string is written in a replacement. + + It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, + `KeepEqual` and `DropEqual` actions. + + Regex capture groups are available. + type: string + type: object + type: array + type: object + version: + description: NVIDIA DCGM Exporter image tag + type: string + type: object + devicePlugin: + description: DevicePlugin component spec + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + config: + description: 'Optional: Configuration for the NVIDIA Device Plugin + via the ConfigMap' + properties: + default: + description: Default config name within the ConfigMap for + the NVIDIA Device Plugin config + type: string + name: + description: ConfigMap name for NVIDIA Device Plugin config + including shared config between plugin and GFD + type: string + type: object + enabled: + description: Enabled indicates if deployment of NVIDIA Device + Plugin through operator is enabled + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: NVIDIA Device Plugin image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + mps: + description: 'Optional: MPS related configuration for the NVIDIA + Device Plugin' + properties: + root: + default: /run/nvidia/mps + description: Root defines the MPS root path on the host + type: string + type: object + repository: + description: NVIDIA Device Plugin image repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + version: + description: NVIDIA Device Plugin image tag + type: string + type: object + driver: + description: Driver component spec + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + certConfig: + description: 'Optional: Custom certificates configuration for + NVIDIA Driver container' + properties: + name: + type: string + type: object + enabled: + description: Enabled indicates if deployment of NVIDIA Driver + through operator is enabled + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: NVIDIA Driver image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + kernelModuleConfig: + description: 'Optional: Kernel module configuration parameters + for the NVIDIA Driver' + properties: + name: + type: string + type: object + kernelModuleType: + default: auto + description: |- + KernelModuleType represents the type of driver kernel modules to be used when installing the GPU driver. + Accepted values are auto, proprietary and open. NOTE: If auto is chosen, it means that the recommended kernel module + type is chosen based on the GPU devices on the host and the driver branch used + enum: + - auto + - open + - proprietary + type: string + licensingConfig: + description: 'Optional: Licensing configuration for NVIDIA vGPU + licensing' + properties: + configMapName: + type: string + nlsEnabled: + description: NLSEnabled indicates if NVIDIA Licensing System + is used for licensing. + type: boolean + type: object + livenessProbe: + description: NVIDIA Driver container liveness probe settings + properties: + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + minimum: 1 + type: integer + type: object + manager: + description: Manager represents configuration for NVIDIA Driver + Manager initContainer + properties: + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: Image represents NVIDIA Driver Manager image + name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: Repository represents Driver Managerrepository + path + type: string + version: + description: Version represents NVIDIA Driver Manager image + tag(version) + type: string + type: object + rdma: + description: GPUDirectRDMASpec defines the properties for nvidia-peermem + deployment + properties: + enabled: + description: Enabled indicates if GPUDirect RDMA is enabled + through GPU operator + type: boolean + useHostMofed: + description: UseHostMOFED indicates to use MOFED drivers directly + installed on the host to enable GPUDirect RDMA + type: boolean + type: object + readinessProbe: + description: NVIDIA Driver container readiness probe settings + properties: + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + minimum: 1 + type: integer + type: object + repoConfig: + description: 'Optional: Custom repo configuration for NVIDIA Driver + container' + properties: + configMapName: + type: string + type: object + repository: + description: NVIDIA Driver image repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: NVIDIA Driver container startup probe settings + properties: + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + minimum: 1 + type: integer + type: object + upgradePolicy: + description: Driver auto-upgrade settings + properties: + autoUpgrade: + default: false + description: |- + AutoUpgrade is a global switch for automatic upgrade feature + if set to false all other options are ignored + type: boolean + drain: + description: DrainSpec describes configuration for node drain + during automatic upgrade + properties: + deleteEmptyDir: + default: false + description: |- + DeleteEmptyDir indicates if should continue even if there are pods using emptyDir + (local data that will be deleted when the node is drained) + type: boolean + enable: + default: false + description: Enable indicates if node draining is allowed + during upgrade + type: boolean + force: + default: false + description: Force indicates if force draining is allowed + type: boolean + podSelector: + description: |- + PodSelector specifies a label selector to filter pods on the node that need to be drained + For more details on label selectors, see: + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + type: string + timeoutSeconds: + default: 300 + description: TimeoutSecond specifies the length of time + in seconds to wait before giving up drain, zero means + infinite + minimum: 0 + type: integer + type: object + maxParallelUpgrades: + default: 1 + description: |- + MaxParallelUpgrades indicates how many nodes can be upgraded in parallel + 0 means no limit, all nodes will be upgraded in parallel + minimum: 0 + type: integer + maxUnavailable: + anyOf: + - type: integer + - type: string + default: 25% + description: |- + MaxUnavailable is the maximum number of nodes with the driver installed, that can be unavailable during the upgrade. + Value can be an absolute number (ex: 5) or a percentage of total nodes at the start of upgrade (ex: 10%). + Absolute number is calculated from percentage by rounding up. + By default, a fixed value of 25% is used. + x-kubernetes-int-or-string: true + podDeletion: + description: PodDeletionSpec describes configuration for deletion + of pods using special resources during automatic upgrade + properties: + deleteEmptyDir: + default: false + description: |- + DeleteEmptyDir indicates if should continue even if there are pods using emptyDir + (local data that will be deleted when the pod is deleted) + type: boolean + force: + default: false + description: Force indicates if force deletion is allowed + type: boolean + timeoutSeconds: + default: 300 + description: |- + TimeoutSecond specifies the length of time in seconds to wait before giving up on pod termination, zero means + infinite + minimum: 0 + type: integer + type: object + waitForCompletion: + description: WaitForCompletionSpec describes the configuration + for waiting on job completions + properties: + podSelector: + description: |- + PodSelector specifies a label selector for the pods to wait for completion + For more details on label selectors, see: + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + type: string + timeoutSeconds: + default: 0 + description: |- + TimeoutSecond specifies the length of time in seconds to wait before giving up on pod termination, zero means + infinite + minimum: 0 + type: integer + type: object + type: object + useNvidiaDriverCRD: + description: UseNvidiaDriverCRD indicates if the deployment of + NVIDIA Driver is managed by the NVIDIADriver CRD type + type: boolean + useOpenKernelModules: + description: |- + Deprecated: This field is no longer honored by the gpu-operator. Please use KernelModuleType instead. + UseOpenKernelModules indicates if the open GPU kernel modules should be used + type: boolean + usePrecompiled: + description: UsePrecompiled indicates if deployment of NVIDIA + Driver using pre-compiled modules is enabled + type: boolean + version: + description: NVIDIA Driver image tag + type: string + virtualTopology: + description: 'Optional: Virtual Topology Daemon configuration + for NVIDIA vGPU drivers' + properties: + config: + description: 'Optional: Config name representing virtual topology + daemon configuration file nvidia-topologyd.conf' + type: string + type: object + type: object + gdrcopy: + description: GDRCopy component spec + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + enabled: + description: Enabled indicates if GDRCopy is enabled through GPU + Operator + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: NVIDIA GDRCopy driver image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: NVIDIA GDRCopy driver image repository + type: string + version: + description: NVIDIA GDRCopy driver image tag + type: string + type: object + gds: + description: GPUDirectStorage defines the spec for GDS components(Experimental) + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + enabled: + description: Enabled indicates if GPUDirect Storage is enabled + through GPU operator + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: NVIDIA GPUDirect Storage Driver image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: NVIDIA GPUDirect Storage Driver image repository + type: string + version: + description: NVIDIA GPUDirect Storage Driver image tag + type: string + type: object + gfd: + description: GPUFeatureDiscovery spec + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + enabled: + description: Enabled indicates if deployment of GPU Feature Discovery + Plugin is enabled. + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: GFD image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: GFD image repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + version: + description: GFD image tag + type: string + type: object + hostPaths: + description: HostPaths defines various paths on the host needed by + GPU Operator components + properties: + driverInstallDir: + description: |- + DriverInstallDir represents the root at which driver files including libraries, + config files, and executables can be found. + type: string + rootFS: + description: |- + RootFS represents the path to the root filesystem of the host. + This is used by components that need to interact with the host filesystem + and as such this must be a chroot-able filesystem. + Examples include the MIG Manager and Toolkit Container which may need to + stop, start, or restart systemd services. + type: string + type: object + kataManager: + description: KataManager component spec + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + config: + description: Kata Manager config + properties: + artifactsDir: + default: /opt/nvidia-gpu-operator/artifacts/runtimeclasses + description: |- + ArtifactsDir is the directory where kata artifacts (e.g. kernel / guest images, configuration, etc.) + are placed on the local filesystem. + type: string + runtimeClasses: + description: RuntimeClasses is a list of kata runtime classes + to configure. + items: + description: RuntimeClass defines the configuration for + a kata RuntimeClass + properties: + artifacts: + description: Artifacts are the kata artifacts associated + with the runtime class. + properties: + pullSecret: + description: PullSecret is the secret used to pull + the OCI artifact. + type: string + url: + description: |- + URL is the path to the OCI artifact (payload) containing all artifacts + associated with a kata runtime class. + type: string + required: + - url + type: object + name: + description: Name is the name of the kata runtime class. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector specifies the nodeSelector for the RuntimeClass object. + This ensures pods running with the RuntimeClass only get scheduled + onto nodes which support it. + type: object + required: + - artifacts + - name + type: object + type: array + type: object + enabled: + description: Enabled indicates if deployment of Kata Manager is + enabled + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: Kata Manager image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: Kata Manager image repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + version: + description: Kata Manager image tag + type: string + type: object + mig: + description: MIG spec + properties: + strategy: + description: 'Optional: MIGStrategy to apply for GFD and NVIDIA + Device Plugin' + enum: + - none + - single + - mixed + type: string + type: object + migManager: + description: MIGManager for configuration to deploy MIG Manager + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + config: + description: 'Optional: Custom mig-parted configuration for NVIDIA + MIG Manager container' + properties: + default: + default: all-disabled + description: Default MIG config to be applied on the node, + when there is no config specified with the node label nvidia.com/mig.config + enum: + - all-disabled + - "" + type: string + name: + default: default-mig-parted-config + description: ConfigMap name + type: string + type: object + enabled: + description: Enabled indicates if deployment of NVIDIA MIG Manager + is enabled + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + gpuClientsConfig: + description: 'Optional: Custom gpu-clients configuration for NVIDIA + MIG Manager container' + properties: + name: + description: ConfigMap name + type: string + type: object + image: + description: NVIDIA MIG Manager image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: NVIDIA MIG Manager image repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + version: + description: NVIDIA MIG Manager image tag + type: string + type: object + nodeStatusExporter: + description: NodeStatusExporter spec + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + enabled: + description: Enabled indicates if deployment of Node Status Exporter + is enabled. + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: Node Status Exporter image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: Node Status Exporterimage repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + version: + description: Node Status Exporterimage tag + type: string + type: object + operator: + description: Operator component spec + properties: + annotations: + additionalProperties: + type: string + description: |- + Optional: Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + type: object + defaultRuntime: + default: docker + description: Runtime defines container runtime type + enum: + - docker + - crio + - containerd + type: string + initContainer: + description: InitContainerSpec describes configuration for initContainer + image used with all components + properties: + image: + description: Image represents image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: Repository represents image repository path + type: string + version: + description: Version represents image tag(version) + type: string + type: object + labels: + additionalProperties: + type: string + description: |- + Optional: Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: object + runtimeClass: + default: nvidia + type: string + use_ocp_driver_toolkit: + description: UseOpenShiftDriverToolkit indicates if DriverToolkit + image should be used on OpenShift to build and install driver + modules + type: boolean + required: + - defaultRuntime + type: object + psa: + description: PSA defines spec for PodSecurityAdmission configuration + properties: + enabled: + description: Enabled indicates if PodSecurityAdmission configuration + needs to be enabled for all Pods + type: boolean + type: object + psp: + description: |- + Deprecated: Pod Security Policies are no longer supported. Please use PodSecurityAdmission instead + PSP defines spec for handling PodSecurityPolicies + properties: + enabled: + description: Enabled indicates if PodSecurityPolicies needs to + be enabled for all Pods + type: boolean + type: object + sandboxDevicePlugin: + description: SandboxDevicePlugin component spec + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + enabled: + description: Enabled indicates if deployment of NVIDIA Sandbox + Device Plugin through operator is enabled + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: NVIDIA Sandbox Device Plugin image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: NVIDIA Sandbox Device Plugin image repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + version: + description: NVIDIA Sandbox Device Plugin image tag + type: string + type: object + sandboxWorkloads: + description: SandboxWorkloads defines the spec for handling sandbox + workloads (i.e. Virtual Machines) + properties: + defaultWorkload: + default: container + description: |- + DefaultWorkload indicates the default GPU workload type to configure + worker nodes in the cluster for + enum: + - container + - vm-passthrough + - vm-vgpu + type: string + enabled: + description: |- + Enabled indicates if the GPU Operator should manage additional operands required + for sandbox workloads (i.e. VFIO Manager, vGPU Manager, and additional device plugins) + type: boolean + type: object + toolkit: + description: Toolkit component spec + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + enabled: + description: Enabled indicates if deployment of NVIDIA Container + Toolkit through operator is enabled + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: NVIDIA Container Toolkit image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + installDir: + default: /usr/local/nvidia + description: Toolkit install directory on the host + type: string + repository: + description: NVIDIA Container Toolkit image repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + version: + description: NVIDIA Container Toolkit image tag + type: string + type: object + validator: + description: Validator defines the spec for operator-validator daemonset + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + cuda: + description: CUDA validator spec + properties: + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + type: object + driver: + description: Toolkit validator spec + properties: + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + type: object + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: Validator image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + plugin: + description: Plugin validator spec + properties: + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + type: object + repository: + description: Validator image repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + toolkit: + description: Toolkit validator spec + properties: + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + type: object + version: + description: Validator image tag + type: string + vfioPCI: + description: VfioPCI validator spec + properties: + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + type: object + vgpuDevices: + description: VGPUDevices validator spec + properties: + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + type: object + vgpuManager: + description: VGPUManager validator spec + properties: + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + type: object + type: object + vfioManager: + description: VFIOManager for configuration to deploy VFIO-PCI Manager + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + driverManager: + description: DriverManager represents configuration for NVIDIA + Driver Manager + properties: + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: Image represents NVIDIA Driver Manager image + name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: Repository represents Driver Managerrepository + path + type: string + version: + description: Version represents NVIDIA Driver Manager image + tag(version) + type: string + type: object + enabled: + description: Enabled indicates if deployment of VFIO Manager is + enabled + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: VFIO Manager image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: VFIO Manager image repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + version: + description: VFIO Manager image tag + type: string + type: object + vgpuDeviceManager: + description: VGPUDeviceManager spec + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + config: + description: NVIDIA vGPU devices configuration for NVIDIA vGPU + Device Manager container + properties: + default: + default: default + description: Default config name within the ConfigMap + type: string + name: + description: ConfigMap name + type: string + type: object + enabled: + description: Enabled indicates if deployment of NVIDIA vGPU Device + Manager is enabled + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: NVIDIA vGPU Device Manager image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: NVIDIA vGPU Device Manager image repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + version: + description: NVIDIA vGPU Device Manager image tag + type: string + type: object + vgpuManager: + description: VGPUManager component spec + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + driverManager: + description: DriverManager represents configuration for NVIDIA + Driver Manager initContainer + properties: + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: Image represents NVIDIA Driver Manager image + name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: Repository represents Driver Managerrepository + path + type: string + version: + description: Version represents NVIDIA Driver Manager image + tag(version) + type: string + type: object + enabled: + description: Enabled indicates if deployment of NVIDIA vGPU Manager + through operator is enabled + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: NVIDIA vGPU Manager image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: NVIDIA vGPU Manager image repository + type: string + resources: + description: 'Optional: Define resources requests and limits for + each pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + version: + description: NVIDIA vGPU Manager image tag + type: string + type: object + required: + - daemonsets + - dcgm + - dcgmExporter + - devicePlugin + - driver + - gfd + - nodeStatusExporter + - operator + - toolkit + type: object + status: + description: ClusterPolicyStatus defines the observed state of ClusterPolicy + properties: + conditions: + description: Conditions is a list of conditions representing the ClusterPolicy's + current state. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + namespace: + description: Namespace indicates a namespace in which the operator + is installed + type: string + state: + description: State indicates status of ClusterPolicy + enum: + - ignored + - ready + - notReady + type: string + required: + - state + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/gpu-operator/charts/gpu-operator/crds/nvidia.com_nvidiadrivers.yaml b/packages/system/gpu-operator/charts/gpu-operator/crds/nvidia.com_nvidiadrivers.yaml new file mode 100644 index 00000000..97e023bf --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/crds/nvidia.com_nvidiadrivers.yaml @@ -0,0 +1,809 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: nvidiadrivers.nvidia.com +spec: + group: nvidia.com + names: + kind: NVIDIADriver + listKind: NVIDIADriverList + plural: nvidiadrivers + shortNames: + - nvd + - nvdriver + - nvdrivers + singular: nvidiadriver + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: NVIDIADriver is the Schema for the nvidiadrivers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NVIDIADriverSpec defines the desired state of NVIDIADriver + properties: + annotations: + additionalProperties: + type: string + description: |- + Optional: Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + type: object + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + certConfig: + description: 'Optional: Custom certificates configuration for NVIDIA + Driver container' + properties: + name: + type: string + type: object + driverType: + default: gpu + description: DriverType defines NVIDIA driver type + enum: + - gpu + - vgpu + - vgpu-host-manager + type: string + x-kubernetes-validations: + - message: driverType is an immutable field. Please create a new NvidiaDriver + resource instead when you want to change this setting. + rule: self == oldSelf + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + gdrcopy: + description: GDRCopy defines the spec for GDRCopy driver + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + enabled: + description: Enabled indicates if GDRCopy is enabled through GPU + operator + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: GDRCopy driver image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: GDRCopy diver image repository + type: string + version: + description: GDRCopy driver image tag + type: string + type: object + gds: + description: GPUDirectStorage defines the spec for GDS driver + properties: + args: + description: 'Optional: List of arguments' + items: + type: string + type: array + enabled: + description: Enabled indicates if GPUDirect Storage is enabled + through GPU operator + type: boolean + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: NVIDIA GPUDirect Storage Driver image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: NVIDIA GPUDirect Storage Driver image repository + type: string + version: + description: NVIDIA GPUDirect Storage Driver image tag + type: string + type: object + image: + default: nvcr.io/nvidia/driver + description: NVIDIA Driver container image name + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + kernelModuleConfig: + description: 'Optional: Kernel module configuration parameters for + the NVIDIA Driver' + properties: + name: + type: string + type: object + kernelModuleType: + default: auto + description: |- + KernelModuleType represents the type of driver kernel modules to be used when installing the GPU driver. + Accepted values are auto, proprietary and open. NOTE: If auto is chosen, it means that the recommended kernel module + type is chosen based on the GPU devices on the host and the driver branch used + enum: + - auto + - open + - proprietary + type: string + labels: + additionalProperties: + type: string + description: |- + Optional: Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + type: object + licensingConfig: + description: 'Optional: Licensing configuration for NVIDIA vGPU licensing' + properties: + name: + type: string + nlsEnabled: + description: NLSEnabled indicates if NVIDIA Licensing System is + used for licensing. + type: boolean + type: object + livenessProbe: + description: NVIDIA Driver container liveness probe settings + properties: + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + minimum: 1 + type: integer + type: object + manager: + description: Manager represents configuration for NVIDIA Driver Manager + initContainer + properties: + env: + description: 'Optional: List of environment variables' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + type: object + type: array + image: + description: Image represents NVIDIA Driver Manager image name + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullPolicy: + description: Image pull policy + type: string + imagePullSecrets: + description: Image pull secrets + items: + type: string + type: array + repository: + description: Repository represents Driver Managerrepository path + type: string + version: + description: Version represents NVIDIA Driver Manager image tag(version) + type: string + type: object + nodeAffinity: + description: Affinity specifies node affinity rules for driver pods + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector requirements by + node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by + node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by + node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements by + node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector specifies a selector for installation of + NVIDIA driver + type: object + priorityClassName: + description: 'Optional: Set priorityClassName' + type: string + rdma: + description: GPUDirectRDMA defines the spec for NVIDIA Peer Memory + driver + properties: + enabled: + description: Enabled indicates if GPUDirect RDMA is enabled through + GPU operator + type: boolean + useHostMofed: + description: UseHostMOFED indicates to use MOFED drivers directly + installed on the host to enable GPUDirect RDMA + type: boolean + type: object + readinessProbe: + description: NVIDIA Driver container readiness probe settings + properties: + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + minimum: 1 + type: integer + type: object + repoConfig: + description: 'Optional: Custom repo configuration for NVIDIA Driver + container' + properties: + name: + type: string + type: object + repository: + description: NVIDIA Driver repository + type: string + resources: + description: 'Optional: Define resources requests and limits for each + pod' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: NVIDIA Driver container startup probe settings + properties: + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + minimum: 1 + type: integer + type: object + tolerations: + description: 'Optional: Set tolerations' + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useOpenKernelModules: + description: |- + Deprecated: This field is no longer honored by the gpu-operator. Please use KernelModuleType instead. + UseOpenKernelModules indicates if the open GPU kernel modules should be used + type: boolean + usePrecompiled: + description: UsePrecompiled indicates if deployment of NVIDIA Driver + using pre-compiled modules is enabled + type: boolean + x-kubernetes-validations: + - message: usePrecompiled is an immutable field. Please create a new + NvidiaDriver resource instead when you want to change this setting. + rule: self == oldSelf + version: + description: NVIDIA Driver version (or just branch for precompiled + drivers) + type: string + virtualTopologyConfig: + description: 'Optional: Virtual Topology Daemon configuration for + NVIDIA vGPU drivers' + properties: + name: + description: 'Optional: Config name representing virtual topology + daemon configuration file nvidia-topologyd.conf' + type: string + type: object + required: + - driverType + - image + type: object + status: + description: NVIDIADriverStatus defines the observed state of NVIDIADriver + properties: + conditions: + description: Conditions is a list of conditions representing the NVIDIADriver's + current state. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + namespace: + description: Namespace indicates a namespace in which the operator + and driver are installed + type: string + state: + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + State indicates status of NVIDIADriver instance + enum: + - ignored + - ready + - notReady + type: string + required: + - state + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/_helpers.tpl b/packages/system/gpu-operator/charts/gpu-operator/templates/_helpers.tpl new file mode 100644 index 00000000..305c9d1f --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/_helpers.tpl @@ -0,0 +1,80 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "gpu-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gpu-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gpu-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} + +{{- define "gpu-operator.labels" -}} +app.kubernetes.io/name: {{ include "gpu-operator.name" . }} +helm.sh/chart: {{ include "gpu-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.operator.labels }} +{{ toYaml .Values.operator.labels }} +{{- end }} +{{- end -}} + +{{- define "gpu-operator.operand-labels" -}} +helm.sh/chart: {{ include "gpu-operator.chart" . }} +app.kubernetes.io/managed-by: {{ include "gpu-operator.name" . }} +{{- if .Values.daemonsets.labels }} +{{ toYaml .Values.daemonsets.labels }} +{{- end }} +{{- end -}} + +{{- define "gpu-operator.matchLabels" -}} +app.kubernetes.io/name: {{ include "gpu-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Full image name with tag +*/}} +{{- define "gpu-operator.fullimage" -}} +{{- .Values.operator.repository -}}/{{- .Values.operator.image -}}:{{- .Values.operator.version | default .Chart.AppVersion -}} +{{- end }} + +{{/* +Full image name with tag +*/}} +{{- define "driver-manager.fullimage" -}} +{{- .Values.driver.manager.repository -}}/{{- .Values.driver.manager.image -}}:{{- .Values.driver.manager.version -}} +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/cleanup_crd.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/cleanup_crd.yaml new file mode 100644 index 00000000..670bedc2 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/cleanup_crd.yaml @@ -0,0 +1,50 @@ +{{- if .Values.operator.cleanupCRD }} +apiVersion: batch/v1 +kind: Job +metadata: + name: gpu-operator-cleanup-crd + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + labels: + {{- include "gpu-operator.labels" . | nindent 4 }} + app.kubernetes.io/component: "gpu-operator" +spec: + template: + metadata: + name: gpu-operator-cleanup-crd + labels: + {{- include "gpu-operator.labels" . | nindent 8 }} + app.kubernetes.io/component: "gpu-operator" + spec: + serviceAccountName: gpu-operator + {{- if .Values.operator.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.operator.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.operator.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: cleanup-crd + image: {{ include "gpu-operator.fullimage" . }} + imagePullPolicy: {{ .Values.operator.imagePullPolicy }} + command: + - /bin/sh + - -c + - > + kubectl delete clusterpolicy cluster-policy; + kubectl delete crd clusterpolicies.nvidia.com; + kubectl delete crd nvidiadrivers.nvidia.com --ignore-not-found=true; + {{- if .Values.nfd.enabled -}} + kubectl delete crd nodefeatures.nfd.k8s-sigs.io --ignore-not-found=true; + kubectl delete crd nodefeaturegroups.nfd.k8s-sigs.io --ignore-not-found=true; + kubectl delete crd nodefeaturerules.nfd.k8s-sigs.io --ignore-not-found=true; + {{- end }} + restartPolicy: OnFailure +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/clusterpolicy.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/clusterpolicy.yaml new file mode 100644 index 00000000..763716d7 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/clusterpolicy.yaml @@ -0,0 +1,680 @@ +apiVersion: nvidia.com/v1 +kind: ClusterPolicy +metadata: + name: cluster-policy + labels: + {{- include "gpu-operator.labels" . | nindent 4 }} + app.kubernetes.io/component: "gpu-operator" + {{- if .Values.operator.cleanupCRD }} + # CR cleanup is handled during pre-delete hook + # Add below annotation so that helm doesn't attempt to cleanup CR twice + annotations: + "helm.sh/resource-policy": keep + {{- end }} +spec: + hostPaths: + rootFS: {{ .Values.hostPaths.rootFS }} + driverInstallDir: {{ .Values.hostPaths.driverInstallDir }} + operator: + {{- if .Values.operator.runtimeClass }} + runtimeClass: {{ .Values.operator.runtimeClass }} + {{- end }} + {{- if .Values.operator.defaultGPUMode }} + defaultGPUMode: {{ .Values.operator.defaultGPUMode }} + {{- end }} + {{- if .Values.operator.initContainer }} + initContainer: + {{- if .Values.operator.initContainer.repository }} + repository: {{ .Values.operator.initContainer.repository }} + {{- end }} + {{- if .Values.operator.initContainer.image }} + image: {{ .Values.operator.initContainer.image }} + {{- end }} + {{- if .Values.operator.initContainer.version }} + version: {{ .Values.operator.initContainer.version | quote }} + {{- end }} + {{- if .Values.operator.initContainer.imagePullPolicy }} + imagePullPolicy: {{ .Values.operator.initContainer.imagePullPolicy }} + {{- end }} + {{- if .Values.operator.initContainer.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.operator.initContainer.imagePullSecrets | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.operator.use_ocp_driver_toolkit }} + use_ocp_driver_toolkit: {{ .Values.operator.use_ocp_driver_toolkit }} + {{- end }} + daemonsets: + labels: + {{- include "gpu-operator.operand-labels" . | nindent 6 }} + {{- if .Values.daemonsets.annotations }} + annotations: {{ toYaml .Values.daemonsets.annotations | nindent 6 }} + {{- end }} + {{- if .Values.daemonsets.tolerations }} + tolerations: {{ toYaml .Values.daemonsets.tolerations | nindent 6 }} + {{- end }} + {{- if .Values.daemonsets.priorityClassName }} + priorityClassName: {{ .Values.daemonsets.priorityClassName }} + {{- end }} + {{- if .Values.daemonsets.updateStrategy }} + updateStrategy: {{ .Values.daemonsets.updateStrategy }} + {{- end }} + {{- if .Values.daemonsets.rollingUpdate }} + rollingUpdate: + maxUnavailable: {{ .Values.daemonsets.rollingUpdate.maxUnavailable | quote }} + {{- end }} + validator: + {{- if .Values.validator.repository }} + repository: {{ .Values.validator.repository }} + {{- end }} + {{- if .Values.validator.image }} + image: {{ .Values.validator.image }} + {{- end }} + version: {{ .Values.validator.version | default .Chart.AppVersion | quote }} + {{- if .Values.validator.imagePullPolicy }} + imagePullPolicy: {{ .Values.validator.imagePullPolicy }} + {{- end }} + {{- if .Values.validator.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.validator.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.validator.resources }} + resources: {{ toYaml .Values.validator.resources | nindent 6 }} + {{- end }} + {{- if .Values.validator.env }} + env: {{ toYaml .Values.validator.env | nindent 6 }} + {{- end }} + {{- if .Values.validator.args }} + args: {{ toYaml .Values.validator.args | nindent 6 }} + {{- end }} + {{- if .Values.validator.plugin }} + plugin: + {{- if .Values.validator.plugin.env }} + env: {{ toYaml .Values.validator.plugin.env | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.validator.cuda }} + cuda: + {{- if .Values.validator.cuda.env }} + env: {{ toYaml .Values.validator.cuda.env | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.validator.driver }} + driver: + {{- if .Values.validator.driver.env }} + env: {{ toYaml .Values.validator.driver.env | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.validator.toolkit }} + toolkit: + {{- if .Values.validator.toolkit.env }} + env: {{ toYaml .Values.validator.toolkit.env | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.validator.vfioPCI }} + vfioPCI: + {{- if .Values.validator.vfioPCI.env }} + env: {{ toYaml .Values.validator.vfioPCI.env | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.validator.vgpuManager }} + vgpuManager: + {{- if .Values.validator.vgpuManager.env }} + env: {{ toYaml .Values.validator.vgpuManager.env | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.validator.vgpuDevices }} + vgpuDevices: + {{- if .Values.validator.vgpuDevices.env }} + env: {{ toYaml .Values.validator.vgpuDevices.env | nindent 8 }} + {{- end }} + {{- end }} + + mig: + {{- if .Values.mig.strategy }} + strategy: {{ .Values.mig.strategy }} + {{- end }} + psa: + enabled: {{ .Values.psa.enabled }} + cdi: + enabled: {{ .Values.cdi.enabled }} + default: {{ .Values.cdi.default }} + driver: + enabled: {{ .Values.driver.enabled }} + useNvidiaDriverCRD: {{ .Values.driver.nvidiaDriverCRD.enabled }} + kernelModuleType: {{ .Values.driver.kernelModuleType }} + usePrecompiled: {{ .Values.driver.usePrecompiled }} + {{- if .Values.driver.repository }} + repository: {{ .Values.driver.repository }} + {{- end }} + {{- if .Values.driver.image }} + image: {{ .Values.driver.image }} + {{- end }} + {{- if .Values.driver.version }} + version: {{ .Values.driver.version | quote }} + {{- end }} + {{- if .Values.driver.imagePullPolicy }} + imagePullPolicy: {{ .Values.driver.imagePullPolicy }} + {{- end }} + {{- if .Values.driver.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.driver.imagePullSecrets | nindent 6 }} + {{- end }} + {{- if .Values.driver.startupProbe }} + startupProbe: {{ toYaml .Values.driver.startupProbe | nindent 6 }} + {{- end }} + {{- if .Values.driver.livenessProbe }} + livenessProbe: {{ toYaml .Values.driver.livenessProbe | nindent 6 }} + {{- end }} + {{- if .Values.driver.readinessProbe }} + readinessProbe: {{ toYaml .Values.driver.readinessProbe | nindent 6 }} + {{- end }} + rdma: + enabled: {{ .Values.driver.rdma.enabled }} + useHostMofed: {{ .Values.driver.rdma.useHostMofed }} + manager: + {{- if .Values.driver.manager.repository }} + repository: {{ .Values.driver.manager.repository }} + {{- end }} + {{- if .Values.driver.manager.image }} + image: {{ .Values.driver.manager.image }} + {{- end }} + {{- if .Values.driver.manager.version }} + version: {{ .Values.driver.manager.version | quote }} + {{- end }} + {{- if .Values.driver.manager.imagePullPolicy }} + imagePullPolicy: {{ .Values.driver.manager.imagePullPolicy }} + {{- end }} + {{- if .Values.driver.manager.env }} + env: {{ toYaml .Values.driver.manager.env | nindent 8 }} + {{- end }} + {{- if .Values.driver.repoConfig }} + repoConfig: {{ toYaml .Values.driver.repoConfig | nindent 6 }} + {{- end }} + {{- if .Values.driver.certConfig }} + certConfig: {{ toYaml .Values.driver.certConfig | nindent 6 }} + {{- end }} + {{- if .Values.driver.licensingConfig }} + licensingConfig: {{ toYaml .Values.driver.licensingConfig | nindent 6 }} + {{- end }} + {{- if .Values.driver.virtualTopology }} + virtualTopology: {{ toYaml .Values.driver.virtualTopology | nindent 6 }} + {{- end }} + {{- if .Values.driver.kernelModuleConfig }} + kernelModuleConfig: {{ toYaml .Values.driver.kernelModuleConfig | nindent 6 }} + {{- end }} + {{- if .Values.driver.resources }} + resources: {{ toYaml .Values.driver.resources | nindent 6 }} + {{- end }} + {{- if .Values.driver.env }} + env: {{ toYaml .Values.driver.env | nindent 6 }} + {{- end }} + {{- if .Values.driver.args }} + args: {{ toYaml .Values.driver.args | nindent 6 }} + {{- end }} + {{- if .Values.driver.upgradePolicy }} + upgradePolicy: + autoUpgrade: {{ .Values.driver.upgradePolicy.autoUpgrade | default false }} + maxParallelUpgrades: {{ .Values.driver.upgradePolicy.maxParallelUpgrades | default 0 }} + maxUnavailable : {{ .Values.driver.upgradePolicy.maxUnavailable | default "25%" }} + waitForCompletion: + timeoutSeconds: {{ .Values.driver.upgradePolicy.waitForCompletion.timeoutSeconds }} + {{- if .Values.driver.upgradePolicy.waitForCompletion.podSelector }} + podSelector: {{ .Values.driver.upgradePolicy.waitForCompletion.podSelector }} + {{- end }} + podDeletion: + force: {{ .Values.driver.upgradePolicy.gpuPodDeletion.force | default false }} + timeoutSeconds: {{ .Values.driver.upgradePolicy.gpuPodDeletion.timeoutSeconds }} + deleteEmptyDir: {{ .Values.driver.upgradePolicy.gpuPodDeletion.deleteEmptyDir | default false }} + drain: + enable: {{ .Values.driver.upgradePolicy.drain.enable | default false }} + force: {{ .Values.driver.upgradePolicy.drain.force | default false }} + {{- if .Values.driver.upgradePolicy.drain.podSelector }} + podSelector: {{ .Values.driver.upgradePolicy.drain.podSelector }} + {{- end }} + timeoutSeconds: {{ .Values.driver.upgradePolicy.drain.timeoutSeconds }} + deleteEmptyDir: {{ .Values.driver.upgradePolicy.drain.deleteEmptyDir | default false}} + {{- end }} + vgpuManager: + enabled: {{ .Values.vgpuManager.enabled }} + {{- if .Values.vgpuManager.repository }} + repository: {{ .Values.vgpuManager.repository }} + {{- end }} + {{- if .Values.vgpuManager.image }} + image: {{ .Values.vgpuManager.image }} + {{- end }} + {{- if .Values.vgpuManager.version }} + version: {{ .Values.vgpuManager.version | quote }} + {{- end }} + {{- if .Values.vgpuManager.imagePullPolicy }} + imagePullPolicy: {{ .Values.vgpuManager.imagePullPolicy }} + {{- end }} + {{- if .Values.vgpuManager.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.vgpuManager.imagePullSecrets | nindent 6 }} + {{- end }} + {{- if .Values.vgpuManager.resources }} + resources: {{ toYaml .Values.vgpuManager.resources | nindent 6 }} + {{- end }} + {{- if .Values.vgpuManager.env }} + env: {{ toYaml .Values.vgpuManager.env | nindent 6 }} + {{- end }} + {{- if .Values.vgpuManager.args }} + args: {{ toYaml .Values.vgpuManager.args | nindent 6 }} + {{- end }} + driverManager: + {{- if .Values.vgpuManager.driverManager.repository }} + repository: {{ .Values.vgpuManager.driverManager.repository }} + {{- end }} + {{- if .Values.vgpuManager.driverManager.image }} + image: {{ .Values.vgpuManager.driverManager.image }} + {{- end }} + {{- if .Values.vgpuManager.driverManager.version }} + version: {{ .Values.vgpuManager.driverManager.version | quote }} + {{- end }} + {{- if .Values.vgpuManager.driverManager.imagePullPolicy }} + imagePullPolicy: {{ .Values.vgpuManager.driverManager.imagePullPolicy }} + {{- end }} + {{- if .Values.vgpuManager.driverManager.env }} + env: {{ toYaml .Values.vgpuManager.driverManager.env | nindent 8 }} + {{- end }} + kataManager: + enabled: {{ .Values.kataManager.enabled }} + config: {{ toYaml .Values.kataManager.config | nindent 6 }} + {{- if .Values.kataManager.repository }} + repository: {{ .Values.kataManager.repository }} + {{- end }} + {{- if .Values.kataManager.image }} + image: {{ .Values.kataManager.image }} + {{- end }} + {{- if .Values.kataManager.version }} + version: {{ .Values.kataManager.version | quote }} + {{- end }} + {{- if .Values.kataManager.imagePullPolicy }} + imagePullPolicy: {{ .Values.kataManager.imagePullPolicy }} + {{- end }} + {{- if .Values.kataManager.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.kataManager.imagePullSecrets | nindent 6 }} + {{- end }} + {{- if .Values.kataManager.resources }} + resources: {{ toYaml .Values.kataManager.resources | nindent 6 }} + {{- end }} + {{- if .Values.kataManager.env }} + env: {{ toYaml .Values.kataManager.env | nindent 6 }} + {{- end }} + {{- if .Values.kataManager.args }} + args: {{ toYaml .Values.kataManager.args | nindent 6 }} + {{- end }} + vfioManager: + enabled: {{ .Values.vfioManager.enabled }} + {{- if .Values.vfioManager.repository }} + repository: {{ .Values.vfioManager.repository }} + {{- end }} + {{- if .Values.vfioManager.image }} + image: {{ .Values.vfioManager.image }} + {{- end }} + {{- if .Values.vfioManager.version }} + version: {{ .Values.vfioManager.version | quote }} + {{- end }} + {{- if .Values.vfioManager.imagePullPolicy }} + imagePullPolicy: {{ .Values.vfioManager.imagePullPolicy }} + {{- end }} + {{- if .Values.vfioManager.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.vfioManager.imagePullSecrets | nindent 6 }} + {{- end }} + {{- if .Values.vfioManager.resources }} + resources: {{ toYaml .Values.vfioManager.resources | nindent 6 }} + {{- end }} + {{- if .Values.vfioManager.env }} + env: {{ toYaml .Values.vfioManager.env | nindent 6 }} + {{- end }} + {{- if .Values.vfioManager.args }} + args: {{ toYaml .Values.vfioManager.args | nindent 6 }} + {{- end }} + driverManager: + {{- if .Values.vfioManager.driverManager.repository }} + repository: {{ .Values.vfioManager.driverManager.repository }} + {{- end }} + {{- if .Values.vfioManager.driverManager.image }} + image: {{ .Values.vfioManager.driverManager.image }} + {{- end }} + {{- if .Values.vfioManager.driverManager.version }} + version: {{ .Values.vfioManager.driverManager.version | quote }} + {{- end }} + {{- if .Values.vfioManager.driverManager.imagePullPolicy }} + imagePullPolicy: {{ .Values.vfioManager.driverManager.imagePullPolicy }} + {{- end }} + {{- if .Values.vfioManager.driverManager.env }} + env: {{ toYaml .Values.vfioManager.driverManager.env | nindent 8 }} + {{- end }} + vgpuDeviceManager: + enabled: {{ .Values.vgpuDeviceManager.enabled }} + {{- if .Values.vgpuDeviceManager.repository }} + repository: {{ .Values.vgpuDeviceManager.repository }} + {{- end }} + {{- if .Values.vgpuDeviceManager.image }} + image: {{ .Values.vgpuDeviceManager.image }} + {{- end }} + {{- if .Values.vgpuDeviceManager.version }} + version: {{ .Values.vgpuDeviceManager.version | quote }} + {{- end }} + {{- if .Values.vgpuDeviceManager.imagePullPolicy }} + imagePullPolicy: {{ .Values.vgpuDeviceManager.imagePullPolicy }} + {{- end }} + {{- if .Values.vgpuDeviceManager.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.vgpuDeviceManager.imagePullSecrets | nindent 6 }} + {{- end }} + {{- if .Values.vgpuDeviceManager.resources }} + resources: {{ toYaml .Values.vgpuDeviceManager.resources | nindent 6 }} + {{- end }} + {{- if .Values.vgpuDeviceManager.env }} + env: {{ toYaml .Values.vgpuDeviceManager.env | nindent 6 }} + {{- end }} + {{- if .Values.vgpuDeviceManager.args }} + args: {{ toYaml .Values.vgpuDeviceManager.args | nindent 6 }} + {{- end }} + {{- if .Values.vgpuDeviceManager.config }} + config: {{ toYaml .Values.vgpuDeviceManager.config | nindent 6 }} + {{- end }} + ccManager: + enabled: {{ .Values.ccManager.enabled }} + defaultMode: {{ .Values.ccManager.defaultMode | quote }} + {{- if .Values.ccManager.repository }} + repository: {{ .Values.ccManager.repository }} + {{- end }} + {{- if .Values.ccManager.image }} + image: {{ .Values.ccManager.image }} + {{- end }} + {{- if .Values.ccManager.version }} + version: {{ .Values.ccManager.version | quote }} + {{- end }} + {{- if .Values.ccManager.imagePullPolicy }} + imagePullPolicy: {{ .Values.ccManager.imagePullPolicy }} + {{- end }} + {{- if .Values.ccManager.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.ccManager.imagePullSecrets | nindent 6 }} + {{- end }} + {{- if .Values.ccManager.resources }} + resources: {{ toYaml .Values.ccManager.resources | nindent 6 }} + {{- end }} + {{- if .Values.ccManager.env }} + env: {{ toYaml .Values.vfioManager.env | nindent 6 }} + {{- end }} + {{- if .Values.ccManager.args }} + args: {{ toYaml .Values.ccManager.args | nindent 6 }} + {{- end }} + toolkit: + enabled: {{ .Values.toolkit.enabled }} + {{- if .Values.toolkit.repository }} + repository: {{ .Values.toolkit.repository }} + {{- end }} + {{- if .Values.toolkit.image }} + image: {{ .Values.toolkit.image }} + {{- end }} + {{- if .Values.toolkit.version }} + version: {{ .Values.toolkit.version | quote }} + {{- end }} + {{- if .Values.toolkit.imagePullPolicy }} + imagePullPolicy: {{ .Values.toolkit.imagePullPolicy }} + {{- end }} + {{- if .Values.toolkit.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.toolkit.imagePullSecrets | nindent 6 }} + {{- end }} + {{- if .Values.toolkit.resources }} + resources: {{ toYaml .Values.toolkit.resources | nindent 6 }} + {{- end }} + {{- if .Values.toolkit.env }} + env: {{ toYaml .Values.toolkit.env | nindent 6 }} + {{- end }} + {{- if .Values.toolkit.installDir }} + installDir: {{ .Values.toolkit.installDir }} + {{- end }} + devicePlugin: + enabled: {{ .Values.devicePlugin.enabled }} + {{- if .Values.devicePlugin.repository }} + repository: {{ .Values.devicePlugin.repository }} + {{- end }} + {{- if .Values.devicePlugin.image }} + image: {{ .Values.devicePlugin.image }} + {{- end }} + {{- if .Values.devicePlugin.version }} + version: {{ .Values.devicePlugin.version | quote }} + {{- end }} + {{- if .Values.devicePlugin.imagePullPolicy }} + imagePullPolicy: {{ .Values.devicePlugin.imagePullPolicy }} + {{- end }} + {{- if .Values.devicePlugin.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.devicePlugin.imagePullSecrets | nindent 6 }} + {{- end }} + {{- if .Values.devicePlugin.resources }} + resources: {{ toYaml .Values.devicePlugin.resources | nindent 6 }} + {{- end }} + {{- if .Values.devicePlugin.env }} + env: {{ toYaml .Values.devicePlugin.env | nindent 6 }} + {{- end }} + {{- if .Values.devicePlugin.args }} + args: {{ toYaml .Values.devicePlugin.args | nindent 6 }} + {{- end }} + {{- if .Values.devicePlugin.config.name }} + config: + name: {{ .Values.devicePlugin.config.name }} + default: {{ .Values.devicePlugin.config.default }} + {{- end }} + dcgm: + enabled: {{ .Values.dcgm.enabled }} + {{- if .Values.dcgm.repository }} + repository: {{ .Values.dcgm.repository }} + {{- end }} + {{- if .Values.dcgm.image }} + image: {{ .Values.dcgm.image }} + {{- end }} + {{- if .Values.dcgm.version }} + version: {{ .Values.dcgm.version | quote }} + {{- end }} + {{- if .Values.dcgm.imagePullPolicy }} + imagePullPolicy: {{ .Values.dcgm.imagePullPolicy }} + {{- end }} + {{- if .Values.dcgm.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.dcgm.imagePullSecrets | nindent 6 }} + {{- end }} + {{- if .Values.dcgm.resources }} + resources: {{ toYaml .Values.dcgm.resources | nindent 6 }} + {{- end }} + {{- if .Values.dcgm.env }} + env: {{ toYaml .Values.dcgm.env | nindent 6 }} + {{- end }} + {{- if .Values.dcgm.args }} + args: {{ toYaml .Values.dcgm.args | nindent 6 }} + {{- end }} + dcgmExporter: + enabled: {{ .Values.dcgmExporter.enabled }} + {{- if .Values.dcgmExporter.repository }} + repository: {{ .Values.dcgmExporter.repository }} + {{- end }} + {{- if .Values.dcgmExporter.image }} + image: {{ .Values.dcgmExporter.image }} + {{- end }} + {{- if .Values.dcgmExporter.version }} + version: {{ .Values.dcgmExporter.version | quote }} + {{- end }} + {{- if .Values.dcgmExporter.imagePullPolicy }} + imagePullPolicy: {{ .Values.dcgmExporter.imagePullPolicy }} + {{- end }} + {{- if .Values.dcgmExporter.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.dcgmExporter.imagePullSecrets | nindent 6 }} + {{- end }} + {{- if .Values.dcgmExporter.resources }} + resources: {{ toYaml .Values.dcgmExporter.resources | nindent 6 }} + {{- end }} + {{- if .Values.dcgmExporter.env }} + env: {{ toYaml .Values.dcgmExporter.env | nindent 6 }} + {{- end }} + {{- if .Values.dcgmExporter.args }} + args: {{ toYaml .Values.dcgmExporter.args | nindent 6 }} + {{- end }} + {{- if and (.Values.dcgmExporter.config) (.Values.dcgmExporter.config.name) }} + config: + name: {{ .Values.dcgmExporter.config.name }} + {{- end }} + {{- if .Values.dcgmExporter.serviceMonitor }} + serviceMonitor: {{ toYaml .Values.dcgmExporter.serviceMonitor | nindent 6 }} + {{- end }} + gfd: + enabled: {{ .Values.gfd.enabled }} + {{- if .Values.gfd.repository }} + repository: {{ .Values.gfd.repository }} + {{- end }} + {{- if .Values.gfd.image }} + image: {{ .Values.gfd.image }} + {{- end }} + {{- if .Values.gfd.version }} + version: {{ .Values.gfd.version | quote }} + {{- end }} + {{- if .Values.gfd.imagePullPolicy }} + imagePullPolicy: {{ .Values.gfd.imagePullPolicy }} + {{- end }} + {{- if .Values.gfd.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.gfd.imagePullSecrets | nindent 6 }} + {{- end }} + {{- if .Values.gfd.resources }} + resources: {{ toYaml .Values.gfd.resources | nindent 6 }} + {{- end }} + {{- if .Values.gfd.env }} + env: {{ toYaml .Values.gfd.env | nindent 6 }} + {{- end }} + {{- if .Values.gfd.args }} + args: {{ toYaml .Values.gfd.args | nindent 6 }} + {{- end }} + migManager: + enabled: {{ .Values.migManager.enabled }} + {{- if .Values.migManager.repository }} + repository: {{ .Values.migManager.repository }} + {{- end }} + {{- if .Values.migManager.image }} + image: {{ .Values.migManager.image }} + {{- end }} + {{- if .Values.migManager.version }} + version: {{ .Values.migManager.version | quote }} + {{- end }} + {{- if .Values.migManager.imagePullPolicy }} + imagePullPolicy: {{ .Values.migManager.imagePullPolicy }} + {{- end }} + {{- if .Values.migManager.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.migManager.imagePullSecrets | nindent 6 }} + {{- end }} + {{- if .Values.migManager.resources }} + resources: {{ toYaml .Values.migManager.resources | nindent 6 }} + {{- end }} + {{- if .Values.migManager.env }} + env: {{ toYaml .Values.migManager.env | nindent 6 }} + {{- end }} + {{- if .Values.migManager.args }} + args: {{ toYaml .Values.migManager.args | nindent 6 }} + {{- end }} + {{- if .Values.migManager.config }} + config: + name: {{ .Values.migManager.config.name }} + default: {{ .Values.migManager.config.default }} + {{- end }} + {{- if .Values.migManager.gpuClientsConfig }} + gpuClientsConfig: {{ toYaml .Values.migManager.gpuClientsConfig | nindent 6 }} + {{- end }} + nodeStatusExporter: + enabled: {{ .Values.nodeStatusExporter.enabled }} + {{- if .Values.nodeStatusExporter.repository }} + repository: {{ .Values.nodeStatusExporter.repository }} + {{- end }} + {{- if .Values.nodeStatusExporter.image }} + image: {{ .Values.nodeStatusExporter.image }} + {{- end }} + version: {{ .Values.nodeStatusExporter.version | default .Chart.AppVersion | quote }} + {{- if .Values.nodeStatusExporter.imagePullPolicy }} + imagePullPolicy: {{ .Values.nodeStatusExporter.imagePullPolicy }} + {{- end }} + {{- if .Values.nodeStatusExporter.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.nodeStatusExporter.imagePullSecrets | nindent 6 }} + {{- end }} + {{- if .Values.nodeStatusExporter.resources }} + resources: {{ toYaml .Values.nodeStatusExporter.resources | nindent 6 }} + {{- end }} + {{- if .Values.nodeStatusExporter.env }} + env: {{ toYaml .Values.nodeStatusExporter.env | nindent 6 }} + {{- end }} + {{- if .Values.nodeStatusExporter.args }} + args: {{ toYaml .Values.nodeStatusExporter.args | nindent 6 }} + {{- end }} + {{- if .Values.gds.enabled }} + gds: + enabled: {{ .Values.gds.enabled }} + {{- if .Values.gds.repository }} + repository: {{ .Values.gds.repository }} + {{- end }} + {{- if .Values.gds.image }} + image: {{ .Values.gds.image }} + {{- end }} + version: {{ .Values.gds.version | quote }} + {{- if .Values.gds.imagePullPolicy }} + imagePullPolicy: {{ .Values.gds.imagePullPolicy }} + {{- end }} + {{- if .Values.gds.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.gds.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.gds.env }} + env: {{ toYaml .Values.gds.env | nindent 6 }} + {{- end }} + {{- if .Values.gds.args }} + args: {{ toYaml .Values.gds.args | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.gdrcopy }} + gdrcopy: + enabled: {{ .Values.gdrcopy.enabled | default false }} + {{- if .Values.gdrcopy.repository }} + repository: {{ .Values.gdrcopy.repository }} + {{- end }} + {{- if .Values.gdrcopy.image }} + image: {{ .Values.gdrcopy.image }} + {{- end }} + version: {{ .Values.gdrcopy.version | quote }} + {{- if .Values.gdrcopy.imagePullPolicy }} + imagePullPolicy: {{ .Values.gdrcopy.imagePullPolicy }} + {{- end }} + {{- if .Values.gdrcopy.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.gdrcopy.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.gdrcopy.env }} + env: {{ toYaml .Values.gdrcopy.env | nindent 6 }} + {{- end }} + {{- if .Values.gdrcopy.args }} + args: {{ toYaml .Values.gdrcopy.args | nindent 6 }} + {{- end }} + {{- end }} + sandboxWorkloads: + enabled: {{ .Values.sandboxWorkloads.enabled }} + {{- if .Values.sandboxWorkloads.defaultWorkload }} + defaultWorkload: {{ .Values.sandboxWorkloads.defaultWorkload }} + {{- end }} + sandboxDevicePlugin: + {{- if .Values.sandboxDevicePlugin.enabled }} + enabled: {{ .Values.sandboxDevicePlugin.enabled }} + {{- end }} + {{- if .Values.sandboxDevicePlugin.repository }} + repository: {{ .Values.sandboxDevicePlugin.repository }} + {{- end }} + {{- if .Values.sandboxDevicePlugin.image }} + image: {{ .Values.sandboxDevicePlugin.image }} + {{- end }} + {{- if .Values.sandboxDevicePlugin.version }} + version: {{ .Values.sandboxDevicePlugin.version | quote }} + {{- end }} + {{- if .Values.sandboxDevicePlugin.imagePullPolicy }} + imagePullPolicy: {{ .Values.sandboxDevicePlugin.imagePullPolicy }} + {{- end }} + {{- if .Values.sandboxDevicePlugin.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.sandboxDevicePlugin.imagePullSecrets | nindent 6 }} + {{- end }} + {{- if .Values.sandboxDevicePlugin.resources }} + resources: {{ toYaml .Values.sandboxDevicePlugin.resources | nindent 6 }} + {{- end }} + {{- if .Values.sandboxDevicePlugin.env }} + env: {{ toYaml .Values.sandboxDevicePlugin.env | nindent 6 }} + {{- end }} + {{- if .Values.sandboxDevicePlugin.args }} + args: {{ toYaml .Values.sandboxDevicePlugin.args | nindent 6 }} + {{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/clusterrole.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/clusterrole.yaml new file mode 100644 index 00000000..2af291e2 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/clusterrole.yaml @@ -0,0 +1,155 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gpu-operator + labels: + {{- include "gpu-operator.labels" . | nindent 4 }} + app.kubernetes.io/component: "gpu-operator" +rules: +- apiGroups: + - config.openshift.io + resources: + - clusterversions + - proxies + verbs: + - get + - list + - watch +- apiGroups: + - image.openshift.io + resources: + - imagestreams + verbs: + - get + - list + - watch +- apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + - use +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch +- apiGroups: + - nvidia.com + resources: + - clusterpolicies + - clusterpolicies/finalizers + - clusterpolicies/status + - nvidiadrivers + - nvidiadrivers/finalizers + - nvidiadrivers/status + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + - deletecollection +- apiGroups: + - scheduling.k8s.io + resources: + - priorityclasses + verbs: + - get + - list + - watch + - create +- apiGroups: + - node.k8s.io + resources: + - runtimeclasses + verbs: + - get + - list + - create + - update + - watch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - update + - patch + - create +{{- if .Values.operator.cleanupCRD }} + - delete +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/clusterrolebinding.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..84cdf55d --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/clusterrolebinding.yaml @@ -0,0 +1,15 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: gpu-operator + labels: + {{- include "gpu-operator.labels" . | nindent 4 }} + app.kubernetes.io/component: "gpu-operator" +subjects: +- kind: ServiceAccount + name: gpu-operator + namespace: {{ $.Release.Namespace }} +roleRef: + kind: ClusterRole + name: gpu-operator + apiGroup: rbac.authorization.k8s.io diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/dcgm_exporter_config.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/dcgm_exporter_config.yaml new file mode 100644 index 00000000..c4bf6dcc --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/dcgm_exporter_config.yaml @@ -0,0 +1,14 @@ +{{- if .Values.dcgmExporter.config }} +{{- if and (.Values.dcgmExporter.config.create) (not (empty .Values.dcgmExporter.config.data)) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.dcgmExporter.config.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "gpu-operator.labels" . | nindent 4 }} +data: + dcgm-metrics.csv: | +{{- .Values.dcgmExporter.config.data | nindent 4 }} +{{- end }} +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/mig_config.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/mig_config.yaml new file mode 100644 index 00000000..2ceb0477 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/mig_config.yaml @@ -0,0 +1,10 @@ +{{- if and (.Values.migManager.config.create) (not (empty .Values.migManager.config.data)) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.migManager.config.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "gpu-operator.labels" . | nindent 4 }} +data: {{ toYaml .Values.migManager.config.data | nindent 2 }} +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/nodefeaturerules.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/nodefeaturerules.yaml new file mode 100644 index 00000000..6076b3d3 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/nodefeaturerules.yaml @@ -0,0 +1,107 @@ +{{- if .Values.nfd.nodefeaturerules }} +apiVersion: nfd.k8s-sigs.io/v1alpha1 +kind: NodeFeatureRule +metadata: + name: nvidia-nfd-nodefeaturerules +spec: + rules: + - name: "TDX rule" + labels: + tdx.enabled: "true" + matchFeatures: + - feature: cpu.security + matchExpressions: + tdx.enabled: {op: IsTrue} + - name: "TDX total keys rule" + extendedResources: + tdx.total_keys: "@cpu.security.tdx.total_keys" + matchFeatures: + - feature: cpu.security + matchExpressions: + tdx.enabled: {op: IsTrue} + - name: "SEV-SNP rule" + labels: + sev.snp.enabled: "true" + matchFeatures: + - feature: cpu.security + matchExpressions: + sev.snp.enabled: + op: IsTrue + - name: "SEV-ES rule" + labels: + sev.es.enabled: "true" + matchFeatures: + - feature: cpu.security + matchExpressions: + sev.es.enabled: + op: IsTrue + - name: SEV system capacities + extendedResources: + sev_asids: '@cpu.security.sev.asids' + sev_es: '@cpu.security.sev.encrypted_state_ids' + matchFeatures: + - feature: cpu.security + matchExpressions: + sev.enabled: + op: Exists + - name: "NVIDIA H100" + labels: + "nvidia.com/gpu.H100": "true" + "nvidia.com/gpu.family": "hopper" + matchFeatures: + - feature: pci.device + matchExpressions: + vendor: {op: In, value: ["10de"]} + device: {op: In, value: ["2339"]} + - name: "NVIDIA H100 PCIe" + labels: + "nvidia.com/gpu.H100.pcie": "true" + "nvidia.com/gpu.family": "hopper" + matchFeatures: + - feature: pci.device + matchExpressions: + vendor: {op: In, value: ["10de"]} + device: {op: In, value: ["2331"]} + - name: "NVIDIA H100 80GB HBM3" + labels: + "nvidia.com/gpu.H100.HBM3": "true" + "nvidia.com/gpu.family": "hopper" + matchFeatures: + - feature: pci.device + matchExpressions: + vendor: {op: In, value: ["10de"]} + device: {op: In, value: ["2330"]} + - name: "NVIDIA H800" + labels: + "nvidia.com/gpu.H800": "true" + "nvidia.com/gpu.family": "hopper" + matchFeatures: + - feature: pci.device + matchExpressions: + vendor: {op: In, value: ["10de"]} + device: {op: In, value: ["2324"]} + - name: "NVIDIA H800 PCIE" + labels: + "nvidia.com/gpu.H800.pcie": "true" + "nvidia.com/gpu.family": "hopper" + matchFeatures: + - feature: pci.device + matchExpressions: + vendor: {op: In, value: ["10de"]} + device: {op: In, value: ["2322"]} + - name: "NVIDIA CC Enabled" + labels: + "nvidia.com/cc.capable": "true" + matchAny: # TDX/SEV + Hopper GPU + - matchFeatures: + - feature: rule.matched + matchExpressions: + nvidia.com/gpu.family: {op: In, value: ["hopper"]} + sev.snp.enabled: {op: IsTrue} + - matchFeatures: + - feature: rule.matched + matchExpressions: + nvidia.com/gpu.family: {op: In, value: ["hopper"]} + tdx.enabled: {op: IsTrue} +{{- end }} + diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/nvidiadriver.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/nvidiadriver.yaml new file mode 100644 index 00000000..cbe56713 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/nvidiadriver.yaml @@ -0,0 +1,119 @@ +{{- if and .Values.driver.nvidiaDriverCRD.enabled .Values.driver.nvidiaDriverCRD.deployDefaultCR }} +apiVersion: nvidia.com/v1alpha1 +kind: NVIDIADriver +metadata: + name: default +spec: + repository: {{ .Values.driver.repository }} + image: {{ .Values.driver.image }} + version: {{ .Values.driver.version }} + kernelModuleType: {{ .Values.driver.kernelModuleType }} + usePrecompiled: {{ .Values.driver.usePrecompiled }} + driverType: {{ .Values.driver.nvidiaDriverCRD.driverType | default "gpu" }} + {{- if .Values.daemonsets.annotations }} + annotations: {{ toYaml .Values.daemonsets.annotations | nindent 6 }} + {{- end }} + {{- if .Values.daemonsets.labels }} + labels: {{ toYaml .Values.daemonsets.labels | nindent 6 }} + {{- end }} + {{- if .Values.driver.nvidiaDriverCRD.nodeSelector }} + nodeSelector: {{ toYaml .Values.driver.nvidiaDriverCRD.nodeSelector | nindent 6 }} + {{- end }} + {{- if .Values.driver.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.driver.imagePullSecrets | nindent 4 }} + {{- end }} + {{- if .Values.driver.manager }} + manager: {{ toYaml .Values.driver.manager | nindent 4 }} + {{- end }} + {{- if .Values.driver.startupProbe }} + startupProbe: {{ toYaml .Values.driver.startupProbe | nindent 4 }} + {{- end }} + {{- if .Values.driver.livenessProbe }} + livenessProbe: {{ toYaml .Values.driver.livenessProbe | nindent 4 }} + {{- end }} + {{- if .Values.driver.readinessProbe }} + readinessProbe: {{ toYaml .Values.driver.readinessProbe | nindent 4 }} + {{- end }} + rdma: + enabled: {{ .Values.driver.rdma.enabled }} + useHostMofed: {{ .Values.driver.rdma.useHostMofed }} + {{- if .Values.daemonsets.tolerations }} + tolerations: {{ toYaml .Values.daemonsets.tolerations | nindent 6 }} + {{- end }} + {{- if .Values.driver.repoConfig.configMapName }} + repoConfig: + name: {{ .Values.driver.repoConfig.configMapName }} + {{- end }} + {{- if .Values.driver.certConfig.name }} + certConfig: + name: {{ .Values.driver.certConfig.name }} + {{- end }} + {{- if .Values.driver.licensingConfig.configMapName }} + licensingConfig: + name: {{ .Values.driver.licensingConfig.configMapName }} + nlsEnabled: {{ .Values.driver.licensingConfig.nlsEnabled | default true }} + {{- end }} + {{- if .Values.driver.virtualTopology.config }} + virtualTopologyConfig: + name: {{ .Values.driver.virtualTopology.config }} + {{- end }} + {{- if .Values.driver.kernelModuleConfig.name }} + kernelModuleConfig: + name: {{ .Values.driver.kernelModuleConfig.name }} + {{- end }} + {{- if .Values.driver.resources }} + resources: {{ toYaml .Values.driver.resources | nindent 6 }} + {{- end }} + {{- if .Values.driver.env }} + env: {{ toYaml .Values.driver.env | nindent 6 }} + {{- end }} + {{- if .Values.driver.args }} + args: {{ toYaml .Values.driver.args | nindent 6 }} + {{- end }} + {{- if .Values.gds.enabled }} + gds: + enabled: {{ .Values.gds.enabled }} + {{- if .Values.gds.repository }} + repository: {{ .Values.gds.repository }} + {{- end }} + {{- if .Values.gds.image }} + image: {{ .Values.gds.image }} + {{- end }} + version: {{ .Values.gds.version | quote }} + {{- if .Values.gds.imagePullPolicy }} + imagePullPolicy: {{ .Values.gds.imagePullPolicy }} + {{- end }} + {{- if .Values.gds.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.gds.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.gds.env }} + env: {{ toYaml .Values.gds.env | nindent 6 }} + {{- end }} + {{- if .Values.gds.args }} + args: {{ toYaml .Values.gds.args | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.gdrcopy }} + gdrcopy: + enabled: {{ .Values.gdrcopy.enabled | default false }} + {{- if .Values.gdrcopy.repository }} + repository: {{ .Values.gdrcopy.repository }} + {{- end }} + {{- if .Values.gdrcopy.image }} + image: {{ .Values.gdrcopy.image }} + {{- end }} + version: {{ .Values.gdrcopy.version | quote }} + {{- if .Values.gdrcopy.imagePullPolicy }} + imagePullPolicy: {{ .Values.gdrcopy.imagePullPolicy }} + {{- end }} + {{- if .Values.gdrcopy.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.gdrcopy.imagePullSecrets | nindent 8 }} + {{- end }} + {{- if .Values.gdrcopy.env }} + env: {{ toYaml .Values.gdrcopy.env | nindent 6 }} + {{- end }} + {{- if .Values.gdrcopy.args }} + args: {{ toYaml .Values.gdrcopy.args | nindent 6 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/operator.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/operator.yaml new file mode 100644 index 00000000..6f484826 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/operator.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gpu-operator + labels: + {{- include "gpu-operator.labels" . | nindent 4 }} + app.kubernetes.io/component: "gpu-operator" + nvidia.com/gpu-driver-upgrade-drain.skip: "true" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: "gpu-operator" + app: "gpu-operator" + template: + metadata: + labels: + {{- include "gpu-operator.labels" . | nindent 8 }} + app.kubernetes.io/component: "gpu-operator" + app: "gpu-operator" + nvidia.com/gpu-driver-upgrade-drain.skip: "true" + annotations: + {{- toYaml .Values.operator.annotations | nindent 8 }} + spec: + serviceAccountName: gpu-operator + {{- if .Values.operator.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.operator.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.operator.priorityClassName }} + priorityClassName: {{ .Values.operator.priorityClassName }} + {{- end }} + containers: + - name: gpu-operator + image: {{ include "gpu-operator.fullimage" . }} + imagePullPolicy: {{ .Values.operator.imagePullPolicy }} + command: ["gpu-operator"] + args: + - --leader-elect + {{- if .Values.operator.logging.develMode }} + - --zap-devel + {{- else }} + {{- if .Values.operator.logging.timeEncoding }} + - --zap-time-encoding={{- .Values.operator.logging.timeEncoding }} + {{- end }} + {{- if .Values.operator.logging.level }} + - --zap-log-level={{- .Values.operator.logging.level }} + {{- end }} + {{- end }} + env: + - name: WATCH_NAMESPACE + value: "" + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: "DRIVER_MANAGER_IMAGE" + value: "{{ include "driver-manager.fullimage" . }}" + volumeMounts: + - name: host-os-release + mountPath: "/host-etc/os-release" + readOnly: true + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + {{- with .Values.operator.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: metrics + containerPort: 8080 + volumes: + - name: host-os-release + hostPath: + path: "/etc/os-release" + {{- with .Values.operator.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.operator.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.operator.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/plugin_config.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/plugin_config.yaml new file mode 100644 index 00000000..21c2d9ab --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/plugin_config.yaml @@ -0,0 +1,11 @@ +{{- if and (.Values.devicePlugin.config.create) (not (empty .Values.devicePlugin.config.data)) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.devicePlugin.config.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "gpu-operator.labels" . | nindent 4 }} +data: {{ toYaml .Values.devicePlugin.config.data | nindent 2 }} +{{- end }} + \ No newline at end of file diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/readonlyfs_scc.openshift.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/readonlyfs_scc.openshift.yaml new file mode 100644 index 00000000..ff492d3d --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/readonlyfs_scc.openshift.yaml @@ -0,0 +1,49 @@ +{{- if .Values.platform.openshift }} +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + labels: + {{- include "gpu-operator.labels" . | nindent 4 }} + app.kubernetes.io/component: "gpu-operator" + annotations: + kubernetes.io/description: restricted denies access to all host features and requires + pods to be run with a UID, read-only root filesystem and SELinux context that are + allocated to the namespace. This SCC is more restrictive than the default + restrictive SCC and it is used by default for authenticated users and operators and operands. + name: restricted-readonly +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: true +allowPrivilegedContainer: false +allowedCapabilities: [] +defaultAddCapabilities: [] +fsGroup: + type: MustRunAs +groups: +- system:authenticated +priority: 0 +readOnlyRootFilesystem: true +requiredDropCapabilities: +- KILL +- MKNOD +- SETUID +- SETGID +runAsUser: + type: MustRunAsRange +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +users: +- system:serviceaccount:{{ $.Release.Namespace }}:gpu-operator +volumes: +- configMap +- downwardAPI +- emptyDir +- persistentVolumeClaim +- projected +- secret +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/role.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/role.yaml new file mode 100644 index 00000000..9e5bcede --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/role.yaml @@ -0,0 +1,84 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: gpu-operator + labels: + {{- include "gpu-operator.labels" . | nindent 4 }} + app.kubernetes.io/component: "gpu-operator" +rules: +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - pods + - pods/eviction + - secrets + - services + - services/finalizers + - serviceaccounts + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + - prometheusrules + verbs: + - get + - list + - create + - watch + - update + - delete diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/rolebinding.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/rolebinding.yaml new file mode 100644 index 00000000..c915a465 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/rolebinding.yaml @@ -0,0 +1,15 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: gpu-operator + labels: + {{- include "gpu-operator.labels" . | nindent 4 }} + app.kubernetes.io/component: "gpu-operator" +subjects: +- kind: ServiceAccount + name: gpu-operator + namespace: {{ $.Release.Namespace }} +roleRef: + kind: Role + name: gpu-operator + apiGroup: rbac.authorization.k8s.io diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/serviceaccount.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/serviceaccount.yaml new file mode 100644 index 00000000..50555e53 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gpu-operator + labels: + {{- include "gpu-operator.labels" . | nindent 4 }} + app.kubernetes.io/component: "gpu-operator" diff --git a/packages/system/gpu-operator/charts/gpu-operator/templates/upgrade_crd.yaml b/packages/system/gpu-operator/charts/gpu-operator/templates/upgrade_crd.yaml new file mode 100644 index 00000000..6552558a --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/templates/upgrade_crd.yaml @@ -0,0 +1,95 @@ +{{- if .Values.operator.upgradeCRD }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gpu-operator-upgrade-crd-hook-sa + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-weight: "0" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gpu-operator-upgrade-crd-hook-role + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-weight: "0" +rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get + - list + - watch + - patch + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: gpu-operator-upgrade-crd-hook-binding + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-weight: "0" +subjects: + - kind: ServiceAccount + name: gpu-operator-upgrade-crd-hook-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: gpu-operator-upgrade-crd-hook-role + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: gpu-operator-upgrade-crd + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + labels: + {{- include "gpu-operator.labels" . | nindent 4 }} + app.kubernetes.io/component: "gpu-operator" +spec: + template: + metadata: + name: gpu-operator-upgrade-crd + labels: + {{- include "gpu-operator.labels" . | nindent 8 }} + app.kubernetes.io/component: "gpu-operator" + spec: + serviceAccountName: gpu-operator-upgrade-crd-hook-sa + {{- if .Values.operator.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.operator.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.operator.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: upgrade-crd + image: {{ include "gpu-operator.fullimage" . }} + imagePullPolicy: {{ .Values.operator.imagePullPolicy }} + command: + - /bin/sh + - -c + - > + kubectl apply -f /opt/gpu-operator/nvidia.com_clusterpolicies.yaml; + kubectl apply -f /opt/gpu-operator/nvidia.com_nvidiadrivers.yaml; + {{- if .Values.nfd.enabled }} + kubectl apply -f /opt/gpu-operator/nfd-api-crds.yaml; + {{- end }} + restartPolicy: OnFailure +{{- end }} diff --git a/packages/system/gpu-operator/charts/gpu-operator/values.yaml b/packages/system/gpu-operator/charts/gpu-operator/values.yaml new file mode 100644 index 00000000..2806eac3 --- /dev/null +++ b/packages/system/gpu-operator/charts/gpu-operator/values.yaml @@ -0,0 +1,605 @@ +# Default values for gpu-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +platform: + openshift: false + +nfd: + enabled: true + nodefeaturerules: false + +psa: + enabled: false + +cdi: + enabled: false + default: false + +sandboxWorkloads: + enabled: false + defaultWorkload: "container" + +hostPaths: + # rootFS represents the path to the root filesystem of the host. + # This is used by components that need to interact with the host filesystem + # and as such this must be a chroot-able filesystem. + # Examples include the MIG Manager and Toolkit Container which may need to + # stop, start, or restart systemd services + rootFS: "/" + + # driverInstallDir represents the root at which driver files including libraries, + # config files, and executables can be found. + driverInstallDir: "/run/nvidia/driver" + +daemonsets: + labels: {} + annotations: {} + priorityClassName: system-node-critical + tolerations: + - key: nvidia.com/gpu + operator: Exists + effect: NoSchedule + # configuration for controlling update strategy("OnDelete" or "RollingUpdate") of GPU Operands + # note that driver Daemonset is always set with OnDelete to avoid unintended disruptions + updateStrategy: "RollingUpdate" + # configuration for controlling rolling update of GPU Operands + rollingUpdate: + # maximum number of nodes to simultaneously apply pod updates on. + # can be specified either as number or percentage of nodes. Default 1. + maxUnavailable: "1" + +validator: + repository: nvcr.io/nvidia/cloud-native + image: gpu-operator-validator + # If version is not specified, then default is to use chart.AppVersion + #version: "" + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + env: [] + args: [] + resources: {} + plugin: + env: + - name: WITH_WORKLOAD + value: "false" + +operator: + repository: nvcr.io/nvidia + image: gpu-operator + # If version is not specified, then default is to use chart.AppVersion + #version: "" + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + priorityClassName: system-node-critical + runtimeClass: nvidia + use_ocp_driver_toolkit: false + # cleanup CRD on chart un-install + cleanupCRD: false + # upgrade CRD on chart upgrade, requires --disable-openapi-validation flag + # to be passed during helm upgrade. + upgradeCRD: true + initContainer: + image: cuda + repository: nvcr.io/nvidia + version: 12.8.1-base-ubi9 + imagePullPolicy: IfNotPresent + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Equal" + value: "" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Equal" + value: "" + effect: "NoSchedule" + annotations: + openshift.io/scc: restricted-readonly + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: "node-role.kubernetes.io/master" + operator: In + values: [""] + - weight: 1 + preference: + matchExpressions: + - key: "node-role.kubernetes.io/control-plane" + operator: In + values: [""] + logging: + # Zap time encoding (one of 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano') + timeEncoding: epoch + # Zap Level to configure the verbosity of logging. Can be one of 'debug', 'info', 'error', or any integer value > 0 which corresponds to custom debug levels of increasing verbosity + level: info + # Development Mode defaults(encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn) + # Production Mode defaults(encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error) + develMode: false + resources: + limits: + cpu: 500m + memory: 350Mi + requests: + cpu: 200m + memory: 100Mi + +mig: + strategy: single + +driver: + enabled: true + nvidiaDriverCRD: + enabled: false + deployDefaultCR: true + driverType: gpu + nodeSelector: {} + kernelModuleType: "auto" + + # NOTE: useOpenKernelModules has been deprecated and made no-op. Please use kernelModuleType instead. + # useOpenKernelModules: false + + # use pre-compiled packages for NVIDIA driver installation. + # only supported for as a tech-preview feature on ubuntu22.04 kernels. + usePrecompiled: false + repository: nvcr.io/nvidia + image: driver + version: "570.124.06" + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + startupProbe: + initialDelaySeconds: 60 + periodSeconds: 10 + # nvidia-smi can take longer than 30s in some cases + # ensure enough timeout is set + timeoutSeconds: 60 + failureThreshold: 120 + rdma: + enabled: false + useHostMofed: false + upgradePolicy: + # global switch for automatic upgrade feature + # if set to false all other options are ignored + autoUpgrade: true + # how many nodes can be upgraded in parallel + # 0 means no limit, all nodes will be upgraded in parallel + maxParallelUpgrades: 1 + # maximum number of nodes with the driver installed, that can be unavailable during + # the upgrade. Value can be an absolute number (ex: 5) or + # a percentage of total nodes at the start of upgrade (ex: + # 10%). Absolute number is calculated from percentage by rounding + # up. By default, a fixed value of 25% is used.' + maxUnavailable: 25% + # options for waiting on pod(job) completions + waitForCompletion: + timeoutSeconds: 0 + podSelector: "" + # options for gpu pod deletion + gpuPodDeletion: + force: false + timeoutSeconds: 300 + deleteEmptyDir: false + # options for node drain (`kubectl drain`) before the driver reload + # this is required only if default GPU pod deletions done by the operator + # are not sufficient to re-install the driver + drain: + enable: false + force: false + podSelector: "" + # It's recommended to set a timeout to avoid infinite drain in case non-fatal error keeps happening on retries + timeoutSeconds: 300 + deleteEmptyDir: false + manager: + image: k8s-driver-manager + repository: nvcr.io/nvidia/cloud-native + # When choosing a different version of k8s-driver-manager, DO NOT downgrade to a version lower than v0.6.4 + # to ensure k8s-driver-manager stays compatible with gpu-operator starting from v24.3.0 + version: v0.8.0 + imagePullPolicy: IfNotPresent + env: + - name: ENABLE_GPU_POD_EVICTION + value: "true" + - name: ENABLE_AUTO_DRAIN + value: "false" + - name: DRAIN_USE_FORCE + value: "false" + - name: DRAIN_POD_SELECTOR_LABEL + value: "" + - name: DRAIN_TIMEOUT_SECONDS + value: "0s" + - name: DRAIN_DELETE_EMPTYDIR_DATA + value: "false" + env: [] + resources: {} + # Private mirror repository configuration + repoConfig: + configMapName: "" + # custom ssl key/certificate configuration + certConfig: + name: "" + # vGPU licensing configuration + licensingConfig: + configMapName: "" + nlsEnabled: true + # vGPU topology daemon configuration + virtualTopology: + config: "" + # kernel module configuration for NVIDIA driver + kernelModuleConfig: + name: "" + +toolkit: + enabled: true + repository: nvcr.io/nvidia/k8s + image: container-toolkit + version: v1.17.5-ubuntu20.04 + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + env: [] + resources: {} + installDir: "/usr/local/nvidia" + +devicePlugin: + enabled: true + repository: nvcr.io/nvidia + image: k8s-device-plugin + version: v0.17.1 + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + args: [] + env: + - name: PASS_DEVICE_SPECS + value: "true" + - name: FAIL_ON_INIT_ERROR + value: "true" + - name: DEVICE_LIST_STRATEGY + value: envvar + - name: DEVICE_ID_STRATEGY + value: uuid + - name: NVIDIA_VISIBLE_DEVICES + value: all + - name: NVIDIA_DRIVER_CAPABILITIES + value: all + resources: {} + # Plugin configuration + # Use "name" to either point to an existing ConfigMap or to create a new one with a list of configurations(i.e with create=true). + # Use "data" to build an integrated ConfigMap from a set of configurations as + # part of this helm chart. An example of setting "data" might be: + # config: + # name: device-plugin-config + # create: true + # data: + # default: |- + # version: v1 + # flags: + # migStrategy: none + # mig-single: |- + # version: v1 + # flags: + # migStrategy: single + # mig-mixed: |- + # version: v1 + # flags: + # migStrategy: mixed + config: + # Create a ConfigMap (default: false) + create: false + # ConfigMap name (either existing or to create a new one with create=true above) + name: "" + # Default config name within the ConfigMap + default: "" + # Data section for the ConfigMap to create (i.e only applies when create=true) + data: {} + # MPS related configuration for the plugin + mps: + # MPS root path on the host + root: "/run/nvidia/mps" + +# standalone dcgm hostengine +dcgm: + # disabled by default to use embedded nv-hostengine by exporter + enabled: false + repository: nvcr.io/nvidia/cloud-native + image: dcgm + version: 4.1.1-2-ubuntu22.04 + imagePullPolicy: IfNotPresent + args: [] + env: [] + resources: {} + +dcgmExporter: + enabled: true + repository: nvcr.io/nvidia/k8s + image: dcgm-exporter + version: 4.1.1-4.0.4-ubuntu22.04 + imagePullPolicy: IfNotPresent + env: + - name: DCGM_EXPORTER_LISTEN + value: ":9400" + - name: DCGM_EXPORTER_KUBERNETES + value: "true" + - name: DCGM_EXPORTER_COLLECTORS + value: "/etc/dcgm-exporter/dcp-metrics-included.csv" + resources: {} + serviceMonitor: + enabled: false + interval: 15s + honorLabels: false + additionalLabels: {} + relabelings: [] + # - source_labels: + # - __meta_kubernetes_pod_node_name + # regex: (.*) + # target_label: instance + # replacement: $1 + # action: replace + # DCGM Exporter configuration + # This block is used to configure DCGM Exporter to emit a customized list of metrics. + # Use "name" to either point to an existing ConfigMap or to create a new one with a + # list of configurations (i.e with create=true). + # When pointing to an existing ConfigMap, the ConfigMap must exist in the same namespace as the release. + # The metrics are expected to be listed under a key called `dcgm-metrics.csv`. + # Use "data" to build an integrated ConfigMap from a set of custom metrics as + # part of the chart. An example of some custom metrics are shown below. Note that + # the contents of "data" must be in CSV format and be valid DCGM Exporter metric configurations. + # config: + # name: custom-dcgm-exporter-metrics + # create: true + # data: |- + # Format + # If line starts with a '#' it is considered a comment + # DCGM FIELD, Prometheus metric type, help message + + # Clocks + # DCGM_FI_DEV_SM_CLOCK, gauge, SM clock frequency (in MHz). + # DCGM_FI_DEV_MEM_CLOCK, gauge, Memory clock frequency (in MHz). +gfd: + enabled: true + repository: nvcr.io/nvidia + image: k8s-device-plugin + version: v0.17.1 + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + env: + - name: GFD_SLEEP_INTERVAL + value: 60s + - name: GFD_FAIL_ON_INIT_ERROR + value: "true" + resources: {} + +migManager: + enabled: true + repository: nvcr.io/nvidia/cloud-native + image: k8s-mig-manager + version: v0.12.1-ubuntu20.04 + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + env: + - name: WITH_REBOOT + value: "false" + resources: {} + # MIG configuration + # Use "name" to either point to an existing ConfigMap or to create a new one with a list of configurations(i.e with create=true). + # Use "data" to build an integrated ConfigMap from a set of configurations as + # part of this helm chart. An example of setting "data" might be: + # config: + # name: custom-mig-parted-configs + # create: true + # data: + # config.yaml: |- + # version: v1 + # mig-configs: + # all-disabled: + # - devices: all + # mig-enabled: false + # custom-mig: + # - devices: [0] + # mig-enabled: false + # - devices: [1] + # mig-enabled: true + # mig-devices: + # "1g.10gb": 7 + # - devices: [2] + # mig-enabled: true + # mig-devices: + # "2g.20gb": 2 + # "3g.40gb": 1 + # - devices: [3] + # mig-enabled: true + # mig-devices: + # "3g.40gb": 1 + # "4g.40gb": 1 + config: + default: "all-disabled" + # Create a ConfigMap (default: false) + create: false + # ConfigMap name (either existing or to create a new one with create=true above) + name: "" + # Data section for the ConfigMap to create (i.e only applies when create=true) + data: {} + gpuClientsConfig: + name: "" + +nodeStatusExporter: + enabled: false + repository: nvcr.io/nvidia/cloud-native + image: gpu-operator-validator + # If version is not specified, then default is to use chart.AppVersion + #version: "" + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + resources: {} + +gds: + enabled: false + repository: nvcr.io/nvidia/cloud-native + image: nvidia-fs + version: "2.20.5" + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + env: [] + args: [] + +gdrcopy: + enabled: false + repository: nvcr.io/nvidia/cloud-native + image: gdrdrv + version: "v2.4.4" + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + env: [] + args: [] + +vgpuManager: + enabled: false + repository: "" + image: vgpu-manager + version: "" + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + env: [] + resources: {} + driverManager: + image: k8s-driver-manager + repository: nvcr.io/nvidia/cloud-native + # When choosing a different version of k8s-driver-manager, DO NOT downgrade to a version lower than v0.6.4 + # to ensure k8s-driver-manager stays compatible with gpu-operator starting from v24.3.0 + version: v0.8.0 + imagePullPolicy: IfNotPresent + env: + - name: ENABLE_GPU_POD_EVICTION + value: "false" + - name: ENABLE_AUTO_DRAIN + value: "false" + +vgpuDeviceManager: + enabled: true + repository: nvcr.io/nvidia/cloud-native + image: vgpu-device-manager + version: v0.3.0 + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + env: [] + config: + name: "" + default: "default" + +vfioManager: + enabled: true + repository: nvcr.io/nvidia + image: cuda + version: 12.8.1-base-ubi9 + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + env: [] + resources: {} + driverManager: + image: k8s-driver-manager + repository: nvcr.io/nvidia/cloud-native + # When choosing a different version of k8s-driver-manager, DO NOT downgrade to a version lower than v0.6.4 + # to ensure k8s-driver-manager stays compatible with gpu-operator starting from v24.3.0 + version: v0.8.0 + imagePullPolicy: IfNotPresent + env: + - name: ENABLE_GPU_POD_EVICTION + value: "false" + - name: ENABLE_AUTO_DRAIN + value: "false" + +kataManager: + enabled: false + config: + artifactsDir: "/opt/nvidia-gpu-operator/artifacts/runtimeclasses" + runtimeClasses: + - name: kata-nvidia-gpu + nodeSelector: {} + artifacts: + url: nvcr.io/nvidia/cloud-native/kata-gpu-artifacts:ubuntu22.04-535.54.03 + pullSecret: "" + - name: kata-nvidia-gpu-snp + nodeSelector: + "nvidia.com/cc.capable": "true" + artifacts: + url: nvcr.io/nvidia/cloud-native/kata-gpu-artifacts:ubuntu22.04-535.86.10-snp + pullSecret: "" + repository: nvcr.io/nvidia/cloud-native + image: k8s-kata-manager + version: v0.2.3 + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + env: [] + resources: {} + +sandboxDevicePlugin: + enabled: true + repository: nvcr.io/nvidia + image: kubevirt-gpu-device-plugin + version: v1.3.1 + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + args: [] + env: [] + resources: {} + +ccManager: + enabled: false + defaultMode: "off" + repository: nvcr.io/nvidia/cloud-native + image: k8s-cc-manager + version: v0.1.1 + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + env: + - name: CC_CAPABLE_DEVICE_IDS + value: "0x2339,0x2331,0x2330,0x2324,0x2322,0x233d" + resources: {} + +node-feature-discovery: + enableNodeFeatureApi: true + priorityClassName: system-node-critical + gc: + enable: true + replicaCount: 1 + serviceAccount: + name: node-feature-discovery + create: false + worker: + serviceAccount: + name: node-feature-discovery + # disable creation to avoid duplicate serviceaccount creation by master spec below + create: false + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Equal" + value: "" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Equal" + value: "" + effect: "NoSchedule" + - key: nvidia.com/gpu + operator: Exists + effect: NoSchedule + config: + sources: + pci: + deviceClassWhitelist: + - "02" + - "0200" + - "0207" + - "0300" + - "0302" + deviceLabelFields: + - vendor + master: + serviceAccount: + name: node-feature-discovery + create: true + config: + extraLabelNs: ["nvidia.com"] + # noPublish: false + # resourceLabels: ["nvidia.com/feature-1","nvidia.com/feature-2"] + # enableTaints: false + # labelWhiteList: "nvidia.com/gpu" diff --git a/packages/system/gpu-operator/values-talos.yaml b/packages/system/gpu-operator/values-talos.yaml new file mode 100644 index 00000000..3d4a43db --- /dev/null +++ b/packages/system/gpu-operator/values-talos.yaml @@ -0,0 +1,7 @@ +gpu-operator: + sandboxWorkloads: + enabled: true + driver: + enabled: false + devicePlugin: + enabled: false diff --git a/packages/system/gpu-operator/values.yaml b/packages/system/gpu-operator/values.yaml new file mode 100644 index 00000000..fbb4367a --- /dev/null +++ b/packages/system/gpu-operator/values.yaml @@ -0,0 +1 @@ +gpu-operator: {} diff --git a/packages/system/kamaji/charts/kamaji/Chart.lock b/packages/system/kamaji/charts/kamaji/Chart.lock index 98e5e647..14655f12 100644 --- a/packages/system/kamaji/charts/kamaji/Chart.lock +++ b/packages/system/kamaji/charts/kamaji/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kamaji-etcd repository: https://clastix.github.io/charts - version: 0.8.1 -digest: sha256:381d8ef9619c2daeea37e40c6a9772ae3e5cee80887148879db04e887d5364ad -generated: "2024-10-25T19:28:40.880766186+02:00" + version: 0.9.2 +digest: sha256:ba76d3a30e5e20dbbbbcc36a0e7465d4b1adacc956061e7f6ea47b99fc8f08a6 +generated: "2025-03-14T21:23:30.421915+09:00" diff --git a/packages/system/kamaji/charts/kamaji/Chart.yaml b/packages/system/kamaji/charts/kamaji/Chart.yaml index 1a84e3db..c09bfd52 100644 --- a/packages/system/kamaji/charts/kamaji/Chart.yaml +++ b/packages/system/kamaji/charts/kamaji/Chart.yaml @@ -21,7 +21,7 @@ version: 0.0.0 dependencies: - name: kamaji-etcd repository: https://clastix.github.io/charts - version: ">=0.8.1" + version: ">=0.9.2" condition: kamaji-etcd.deploy annotations: catalog.cattle.io/certified: partner diff --git a/packages/system/kamaji/charts/kamaji/README.md b/packages/system/kamaji/charts/kamaji/README.md index 76221358..780c0c48 100644 --- a/packages/system/kamaji/charts/kamaji/README.md +++ b/packages/system/kamaji/charts/kamaji/README.md @@ -22,7 +22,7 @@ Kubernetes: `>=1.21.0-0` | Repository | Name | Version | |------------|------|---------| -| https://clastix.github.io/charts | kamaji-etcd | >=0.8.1 | +| https://clastix.github.io/charts | kamaji-etcd | >=0.9.2 | [Kamaji](https://github.com/clastix/kamaji) requires a [multi-tenant `etcd`](https://github.com/clastix/kamaji-internal/blob/master/deploy/getting-started-with-kamaji.md#setup-internal-multi-tenant-etcd) cluster. This Helm Chart starting from v0.1.1 provides the installation of an internal `etcd` in order to streamline the local test. If you'd like to use an externally managed etcd instance, you can specify the overrides and by setting the value `etcd.deploy=false`. @@ -31,9 +31,13 @@ This Helm Chart starting from v0.1.1 provides the installation of an internal `e ## Install Kamaji +To add clastix helm repository: + + helm repo add clastix https://clastix.github.io/charts + To install the Chart with the release name `kamaji`: - helm upgrade --install --namespace kamaji-system --create-namespace clastix/kamaji + helm upgrade --install --namespace kamaji-system --create-namespace kamaji clastix/kamaji Show the status: diff --git a/packages/system/kamaji/charts/kamaji/README.md.gotmpl b/packages/system/kamaji/charts/kamaji/README.md.gotmpl index 709b0eb3..bf43777f 100644 --- a/packages/system/kamaji/charts/kamaji/README.md.gotmpl +++ b/packages/system/kamaji/charts/kamaji/README.md.gotmpl @@ -18,10 +18,15 @@ This Helm Chart starting from v0.1.1 provides the installation of an internal `e ## Install Kamaji +To add clastix helm repository: + + + helm repo add clastix https://clastix.github.io/charts + To install the Chart with the release name `kamaji`: - helm upgrade --install --namespace kamaji-system --create-namespace clastix/kamaji + helm upgrade --install --namespace kamaji-system --create-namespace kamaji clastix/kamaji Show the status: diff --git a/packages/system/kamaji/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml b/packages/system/kamaji/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml index c1d38be7..bb26cdcc 100644 --- a/packages/system/kamaji/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml +++ b/packages/system/kamaji/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml @@ -497,7 +497,7 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the container. properties: command: description: |- @@ -512,7 +512,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -559,7 +559,7 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the container should sleep before being terminated. + description: Sleep represents a duration that the container should sleep. properties: seconds: description: Seconds is the number of seconds to sleep. @@ -571,8 +571,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' @@ -603,7 +603,7 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the container. properties: command: description: |- @@ -618,7 +618,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -665,7 +665,7 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the container should sleep before being terminated. + description: Sleep represents a duration that the container should sleep. properties: seconds: description: Seconds is the number of seconds to sleep. @@ -677,8 +677,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' @@ -705,7 +705,7 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the container. properties: command: description: |- @@ -726,7 +726,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -744,7 +744,7 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -809,7 +809,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' @@ -911,7 +911,7 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the container. properties: command: description: |- @@ -932,7 +932,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -950,7 +950,7 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -1015,7 +1015,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' @@ -1354,7 +1354,7 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the container. properties: command: description: |- @@ -1375,7 +1375,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -1393,7 +1393,7 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -1458,7 +1458,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' @@ -1862,7 +1862,7 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the container. properties: command: description: |- @@ -1877,7 +1877,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -1924,7 +1924,7 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the container should sleep before being terminated. + description: Sleep represents a duration that the container should sleep. properties: seconds: description: Seconds is the number of seconds to sleep. @@ -1936,8 +1936,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' @@ -1968,7 +1968,7 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the container. properties: command: description: |- @@ -1983,7 +1983,7 @@ spec: x-kubernetes-list-type: atomic type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -2030,7 +2030,7 @@ spec: - port type: object sleep: - description: Sleep represents the duration that the container should sleep before being terminated. + description: Sleep represents a duration that the container should sleep. properties: seconds: description: Seconds is the number of seconds to sleep. @@ -2042,8 +2042,8 @@ spec: tcpSocket: description: |- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' @@ -2070,7 +2070,7 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the container. properties: command: description: |- @@ -2091,7 +2091,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2109,7 +2109,7 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -2174,7 +2174,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' @@ -2276,7 +2276,7 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the container. properties: command: description: |- @@ -2297,7 +2297,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2315,7 +2315,7 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -2380,7 +2380,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' @@ -2719,7 +2719,7 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes properties: exec: - description: Exec specifies the action to take. + description: Exec specifies a command to execute in the container. properties: command: description: |- @@ -2740,7 +2740,7 @@ spec: format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. + description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. @@ -2758,7 +2758,7 @@ spec: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. + description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- @@ -2823,7 +2823,7 @@ spec: format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP port. + description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' @@ -3214,6 +3214,8 @@ spec: description: |- awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree + awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore properties: fsType: @@ -3245,7 +3247,10 @@ spec: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + description: |- + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type + are redirected to the disk.csi.azure.com CSI driver. properties: cachingMode: description: 'cachingMode is the Host Caching mode: None, Read Only, Read Write.' @@ -3277,7 +3282,10 @@ spec: - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. + description: |- + azureFile represents an Azure File Service mount on the host and bind mount to the pod. + Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type + are redirected to the file.csi.azure.com CSI driver. properties: readOnly: description: |- @@ -3295,7 +3303,9 @@ spec: - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime + description: |- + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. + Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported. properties: monitors: description: |- @@ -3346,6 +3356,8 @@ spec: cinder: description: |- cinder represents a cinder volume attached and mounted on kubelets host machine. + Deprecated: Cinder is deprecated. All operations for the in-tree cinder type + are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md properties: fsType: @@ -3452,7 +3464,7 @@ spec: type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers. properties: driver: description: |- @@ -3894,6 +3906,7 @@ spec: description: |- flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead. properties: driver: description: driver is the name of the driver to use for this volume. @@ -3937,7 +3950,9 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + description: |- + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. + Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported. properties: datasetName: description: |- @@ -3952,6 +3967,8 @@ spec: description: |- gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. + Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree + gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk properties: fsType: @@ -3987,7 +4004,7 @@ spec: gitRepo: description: |- gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. properties: @@ -4010,6 +4027,7 @@ spec: glusterfs: description: |- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md properties: endpoints: @@ -4216,7 +4234,9 @@ spec: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + description: |- + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. + Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported. properties: fsType: description: |- @@ -4231,7 +4251,11 @@ spec: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine + description: |- + portworxVolume represents a portworx volume attached and mounted on kubelets host machine. + Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type + are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate + is on. properties: fsType: description: |- @@ -4566,7 +4590,9 @@ spec: x-kubernetes-list-type: atomic type: object quobyte: - description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime + description: |- + quobyte represents a Quobyte mount on the host that shares a pod's lifetime. + Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported. properties: group: description: |- @@ -4604,6 +4630,7 @@ spec: rbd: description: |- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md properties: fsType: @@ -4676,7 +4703,9 @@ spec: - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + description: |- + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported. properties: fsType: default: xfs @@ -4802,7 +4831,9 @@ spec: type: string type: object storageos: - description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + description: |- + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. properties: fsType: description: |- @@ -4847,7 +4878,10 @@ spec: type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + description: |- + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. + Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type + are redirected to the csi.vsphere.vmware.com CSI driver. properties: fsType: description: |- @@ -6802,6 +6836,7 @@ spec: Ports is a list of records of service ports If used, every port defined in the service should have an entry in it items: + description: PortStatus represents the error condition of a service port properties: error: description: |- @@ -7283,6 +7318,7 @@ spec: Ports is a list of records of service ports If used, every port defined in the service should have an entry in it items: + description: PortStatus represents the error condition of a service port properties: error: description: |- diff --git a/packages/system/kamaji/images/kamaji/Dockerfile b/packages/system/kamaji/images/kamaji/Dockerfile index 00d9b7a8..58007bd3 100644 --- a/packages/system/kamaji/images/kamaji/Dockerfile +++ b/packages/system/kamaji/images/kamaji/Dockerfile @@ -1,7 +1,7 @@ # Build the manager binary FROM golang:1.23 as builder -ARG VERSION=edge-24.12.1 +ARG VERSION=edge-25.3.2 ARG TARGETOS TARGETARCH WORKDIR /workspace diff --git a/packages/system/kamaji/values.yaml b/packages/system/kamaji/values.yaml index afe040cd..9333bfb9 100644 --- a/packages/system/kamaji/values.yaml +++ b/packages/system/kamaji/values.yaml @@ -3,7 +3,7 @@ kamaji: deploy: false image: pullPolicy: IfNotPresent - tag: v0.28.0@sha256:a08dfd9be67e0dc089be14a9d29cdd65e6301b3a43d1fa01ff479d43d384c2a7 + tag: v0.30.0@sha256:af3e4faa07c582c6c0e1630f5b33d3d179daec6576bce37164cfe1dc3efd238a repository: ghcr.io/cozystack/cozystack/kamaji resources: limits: diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/Chart.yaml b/packages/system/keycloak-operator/charts/keycloak-operator/Chart.yaml index 986d7354..f9d53963 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/Chart.yaml +++ b/packages/system/keycloak-operator/charts/keycloak-operator/Chart.yaml @@ -272,18 +272,18 @@ annotations: secret: secret-name-in-operator-ns url: https://keycloak.example.com artifacthub.io/images: | - - name: keycloak-operator:1.23.0 - image: epamedp/keycloak-operator:1.23.0 + - name: keycloak-operator:1.25.0 + image: epamedp/keycloak-operator:1.25.0 artifacthub.io/license: Apache-2.0 artifacthub.io/links: | - name: KubeRocketCI Documentation - url: https://docs.kuberocketci.io + url: https://docs.kuberocketci.io/ - name: EPAM SolutionHub url: https://solutionshub.epam.com/solution/kuberocketci artifacthub.io/operator: "true" artifacthub.io/operatorCapabilities: Deep Insights apiVersion: v2 -appVersion: 1.23.0 +appVersion: 1.25.0 description: A Helm chart for KubeRocketCI Keycloak Operator home: https://docs.kuberocketci.io/ icon: https://docs.kuberocketci.io/img/logo.svg @@ -308,4 +308,4 @@ name: keycloak-operator sources: - https://github.com/epam/edp-keycloak-operator type: application -version: 1.23.0 +version: 1.25.0 diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/README.md b/packages/system/keycloak-operator/charts/keycloak-operator/README.md index 5c5bcd0d..abd23443 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/README.md +++ b/packages/system/keycloak-operator/charts/keycloak-operator/README.md @@ -1,6 +1,6 @@ # keycloak-operator -![Version: 1.23.0](https://img.shields.io/badge/Version-1.23.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.23.0](https://img.shields.io/badge/AppVersion-1.23.0-informational?style=flat-square) +![Version: 1.25.0](https://img.shields.io/badge/Version-1.25.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.25.0](https://img.shields.io/badge/AppVersion-1.25.0-informational?style=flat-square) A Helm chart for KubeRocketCI Keycloak Operator @@ -32,7 +32,7 @@ To install the Keycloak Operator, follow the steps below: ```bash helm search repo epamedp/keycloak-operator -l NAME CHART VERSION APP VERSION DESCRIPTION - epamedp/keycloak-operator 1.22.0 1.22.0 A Helm chart for KRCI Keycloak Operator + epamedp/keycloak-operator 1.24.0 1.24.0 A Helm chart for KRCI Keycloak Operator ``` _**NOTE:** It is highly recommended to use the latest stable version._ diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/README.md.gotmpl b/packages/system/keycloak-operator/charts/keycloak-operator/README.md.gotmpl index 6bb74253..9dffecab 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/README.md.gotmpl +++ b/packages/system/keycloak-operator/charts/keycloak-operator/README.md.gotmpl @@ -33,7 +33,7 @@ To install the Keycloak Operator, follow the steps below: ```bash helm search repo epamedp/keycloak-operator -l NAME CHART VERSION APP VERSION DESCRIPTION - epamedp/keycloak-operator 1.22.0 1.22.0 A Helm chart for KRCI Keycloak Operator + epamedp/keycloak-operator 1.24.0 1.24.0 A Helm chart for KRCI Keycloak Operator ``` _**NOTE:** It is highly recommended to use the latest stable version._ diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakclient.yaml b/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakclient.yaml index a3e96c97..fdd9d018 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakclient.yaml +++ b/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakclient.yaml @@ -12,6 +12,8 @@ spec: public: false secret: $client-secret-name:client-secret-key webUrl: https://argocd.example.com + adminUrl: https://admin.example.com + homeUrl: /home/ defaultClientScopes: - groups redirectUris: @@ -23,19 +25,28 @@ spec: apiVersion: v1.edp.epam.com/v1 kind: KeycloakClient metadata: - name: keycloakclient-policy-sample + name: keycloakclient-authorization-sample spec: realmRef: name: keycloakrealm-sample kind: KeycloakRealm - clientId: policy-sample - secret: $client-secret-policy-sample:client-secret-key - webUrl: http://example.com + clientId: authorization-sample + secret: $client-secret-authorization-sample:client-secret-key + webUrl: https://example.com directAccess: true authorizationServicesEnabled: true serviceAccount: enabled: true authorization: + scopes: + - scope1 + resources: + - name: resource1 + displayName: Resource 1 + type: test + iconUri: https://example.com/icon.png + scopes: + - scope1 policies: - name: role-policy type: role @@ -112,6 +123,6 @@ spec: apiVersion: v1 kind: Secret metadata: - name: client-secret-policy-sample + name: client-secret-authorization-sample data: client-secret-key: cGFzc3dvcmQ= diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakrealm.yaml b/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakrealm.yaml index bc390acb..4f6c080a 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakrealm.yaml +++ b/packages/system/keycloak-operator/charts/keycloak-operator/_crd_examples/keycloakrealm.yaml @@ -32,3 +32,65 @@ spec: refreshTokenMaxReuse: 300 revokeRefreshToken: true defaultSignatureAlgorithm: RS256 + userProfileConfig: + unmanagedAttributePolicy: "ENABLED" + attributes: + - name: "test-attribute" + displayName: "Test Attribute" + required: + roles: + - "admin" + scopes: + - "profile" + multivalued: true + group: "test-group" + permissions: + edit: + - "admin" + view: + - "admin" + - "user" + selector: + scopes: + - "profile" + annotations: + inputType: "text" + validations: + email: + max-local-length: + intVal: 64 + local-date: {} + options: + options: + sliceVal: + - "option1" + - "option2" + multivalued: + min: + stringVal: "1" + max: + stringVal: "10" + groups: + - name: "test-group" + displayDescription: "Test Group" + displayHeader: "Test Group" + annotations: + groupAnnotation: "groupAnnotation" + smtp: + template: + from: "frm@mailcom" + fromDisplayName: "from display name" + replyTo: "to@mail.com" + replyToDisplayName: "reply to display name" + envelopeFrom: "envelopeFrom@mail.com" + connection: + host: "host" + enableSSL: true + enableStartTLS: true + authentication: + password: + secretKeyRef: + name: "secret-with-email-authentication" + key: "password" + username: + value: "username" diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_clusterkeycloakrealms.yaml b/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_clusterkeycloakrealms.yaml index e42c0842..f2d8e337 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_clusterkeycloakrealms.yaml +++ b/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_clusterkeycloakrealms.yaml @@ -19,6 +19,14 @@ spec: jsonPath: .status.available name: Available type: boolean + - description: Keycloak realm name + jsonPath: .spec.realmName + name: Realm + type: boolean + - description: ClusterKeycloak instance name + jsonPath: .spec.clusterKeycloakRef + name: Cluster-Keycloak + type: boolean name: v1alpha1 schema: openAPIV3Schema: @@ -119,6 +127,11 @@ spec: description: AdminEventsEnabled indicates whether to enable admin events. type: boolean + adminEventsExpiration: + description: |- + AdminEventsExpiration sets the expiration for events in seconds. + Expired events are periodically deleted from the database. + type: integer enabledEventTypes: description: EnabledEventTypes is a list of event types to enable. items: @@ -140,6 +153,140 @@ spec: realmName: description: RealmName specifies the name of the realm. type: string + smtp: + description: Smtp is the configuration for email in the realm. + nullable: true + properties: + connection: + description: Connection specifies the email connection configuration. + properties: + authentication: + description: Authentication specifies the email authentication + configuration. + properties: + password: + description: Password specifies login password. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + username: + description: Username specifies login username. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + value: + description: Directly specifies a value. + type: string + type: object + required: + - password + - username + type: object + enableSSL: + description: EnableSSL specifies if SSL is enabled. + type: boolean + enableStartTLS: + description: EnableStartTLS specifies if StartTLS is enabled. + type: boolean + host: + description: Host specifies the email server host. + type: string + port: + default: 25 + description: Port specifies the email server port. + type: integer + required: + - host + type: object + template: + description: Template specifies the email template configuration. + properties: + envelopeFrom: + description: EnvelopeFrom is an email address used for bounces + . + type: string + from: + description: From specifies the sender email address. + type: string + fromDisplayName: + description: FromDisplayName specifies the sender display + for sender email address. + type: string + replyTo: + description: ReplyTo specifies the reply-to email address. + type: string + replyToDisplayName: + description: ReplyToDisplayName specifies display name for + reply-to email address. + type: string + required: + - from + type: object + required: + - connection + - template + type: object themes: description: Themes is a map of themes to apply to the realm. nullable: true @@ -235,6 +382,143 @@ spec: Otherwise, refresh tokens are not revoked when used and can be used multiple times. type: boolean type: object + userProfileConfig: + description: UserProfileConfig is the configuration for user profiles + in the realm. + nullable: true + properties: + attributes: + description: Attributes specifies the list of user profile attributes. + items: + properties: + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations for the + attribute. + type: object + displayName: + description: Display name for the attribute. + type: string + group: + description: Group to which the attribute belongs. + type: string + multivalued: + description: |- + Multivalued specifies if this attribute supports multiple values. + This setting is an indicator and does not enable any validation + type: boolean + name: + description: Name of the user attribute, used to uniquely + identify an attribute. + type: string + permissions: + description: Permissions specifies the permissions for the + attribute. + properties: + edit: + description: Edit specifies who can edit the attribute. + items: + type: string + type: array + view: + description: View specifies who can view the attribute. + items: + type: string + type: array + type: object + required: + description: Required indicates that the attribute must + be set by users and administrators. + properties: + roles: + description: Roles specifies the roles for whom the + attribute is required. + items: + type: string + type: array + scopes: + description: Scopes specifies the scopes when the attribute + is required. + items: + type: string + type: array + type: object + selector: + description: Selector specifies the scopes for which the + attribute is available. + properties: + scopes: + description: Scopes specifies the scopes for which the + attribute is available. + items: + type: string + type: array + type: object + validations: + additionalProperties: + additionalProperties: + properties: + intVal: + type: integer + mapVal: + additionalProperties: + type: string + nullable: true + type: object + sliceVal: + items: + type: string + nullable: true + type: array + stringVal: + type: string + type: object + type: object + description: Validations specifies the validations for the + attribute. + type: object + required: + - name + type: object + type: array + groups: + description: Groups specifies the list of user profile groups. + items: + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations specifies the annotations for the group. + nullable + type: object + displayDescription: + description: DisplayDescription specifies a user-friendly + name for the group that should be used when rendering + a group of attributes in user-facing forms. + type: string + displayHeader: + description: DisplayHeader specifies a text that should + be used as a header when rendering user-facing forms. + type: string + name: + description: Name is unique name of the group. + type: string + required: + - name + type: object + type: array + unmanagedAttributePolicy: + description: |- + UnmanagedAttributePolicy are user attributes not explicitly defined in the user profile configuration. + Empty value means that unmanaged attributes are disabled. + Possible values: + ENABLED - unmanaged attributes are allowed. + ADMIN_VIEW - unmanaged attributes are read-only and only available through the administration console and API. + ADMIN_EDIT - unmanaged attributes can be managed only through the administration console and API. + type: string + type: object required: - clusterKeycloakRef - realmName diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakclients.yaml b/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakclients.yaml index 1923d806..c79d8376 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakclients.yaml +++ b/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakclients.yaml @@ -44,6 +44,15 @@ spec: spec: description: KeycloakClientSpec defines the desired state of KeycloakClient. properties: + adminFineGrainedPermissionsEnabled: + description: AdminFineGrainedPermissionsEnabled enable/disable fine-grained + admin permissions for a client. + type: boolean + adminUrl: + description: |- + AdminUrl is client admin url. + If empty - WebUrl will be used. + type: string advancedProtocolMappers: description: AdvancedProtocolMappers is a flag to enable advanced protocol mappers. @@ -56,6 +65,14 @@ spec: description: Attributes is a map of client attributes. nullable: true type: object + authenticationFlowBindingOverrides: + description: AuthenticationFlowBindingOverrides client auth flow overrides + properties: + browser: + type: string + directGrant: + type: string + type: object authorization: description: Authorization is a client authorization configuration. nullable: true @@ -334,14 +351,61 @@ spec: - type type: object type: array + resources: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + description: Attributes is a map of resource attributes. + nullable: true + type: object + displayName: + description: DisplayName for Identity Providers. + type: string + iconUri: + description: IconURI pointing to an icon. + type: string + name: + description: Name is unique resource name. + type: string + ownerManagedAccess: + description: OwnerManagedAccess if enabled, the access to + this resource can be managed by the resource owner. + type: boolean + scopes: + description: |- + Scopes requested or assigned in advance to the client to determine whether the policy is applied to this client. + Condition is evaluated during OpenID Connect authorization request and/or token request. + items: + type: string + nullable: true + type: array + type: + description: Type of this resource. It can be used to group + different resource instances with the same type. + type: string + uris: + description: URIs which are protected by resource. + items: + type: string + nullable: true + type: array + required: + - displayName + - name + type: object + type: array scopes: items: type: string type: array type: object authorizationServicesEnabled: - description: ServiceAccountsEnabled enable/disable fine-grained authorization - support for a client. + description: AuthorizationServicesEnabled enable/disable fine-grained + authorization support for a client. type: boolean bearerOnly: description: BearerOnly is a flag to enable bearer-only. @@ -389,6 +453,9 @@ spec: default: true description: FullScopeAllowed is a flag to enable full scope. type: boolean + homeUrl: + description: HomeUrl is a client home url. + type: string implicitFlowEnabled: description: ImplicitFlowEnabled is a flag to enable support for OpenID Connect redirect based authentication without authorization code. @@ -403,6 +470,26 @@ spec: type: string nullable: true type: array + permission: + description: Permission is a client permissions configuration + nullable: true + properties: + scopePermissions: + description: ScopePermissions mapping of scope and the policies + attached + items: + properties: + name: + type: string + policies: + items: + type: string + type: array + required: + - name + type: object + type: array + type: object protocol: description: Protocol is a client protocol. nullable: true diff --git a/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakrealms.yaml b/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakrealms.yaml index a86b5093..69523264 100644 --- a/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakrealms.yaml +++ b/packages/system/keycloak-operator/charts/keycloak-operator/crds/v1.edp.epam.com_keycloakrealms.yaml @@ -23,6 +23,14 @@ spec: jsonPath: .status.value name: Status type: string + - description: Keycloak realm name + jsonPath: .spec.realmName + name: Realm + type: boolean + - description: Keycloak instance name + jsonPath: .spec.keycloakRef + name: Keycloak + type: boolean name: v1 schema: openAPIV3Schema: @@ -124,6 +132,11 @@ spec: description: AdminEventsEnabled indicates whether to enable admin events. type: boolean + adminEventsExpiration: + description: |- + AdminEventsExpiration sets the expiration for events in seconds. + Expired events are periodically deleted from the database. + type: integer enabledEventTypes: description: EnabledEventTypes is a list of event types to enable. items: @@ -145,6 +158,140 @@ spec: realmName: description: RealmName specifies the name of the realm. type: string + smtp: + description: Smtp is the configuration for email in the realm. + nullable: true + properties: + connection: + description: Connection specifies the email connection configuration. + properties: + authentication: + description: Authentication specifies the email authentication + configuration. + properties: + password: + description: Password specifies login password. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + username: + description: Username specifies login username. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret. + properties: + key: + description: The key of the secret to select from. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + value: + description: Directly specifies a value. + type: string + type: object + required: + - password + - username + type: object + enableSSL: + description: EnableSSL specifies if SSL is enabled. + type: boolean + enableStartTLS: + description: EnableStartTLS specifies if StartTLS is enabled. + type: boolean + host: + description: Host specifies the email server host. + type: string + port: + default: 25 + description: Port specifies the email server port. + type: integer + required: + - host + type: object + template: + description: Template specifies the email template configuration. + properties: + envelopeFrom: + description: EnvelopeFrom is an email address used for bounces + . + type: string + from: + description: From specifies the sender email address. + type: string + fromDisplayName: + description: FromDisplayName specifies the sender display + for sender email address. + type: string + replyTo: + description: ReplyTo specifies the reply-to email address. + type: string + replyToDisplayName: + description: ReplyToDisplayName specifies display name for + reply-to email address. + type: string + required: + - from + type: object + required: + - connection + - template + type: object themes: description: Themes is a map of themes to apply to the realm. nullable: true @@ -245,6 +392,145 @@ spec: Otherwise, refresh tokens are not revoked when used and can be used multiple times. type: boolean type: object + userProfileConfig: + description: |- + UserProfileConfig is the configuration for user profiles in the realm. + Attributes and groups will be added to the current realm configuration. + Deletion of attributes and groups is not supported. + nullable: true + properties: + attributes: + description: Attributes specifies the list of user profile attributes. + items: + properties: + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations for the + attribute. + type: object + displayName: + description: Display name for the attribute. + type: string + group: + description: Group to which the attribute belongs. + type: string + multivalued: + description: |- + Multivalued specifies if this attribute supports multiple values. + This setting is an indicator and does not enable any validation + type: boolean + name: + description: Name of the user attribute, used to uniquely + identify an attribute. + type: string + permissions: + description: Permissions specifies the permissions for the + attribute. + properties: + edit: + description: Edit specifies who can edit the attribute. + items: + type: string + type: array + view: + description: View specifies who can view the attribute. + items: + type: string + type: array + type: object + required: + description: Required indicates that the attribute must + be set by users and administrators. + properties: + roles: + description: Roles specifies the roles for whom the + attribute is required. + items: + type: string + type: array + scopes: + description: Scopes specifies the scopes when the attribute + is required. + items: + type: string + type: array + type: object + selector: + description: Selector specifies the scopes for which the + attribute is available. + properties: + scopes: + description: Scopes specifies the scopes for which the + attribute is available. + items: + type: string + type: array + type: object + validations: + additionalProperties: + additionalProperties: + properties: + intVal: + type: integer + mapVal: + additionalProperties: + type: string + nullable: true + type: object + sliceVal: + items: + type: string + nullable: true + type: array + stringVal: + type: string + type: object + type: object + description: Validations specifies the validations for the + attribute. + type: object + required: + - name + type: object + type: array + groups: + description: Groups specifies the list of user profile groups. + items: + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations specifies the annotations for the group. + nullable + type: object + displayDescription: + description: DisplayDescription specifies a user-friendly + name for the group that should be used when rendering + a group of attributes in user-facing forms. + type: string + displayHeader: + description: DisplayHeader specifies a text that should + be used as a header when rendering user-facing forms. + type: string + name: + description: Name is unique name of the group. + type: string + required: + - name + type: object + type: array + unmanagedAttributePolicy: + description: |- + UnmanagedAttributePolicy are user attributes not explicitly defined in the user profile configuration. + Empty value means that unmanaged attributes are disabled. + Possible values: + ENABLED - unmanaged attributes are allowed. + ADMIN_VIEW - unmanaged attributes are read-only and only available through the administration console and API. + ADMIN_EDIT - unmanaged attributes can be managed only through the administration console and API. + type: string + type: object users: description: Users is a list of users to create in the realm. items: diff --git a/packages/system/kubeovn-webhook/values.yaml b/packages/system/kubeovn-webhook/values.yaml index d6b566f4..e2768c17 100644 --- a/packages/system/kubeovn-webhook/values.yaml +++ b/packages/system/kubeovn-webhook/values.yaml @@ -1,3 +1,3 @@ portSecurity: true routes: "" -image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.28.0@sha256:7412c1e3f5a1f0bc27b1d4a91c4715a88017fcbf758f838b51ea2005ec3cf7b2 +image: ghcr.io/cozystack/cozystack/kubeovn-webhook:v0.30.0@sha256:fa14fa7a0ffa628eb079ddcf6ce41d75b43de92e50f489422f8fb15c4dab2dbf diff --git a/packages/system/kubeovn/Makefile b/packages/system/kubeovn/Makefile index 2e0c1a21..559dd118 100644 --- a/packages/system/kubeovn/Makefile +++ b/packages/system/kubeovn/Makefile @@ -1,4 +1,4 @@ -KUBEOVN_TAG = v1.13.3 +KUBEOVN_TAG = v1.13.8 export NAME=kubeovn export NAMESPACE=cozy-$(NAME) diff --git a/packages/system/kubeovn/charts/kube-ovn/Chart.yaml b/packages/system/kubeovn/charts/kube-ovn/Chart.yaml index 03a69991..cf67c7d9 100644 --- a/packages/system/kubeovn/charts/kube-ovn/Chart.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: v1.13.3 +version: v1.13.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.13.3" +appVersion: "1.13.8" kubeVersion: ">= 1.23.0-0" diff --git a/packages/system/kubeovn/charts/kube-ovn/values.yaml b/packages/system/kubeovn/charts/kube-ovn/values.yaml index 2934a320..98c6bb2c 100644 --- a/packages/system/kubeovn/charts/kube-ovn/values.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/values.yaml @@ -10,7 +10,7 @@ global: repository: kube-ovn dpdkRepository: kube-ovn-dpdk vpcRepository: vpc-nat-gateway - tag: v1.13.3 + tag: v1.13.8 support_arm: true thirdparty: true diff --git a/packages/system/kubeovn/images/kubeovn/Dockerfile b/packages/system/kubeovn/images/kubeovn/Dockerfile index 543fa3c2..be05d4b8 100644 --- a/packages/system/kubeovn/images/kubeovn/Dockerfile +++ b/packages/system/kubeovn/images/kubeovn/Dockerfile @@ -1,10 +1,10 @@ # syntax = docker/dockerfile:experimental -ARG VERSION=v1.13.3 +ARG VERSION=v1.13.8 ARG BASE_TAG=$VERSION FROM golang:1.23-bookworm as builder -ARG TAG=v1.13.3 +ARG TAG=v1.13.8 RUN git clone --branch ${TAG} --depth 1 https://github.com/kubeovn/kube-ovn /source WORKDIR /source diff --git a/packages/system/kubeovn/values.yaml b/packages/system/kubeovn/values.yaml index 68112e79..1d1921bc 100644 --- a/packages/system/kubeovn/values.yaml +++ b/packages/system/kubeovn/values.yaml @@ -22,4 +22,4 @@ global: images: kubeovn: repository: kubeovn - tag: v1.13.3@sha256:1ce5fb7d596d2a6a52982e3d7541d56d75e14e8b0a1331c262bcbb9793a317af + tag: v1.13.8@sha256:46ae1fe72aec9e153fff24186eeb297b7c6f27354f050993c7a2772c68a208ef diff --git a/packages/system/kubevirt/templates/kubevirt-cr.yaml b/packages/system/kubevirt/templates/kubevirt-cr.yaml index a292c15a..54f2cf9c 100644 --- a/packages/system/kubevirt/templates/kubevirt-cr.yaml +++ b/packages/system/kubevirt/templates/kubevirt-cr.yaml @@ -15,6 +15,8 @@ spec: - ExpandDisks - LiveMigration - AutoResourceLimitsGate + - CPUManager + - GPU evictionStrategy: LiveMigrate customizeComponents: {} imagePullPolicy: IfNotPresent diff --git a/packages/system/linstor/hack/plunger/plunger-drbd-logger.sh b/packages/system/linstor/hack/plunger/plunger-drbd-logger.sh new file mode 100755 index 00000000..297c66b8 --- /dev/null +++ b/packages/system/linstor/hack/plunger/plunger-drbd-logger.sh @@ -0,0 +1,38 @@ +#!/bin/bash +set -e + +terminate() { + echo "Caught signal, terminating" + exit 0 +} + +trap terminate SIGINT SIGQUIT SIGTERM + +echo "Started logger of bad DRBD statuses" + +while true; do + + all_devices="$(drbdsetup status --json 2>/dev/null)" + unhealthy_devices="$(echo "${all_devices}" | jq -r ' + map(select( + .suspended != false or + ."force-io-failures" != false or + # Diskless can be legit when allowRemoteVolumeAccess is set to "true" + # TODO how does forced-diskless look? + ([.devices[]."disk-state"] | inside(["UpToDate", "Consistent", "Diskless"]) | not) or + (.connections[]."connection-state" != "Connected") or + # congested is not an alarm but an indicator + (.connections[]."congested" != false) or + (.connections[].peer_devices[]."replication-state" != "Established") + )) + | unique + ')" + if [ "${unhealthy_devices}" != '[]' ]; then + echo -e "Unhealthy devices:\n${unhealthy_devices}" + fi + + sleep 30 & + pid=$! + wait $pid + +done diff --git a/packages/system/linstor/hack/plunger/plunger-satellite.sh b/packages/system/linstor/hack/plunger/plunger-satellite.sh index 5ecc184d..3d450f29 100755 --- a/packages/system/linstor/hack/plunger/plunger-satellite.sh +++ b/packages/system/linstor/hack/plunger/plunger-satellite.sh @@ -8,8 +8,31 @@ terminate() { trap terminate SIGINT SIGQUIT SIGTERM -echo "Running Linstor per-satellite plunger:" -cat "${0}" +function get_drbd_connecting() { + all_devices="$(drbdsetup status --json 2>/dev/null)" + unhealthy_devices="$(echo "${all_devices}" | jq -r ' + map( + select( + # Skip devices that were suspended for io errors, reconnect will not help here + .suspended == false and + # Uncomment to select Secondary devices only + # .role == "Secondary" and + (.connections[]."connection-state" == "Connecting") + ) + | { + name: .name, + "peer-node-id": .connections[] + | select(.["connection-state"] == "Connecting") + | ."peer-node-id" + } + ) + # redundant, but required for array intersection calculation later + | unique + ')" + echo "${unhealthy_devices}" +} + +echo "Starting Linstor per-satellite plunger" while true; do @@ -22,20 +45,58 @@ while true; do # the `/` path could not be a backing file for a loop device, so it's a good indicator of a stuck loop device # TODO describe the issue in more detail # Using the direct /usr/sbin/losetup as the linstor-satellite image has own wrapper in /usr/local - stale_loopbacks=$(/usr/sbin/losetup --json | jq -r '.[][] | select(."back-file" == "/ (deleted)").name') + stale_loopbacks=$(/usr/sbin/losetup --json | jq -r '.[][] | select(."back-file" == "/" or ."back-file" == "/ (deleted)").name' ) for stale_device in $stale_loopbacks; do ( echo "Detaching stuck loop device ${stale_device}" set -x - /usr/sbin/losetup --detach "${stale_device}" + /usr/sbin/losetup --detach "${stale_device}" || echo "Command failed" ); done - # Detect secondary volumes that lost connection and can be simply reconnected + # Detect secondary volumes that got suspended with force-io-failure + # As long as this is not a primary volume, it's somewhat safe to recreate the whole DRBD device. + # Backing block device is not touched. disconnected_secondaries=$(drbdadm status 2>/dev/null | awk '/pvc-.*role:Secondary.*force-io-failures:yes/ {print $1}') for secondary in $disconnected_secondaries; do ( - echo "Trying to reconnect secondary volume ${secondary}" + echo "Trying to recreate secondary volume ${secondary}" set -x - drbdadm down "${secondary}" - drbdadm up "${secondary}" + drbdadm down "${secondary}" || echo "Command failed" + drbdadm up "${secondary}" || echo "Command failed" ); done + # Detect devices that lost connection and can be simply reconnected + # This may be fixed in DRBD 9.2.13 + # see https://github.com/LINBIT/drbd/blob/drbd-9.2/ChangeLog + connecting_devices1="$(get_drbd_connecting)" + if [ "${connecting_devices1}" != '[]' ]; then + + # wait 10 seconds to avoid false positives + sleep 1 & + pid=$! + wait $pid + + # and check again + connecting_devices2="$(get_drbd_connecting)" + + export connecting_devices1 connecting_devices2 + stuck_connecting="$(jq -rn ' + env.connecting_devices1 | fromjson as $l1 + | env.connecting_devices2 | fromjson as $l2 + # calculate the intersection + | $l1 - ($l2 - $l1) + | .[] + # output as strings + | (.name) + " " + (."peer-node-id" | tostring) + ')" + + while IFS= read -r path; do ( + echo "Trying to reconnect secondary volume ${path}" + set -x + # shellcheck disable=SC2086 + drbdsetup disconnect ${path} || echo "Command failed" + # shellcheck disable=SC2086 + drbdsetup connect ${path} || echo "Command failed" + ) done <<< "$stuck_connecting" + + fi + done diff --git a/packages/system/linstor/templates/cluster.yaml b/packages/system/linstor/templates/cluster.yaml index fffb170d..e3f8bb80 100644 --- a/packages/system/linstor/templates/cluster.yaml +++ b/packages/system/linstor/templates/cluster.yaml @@ -43,3 +43,25 @@ spec: configMap: name: linstor-plunger defaultMode: 0755 + patches: + - target: + kind: Deployment + name: linstor-controller + patch: |- + - op: add + path: /metadata/annotations/reloader.stakater.com~1auto + value: "true" + - target: + kind: Deployment + name: linstor-csi-controller + patch: |- + - op: add + path: /metadata/annotations/reloader.stakater.com~1auto + value: "true" + - target: + kind: DaemonSet + name: linstor-csi-node + patch: |- + - op: add + path: /metadata/annotations/reloader.stakater.com~1auto + value: "true" diff --git a/packages/system/linstor/templates/networkpolicy.yaml b/packages/system/linstor/templates/networkpolicy.yaml new file mode 100644 index 00000000..e8129b30 --- /dev/null +++ b/packages/system/linstor/templates/networkpolicy.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: cilium.io/v2 +kind: CiliumClusterwideNetworkPolicy +metadata: + name: restrict-drbd-reactor +spec: + ingressDeny: + - fromEntities: + - world + toPorts: + - ports: + - port: "9942" + ingress: + - fromEntities: + - world + - host + - cluster + nodeSelector: + matchLabels: {} diff --git a/packages/system/linstor/templates/plunger/configmap-scripts.yaml b/packages/system/linstor/templates/plunger/configmap-scripts.yaml index 9b5754ba..7dc72ef5 100644 --- a/packages/system/linstor/templates/plunger/configmap-scripts.yaml +++ b/packages/system/linstor/templates/plunger/configmap-scripts.yaml @@ -6,8 +6,4 @@ kind: ConfigMap metadata: name: linstor-plunger namespace: cozy-linstor -data: -{{- range $path, $file := $files }} - {{ $path | base }}: | - {{- $file | toString | nindent 4 }} -{{- end -}} +data: {{- $files.AsConfig | nindent 2 }} diff --git a/packages/system/linstor/templates/satellites-plunger.yaml b/packages/system/linstor/templates/satellites-plunger.yaml index b3abd152..e3cfa3b1 100644 --- a/packages/system/linstor/templates/satellites-plunger.yaml +++ b/packages/system/linstor/templates/satellites-plunger.yaml @@ -47,6 +47,29 @@ spec: - mountPath: /scripts name: script-volume readOnly: true + - name: drbd-logger + image: {{ include "cozy.linstor.version.satellite" . }} + command: + - "/scripts/plunger-drbd-logger.sh" + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_ADMIN + drop: + - ALL + privileged: true + readOnlyRootFilesystem: false + volumeMounts: + - mountPath: /dev + name: dev + - mountPath: /var/lib/drbd + name: var-lib-drbd + - mountPath: /var/lib/linstor.d + name: var-lib-linstor-d + - mountPath: /scripts + name: script-volume + readOnly: true volumes: - name: script-volume configMap: diff --git a/packages/system/linstor/templates/satellites-reloader.yaml b/packages/system/linstor/templates/satellites-reloader.yaml new file mode 100644 index 00000000..10f9efda --- /dev/null +++ b/packages/system/linstor/templates/satellites-reloader.yaml @@ -0,0 +1,13 @@ +apiVersion: piraeus.io/v1 +kind: LinstorSatelliteConfiguration +metadata: + name: cozystack-reloader +spec: + patches: + - target: + kind: DaemonSet + name: linstor-satellite + patch: |- + - op: add + path: /metadata/annotations/reloader.stakater.com~1auto + value: "true" diff --git a/packages/system/monitoring-agents/templates/networkpolicy.yaml b/packages/system/monitoring-agents/templates/networkpolicy.yaml new file mode 100644 index 00000000..aa6dd4fe --- /dev/null +++ b/packages/system/monitoring-agents/templates/networkpolicy.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: cilium.io/v2 +kind: CiliumClusterwideNetworkPolicy +metadata: + name: restrict-node-exporter +spec: + ingressDeny: + - fromEntities: + - world + toPorts: + - ports: + - port: "9100" + ingress: + - fromEntities: + - world + - host + - cluster + nodeSelector: + matchLabels: {} diff --git a/packages/system/monitoring-agents/templates/vmagent.yaml b/packages/system/monitoring-agents/templates/vmagent.yaml index bf53965b..78c6d46f 100644 --- a/packages/system/monitoring-agents/templates/vmagent.yaml +++ b/packages/system/monitoring-agents/templates/vmagent.yaml @@ -3,6 +3,7 @@ kind: VMAgent metadata: name: vmagent spec: + shardCount: 1 externalLabels: cluster: {{ .Values.vmagent.externalLabels.cluster }} tenant: {{ .Values.vmagent.externalLabels.tenant }} diff --git a/packages/system/monitoring-agents/templates/vpa.yaml b/packages/system/monitoring-agents/templates/vpa.yaml new file mode 100644 index 00000000..fa672d82 --- /dev/null +++ b/packages/system/monitoring-agents/templates/vpa.yaml @@ -0,0 +1,27 @@ +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: vpa-vmagent +spec: + targetRef: + apiVersion: operator.victoriametrics.com/v1beta1 + kind: VMAgent + name: vmagent + updatePolicy: + updateMode: Auto + resourcePolicy: + containerPolicies: + - containerName: config-reloader + minAllowed: + cpu: 100m + memory: 25Mi + maxAllowed: + cpu: 1000m + memory: 256Mi + - containerName: vmagent + minAllowed: + cpu: 100m + memory: 25Mi + maxAllowed: + cpu: 4000m + memory: 6G diff --git a/packages/core/builder/Chart.yaml b/packages/system/reloader/Chart.yaml old mode 100755 new mode 100644 similarity index 85% rename from packages/core/builder/Chart.yaml rename to packages/system/reloader/Chart.yaml index 91337a4b..9c7e9afb --- a/packages/core/builder/Chart.yaml +++ b/packages/system/reloader/Chart.yaml @@ -1,3 +1,3 @@ apiVersion: v2 -name: builder +name: cozy-reloader version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/reloader/Makefile b/packages/system/reloader/Makefile new file mode 100644 index 00000000..378dc23c --- /dev/null +++ b/packages/system/reloader/Makefile @@ -0,0 +1,10 @@ +export NAME=reloader +export NAMESPACE=cozy-$(NAME) + +include ../../../scripts/package.mk + +update: + rm -rf charts + helm repo add stakater https://stakater.github.io/stakater-charts + helm repo update + helm pull stakater/reloader --untar --untardir charts diff --git a/packages/system/reloader/charts/reloader/.helmignore b/packages/system/reloader/charts/reloader/.helmignore new file mode 100644 index 00000000..9e169088 --- /dev/null +++ b/packages/system/reloader/charts/reloader/.helmignore @@ -0,0 +1,2 @@ +# OWNERS file for Kubernetes +OWNERS diff --git a/packages/system/reloader/charts/reloader/Chart.yaml b/packages/system/reloader/charts/reloader/Chart.yaml new file mode 100644 index 00000000..84ea57f6 --- /dev/null +++ b/packages/system/reloader/charts/reloader/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +appVersion: v1.3.0 +description: Reloader chart that runs on kubernetes +home: https://github.com/stakater/Reloader +icon: https://raw.githubusercontent.com/stakater/Reloader/master/assets/web/reloader-round-100px.png +keywords: +- Reloader +- kubernetes +maintainers: +- email: hello@stakater.com + name: Stakater +- email: rasheed@stakater.com + name: rasheedamir +- email: faizan@stakater.com + name: faizanahmad055 +name: reloader +sources: +- https://github.com/stakater/Reloader +version: 2.0.0 diff --git a/packages/system/reloader/charts/reloader/templates/NOTES.txt b/packages/system/reloader/charts/reloader/templates/NOTES.txt new file mode 100644 index 00000000..d437a4f2 --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/NOTES.txt @@ -0,0 +1,7 @@ +- For a `Deployment` called `foo` have a `ConfigMap` called `foo-configmap`. Then add this annotation to main metadata of your `Deployment` + {{ .Values.reloader.custom_annotations.configmap | default "configmap.reloader.stakater.com/reload" }}: "foo-configmap" + +- For a `Deployment` called `foo` have a `Secret` called `foo-secret`. Then add this annotation to main metadata of your `Deployment` + {{ .Values.reloader.custom_annotations.secret | default "secret.reloader.stakater.com/reload" }}: "foo-secret" + +- After successful installation, your pods will get rolling updates when a change in data of configmap or secret will happen. diff --git a/packages/system/reloader/charts/reloader/templates/_helpers.tpl b/packages/system/reloader/charts/reloader/templates/_helpers.tpl new file mode 100644 index 00000000..04b3ee4d --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/_helpers.tpl @@ -0,0 +1,65 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} + +{{- define "reloader-name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | lower -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "reloader-fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{- define "reloader-labels.chart" -}} +app: {{ template "reloader-fullname" . }} +chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" +release: {{ .Release.Name | quote }} +heritage: {{ .Release.Service | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end -}} + +{{/* +Create pod anti affinity labels +*/}} +{{- define "reloader-podAntiAffinity" -}} +podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ template "reloader-fullname" . }} + topologyKey: "kubernetes.io/hostname" +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "reloader-serviceAccountName" -}} +{{- if .Values.reloader.serviceAccount.create -}} + {{ default (include "reloader-fullname" .) .Values.reloader.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.reloader.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the annotations to support helm3 +*/}} +{{- define "reloader-helm3.annotations" -}} +meta.helm.sh/release-namespace: {{ .Release.Namespace | quote }} +meta.helm.sh/release-name: {{ .Release.Name | quote }} +{{- end -}} diff --git a/packages/system/reloader/charts/reloader/templates/clusterrole.yaml b/packages/system/reloader/charts/reloader/templates/clusterrole.yaml new file mode 100644 index 00000000..5b2ad549 --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/clusterrole.yaml @@ -0,0 +1,112 @@ +{{- if and .Values.reloader.watchGlobally (.Values.reloader.rbac.enabled) }} +{{- if (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") }} +apiVersion: rbac.authorization.k8s.io/v1 +{{ else }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- end }} +kind: ClusterRole +metadata: + annotations: +{{ include "reloader-helm3.annotations" . | indent 4 }} + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{- if .Values.reloader.rbac.labels }} +{{ toYaml .Values.reloader.rbac.labels | indent 4 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 4 }} +{{- end }} + name: {{ template "reloader-fullname" . }}-role +rules: + - apiGroups: + - "" + resources: +{{- if .Values.reloader.ignoreSecrets }}{{- else }} + - secrets +{{- end }} +{{- if .Values.reloader.ignoreConfigMaps }}{{- else }} + - configmaps +{{- end }} + verbs: + - list + - get + - watch +{{- if .Values.reloader.namespaceSelector }} + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +{{- end }} +{{- if and (.Capabilities.APIVersions.Has "apps.openshift.io/v1") (.Values.reloader.isOpenshift) }} + - apiGroups: + - "apps.openshift.io" + - "" + resources: + - deploymentconfigs + verbs: + - list + - get + - update + - patch +{{- end }} +{{- if and (.Capabilities.APIVersions.Has "argoproj.io/v1alpha1") (.Values.reloader.isArgoRollouts) }} + - apiGroups: + - "argoproj.io" + - "" + resources: + - rollouts + verbs: + - list + - get + - update + - patch +{{- end }} + - apiGroups: + - "apps" + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - list + - get + - update + - patch + - apiGroups: + - "batch" + resources: + - cronjobs + verbs: + - list + - get + - apiGroups: + - "batch" + resources: + - jobs + verbs: + - create + - delete + - list + - get +{{- if .Values.reloader.enableHA }} + - apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - create + - get + - update +{{- end}} + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +{{- end }} diff --git a/packages/system/reloader/charts/reloader/templates/clusterrolebinding.yaml b/packages/system/reloader/charts/reloader/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..0730dba9 --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/clusterrolebinding.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.reloader.watchGlobally (.Values.reloader.rbac.enabled) }} +{{- if (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") }} +apiVersion: rbac.authorization.k8s.io/v1 +{{ else }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- end }} +kind: ClusterRoleBinding +metadata: + annotations: +{{ include "reloader-helm3.annotations" . | indent 4 }} + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{- if .Values.reloader.rbac.labels }} +{{ toYaml .Values.reloader.rbac.labels | indent 4 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 4 }} +{{- end }} + name: {{ template "reloader-fullname" . }}-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "reloader-fullname" . }}-role +subjects: + - kind: ServiceAccount + name: {{ template "reloader-serviceAccountName" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} +{{- end }} diff --git a/packages/system/reloader/charts/reloader/templates/deployment.yaml b/packages/system/reloader/charts/reloader/templates/deployment.yaml new file mode 100644 index 00000000..851230e8 --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/deployment.yaml @@ -0,0 +1,300 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: +{{ include "reloader-helm3.annotations" . | indent 4 }} +{{- if .Values.reloader.deployment.annotations }} +{{ toYaml .Values.reloader.deployment.annotations | indent 4 }} +{{- end }} + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{- if .Values.reloader.deployment.labels }} +{{ toYaml .Values.reloader.deployment.labels | indent 4 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 4 }} +{{- end }} + name: {{ template "reloader-fullname" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} +spec: +{{- if not (.Values.reloader.enableHA) }} + replicas: {{ min .Values.reloader.deployment.replicas 1 }} +{{- else }} + replicas: {{ .Values.reloader.deployment.replicas }} +{{- end}} + revisionHistoryLimit: {{ .Values.reloader.deployment.revisionHistoryLimit }} + selector: + matchLabels: + app: {{ template "reloader-fullname" . }} + release: {{ .Release.Name | quote }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 6 }} +{{- end }} + template: + metadata: +{{- if .Values.reloader.deployment.pod.annotations }} + annotations: +{{ toYaml .Values.reloader.deployment.pod.annotations | indent 8 }} +{{- end }} + labels: +{{ include "reloader-labels.chart" . | indent 8 }} +{{- if .Values.reloader.deployment.labels }} +{{ toYaml .Values.reloader.deployment.labels | indent 8 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 8 }} +{{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.reloader.deployment.nodeSelector }} + nodeSelector: +{{ toYaml .Values.reloader.deployment.nodeSelector | indent 8 }} + {{- end }} + {{- if or (.Values.reloader.deployment.affinity) (.Values.reloader.enableHA) }} + affinity: + {{- if .Values.reloader.deployment.affinity }} +{{ toYaml .Values.reloader.deployment.affinity | indent 8 }} + {{- else }} +{{ include "reloader-podAntiAffinity" . | indent 8 }} + {{- end }} + {{- end }} + {{- if .Values.reloader.deployment.tolerations }} + tolerations: +{{ toYaml .Values.reloader.deployment.tolerations | indent 8 }} + {{- end }} + {{- if .Values.reloader.deployment.topologySpreadConstraints }} + topologySpreadConstraints: +{{ toYaml .Values.reloader.deployment.topologySpreadConstraints | indent 8 }} + {{- end }} + {{- if .Values.reloader.deployment.priorityClassName }} + priorityClassName: {{ .Values.reloader.deployment.priorityClassName }} + {{- end }} + containers: + {{- if .Values.global.imageRegistry }} + - image: "{{ .Values.global.imageRegistry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}" + {{- else }} + {{- if .Values.image.digest }} + - image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}" + {{- else }} + - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- end }} + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: {{ template "reloader-fullname" . }} + env: + - name: GOMAXPROCS + {{- if .Values.reloader.deployment.gomaxprocsOverride }} + value: {{ .Values.reloader.deployment.gomaxprocsOverride | quote }} + {{- else }} + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: '1' + {{- end }} + - name: GOMEMLIMIT + {{- if .Values.reloader.deployment.gomemlimitOverride }} + value: {{ .Values.reloader.deployment.gomemlimitOverride | quote }} + {{- else }} + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: '1' + {{- end }} + {{- range $name, $value := .Values.reloader.deployment.env.open }} + {{- if not (empty $value) }} + - name: {{ $name | quote }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- $secret_name := include "reloader-fullname" . }} + {{- range $name, $value := .Values.reloader.deployment.env.secret }} + {{- if not ( empty $value) }} + - name: {{ $name | quote }} + valueFrom: + secretKeyRef: + name: {{ $secret_name }} + key: {{ $name | quote }} + {{- end }} + {{- end }} + {{- range $secret, $values := .Values.reloader.deployment.env.existing }} + {{- range $name, $key := $values }} + {{- if not ( empty $name) }} + - name: {{ $name | quote }} + valueFrom: + secretKeyRef: + name: {{ $secret | quote }} + key: {{ $key | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- range $name, $value := .Values.reloader.deployment.env.field }} + {{- if not ( empty $value) }} + - name: {{ $name | quote }} + valueFrom: + fieldRef: + fieldPath: {{ $value | quote}} + {{- end }} + {{- end }} + {{- if eq .Values.reloader.watchGlobally false }} + - name: KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- end }} + {{- if .Values.reloader.enableHA }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- end }} + {{- if .Values.reloader.enableMetricsByNamespace }} + - name: METRICS_COUNT_BY_NAMESPACE + value: enabled + {{- end }} + ports: + - name: http + containerPort: 9090 + livenessProbe: + httpGet: + path: /live + port: http + timeoutSeconds: {{ .Values.reloader.deployment.livenessProbe.timeoutSeconds | default "5" }} + failureThreshold: {{ .Values.reloader.deployment.livenessProbe.failureThreshold | default "5" }} + periodSeconds: {{ .Values.reloader.deployment.livenessProbe.periodSeconds | default "10" }} + successThreshold: {{ .Values.reloader.deployment.livenessProbe.successThreshold | default "1" }} + initialDelaySeconds: {{ .Values.reloader.deployment.livenessProbe.initialDelaySeconds | default "10" }} + readinessProbe: + httpGet: + path: /metrics + port: http + timeoutSeconds: {{ .Values.reloader.deployment.readinessProbe.timeoutSeconds | default "5" }} + failureThreshold: {{ .Values.reloader.deployment.readinessProbe.failureThreshold | default "5" }} + periodSeconds: {{ .Values.reloader.deployment.readinessProbe.periodSeconds | default "10" }} + successThreshold: {{ .Values.reloader.deployment.readinessProbe.successThreshold | default "1" }} + initialDelaySeconds: {{ .Values.reloader.deployment.readinessProbe.initialDelaySeconds | default "10" }} + + {{- $containerSecurityContext := .Values.reloader.deployment.containerSecurityContext | default dict }} + {{- if .Values.reloader.readOnlyRootFileSystem }} + {{- $_ := set $containerSecurityContext "readOnlyRootFilesystem" true }} + {{- end }} + + securityContext: + {{- toYaml $containerSecurityContext | nindent 10 }} + + {{- if (or (.Values.reloader.deployment.volumeMounts) (eq .Values.reloader.readOnlyRootFileSystem true)) }} + volumeMounts: + {{- if eq .Values.reloader.readOnlyRootFileSystem true }} + - mountPath: /tmp/ + name: tmp-volume + {{- end }} + {{- with .Values.reloader.deployment.volumeMounts }} + {{- . | toYaml | nindent 10 }} + {{- end }} + {{- end }} + {{- if or (.Values.reloader.logFormat) (.Values.reloader.logLevel) (.Values.reloader.ignoreSecrets) (.Values.reloader.ignoreNamespaces) (.Values.reloader.namespaceSelector) (.Values.reloader.resourceLabelSelector) (.Values.reloader.ignoreConfigMaps) (.Values.reloader.custom_annotations) (eq .Values.reloader.isArgoRollouts true) (eq .Values.reloader.reloadOnCreate true) (eq .Values.reloader.reloadOnDelete true) (ne .Values.reloader.reloadStrategy "default") (.Values.reloader.enableHA) (.Values.reloader.autoReloadAll)}} + args: + {{- if .Values.reloader.logFormat }} + - "--log-format={{ .Values.reloader.logFormat }}" + {{- end }} + {{- if .Values.reloader.logLevel }} + - "--log-level={{ .Values.reloader.logLevel }}" + {{- end }} + {{- if .Values.reloader.ignoreSecrets }} + - "--resources-to-ignore=secrets" + {{- end }} + {{- if .Values.reloader.ignoreConfigMaps }} + - "--resources-to-ignore=configMaps" + {{- end }} + {{- if .Values.reloader.ignoreNamespaces }} + - "--namespaces-to-ignore={{ .Values.reloader.ignoreNamespaces }}" + {{- end }} + {{- if .Values.reloader.namespaceSelector }} + - "--namespace-selector={{ .Values.reloader.namespaceSelector }}" + {{- end }} + {{- if .Values.reloader.resourceLabelSelector }} + - "--resource-label-selector={{ .Values.reloader.resourceLabelSelector }}" + {{- end }} + {{- if .Values.reloader.custom_annotations }} + {{- if .Values.reloader.custom_annotations.configmap }} + - "--configmap-annotation" + - "{{ .Values.reloader.custom_annotations.configmap }}" + {{- end }} + {{- if .Values.reloader.custom_annotations.secret }} + - "--secret-annotation" + - "{{ .Values.reloader.custom_annotations.secret }}" + {{- end }} + {{- if .Values.reloader.custom_annotations.auto }} + - "--auto-annotation" + - "{{ .Values.reloader.custom_annotations.auto }}" + {{- end }} + {{- if .Values.reloader.custom_annotations.secret_auto }} + - "--secret-auto-annotation" + - "{{ .Values.reloader.custom_annotations.secret_auto }}" + {{- end }} + {{- if .Values.reloader.custom_annotations.configmap_auto }} + - "--configmap-auto-annotation" + - "{{ .Values.reloader.custom_annotations.configmap_auto }}" + {{- end }} + {{- if .Values.reloader.custom_annotations.search }} + - "--auto-search-annotation" + - "{{ .Values.reloader.custom_annotations.search }}" + {{- end }} + {{- if .Values.reloader.custom_annotations.match }} + - "--search-match-annotation" + - "{{ .Values.reloader.custom_annotations.match }}" + {{- end }} + {{- if .Values.reloader.webhookUrl }} + - "--webhook-url" + - "{{ .Values.reloader.webhookUrl }}" + {{- end }} + {{- end }} + {{- if eq .Values.reloader.isArgoRollouts true }} + - "--is-Argo-Rollouts={{ .Values.reloader.isArgoRollouts }}" + {{- end }} + {{- if eq .Values.reloader.reloadOnCreate true }} + - "--reload-on-create={{ .Values.reloader.reloadOnCreate }}" + {{- end }} + {{- if eq .Values.reloader.reloadOnDelete true }} + - "--reload-on-delete={{ .Values.reloader.reloadOnDelete }}" + {{- end }} + {{- if eq .Values.reloader.syncAfterRestart true }} + - "--sync-after-restart={{ .Values.reloader.syncAfterRestart }}" + {{- end }} + {{- if ne .Values.reloader.reloadStrategy "default" }} + - "--reload-strategy={{ .Values.reloader.reloadStrategy }}" + {{- end }} + {{- if or (gt (int .Values.reloader.deployment.replicas) 1) (.Values.reloader.enableHA) }} + - "--enable-ha=true" + {{- end}} + {{- if eq .Values.reloader.autoReloadAll true }} + - "--auto-reload-all=true" + {{- end -}} + {{- end }} + {{- if .Values.reloader.deployment.resources }} + resources: +{{ toYaml .Values.reloader.deployment.resources | indent 10 }} + {{- end }} +{{- if .Values.reloader.deployment.securityContext }} + securityContext: {{ toYaml .Values.reloader.deployment.securityContext | nindent 8 }} +{{- end }} + serviceAccountName: {{ template "reloader-serviceAccountName" . }} +{{- if hasKey .Values.reloader.deployment "automountServiceAccountToken" }} + automountServiceAccountToken: {{ .Values.reloader.deployment.automountServiceAccountToken }} +{{- end }} + {{- if (or (.Values.reloader.deployment.volumes) (eq .Values.reloader.readOnlyRootFileSystem true)) }} + volumes: + {{- if eq .Values.reloader.readOnlyRootFileSystem true }} + - emptyDir: {} + name: tmp-volume + {{- end }} + {{- with .Values.reloader.deployment.volumes }} + {{- . | toYaml | nindent 8 }} + {{- end }} + {{- end }} diff --git a/packages/system/reloader/charts/reloader/templates/networkpolicy.yaml b/packages/system/reloader/charts/reloader/templates/networkpolicy.yaml new file mode 100644 index 00000000..ca5f2248 --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/networkpolicy.yaml @@ -0,0 +1,39 @@ +{{- if and ( .Values.reloader.netpol.enabled ) }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + annotations: +{{ include "reloader-helm3.annotations" . | indent 4 }} + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 4 }} +{{- end }} + name: {{ template "reloader-fullname" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} +spec: + podSelector: + matchLabels: + app: {{ template "reloader-fullname" . }} + release: {{ .Release.Name | quote }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 6 }} +{{- end }} + policyTypes: + - Ingress + - Egress + ingress: + - ports: + - port: http + {{- with .Values.reloader.netpol.from}} + from: + {{- toYaml .| nindent 8 }} + {{- end }} + egress: + - ports: + - port: 443 + {{- with .Values.reloader.netpol.to}} + to: + {{- toYaml .| nindent 8 }} + {{- end }} +{{- end }} diff --git a/packages/system/reloader/charts/reloader/templates/poddisruptionbudget.yaml b/packages/system/reloader/charts/reloader/templates/poddisruptionbudget.yaml new file mode 100644 index 00000000..e13c4783 --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/poddisruptionbudget.yaml @@ -0,0 +1,17 @@ +{{- if .Values.reloader.podDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ template "reloader-fullname" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} +spec: +{{- if .Values.reloader.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.reloader.podDisruptionBudget.maxUnavailable }} +{{- end }} +{{- if and .Values.reloader.podDisruptionBudget.minAvailable (not .Values.reloader.podDisruptionBudget.maxUnavailable)}} + minAvailable: {{ .Values.reloader.podDisruptionBudget.minAvailable }} +{{- end }} + selector: + matchLabels: + app: {{ template "reloader-fullname" . }} +{{- end }} diff --git a/packages/system/reloader/charts/reloader/templates/podmonitor.yaml b/packages/system/reloader/charts/reloader/templates/podmonitor.yaml new file mode 100644 index 00000000..7afeba3b --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/podmonitor.yaml @@ -0,0 +1,60 @@ +{{- if ( .Values.reloader.podMonitor.enabled ) }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: +{{- if .Values.reloader.podMonitor.annotations }} + annotations: +{{ tpl (toYaml .Values.reloader.podMonitor.annotations) . | indent 4 }} +{{- end }} + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{- if .Values.reloader.podMonitor.labels }} +{{ tpl (toYaml .Values.reloader.podMonitor.labels) . | indent 4 }} +{{- end }} + name: {{ template "reloader-fullname" . }} +{{- if .Values.reloader.podMonitor.namespace }} + namespace: {{ tpl .Values.reloader.podMonitor.namespace . }} +{{- else }} + namespace: {{ .Values.namespace | default .Release.Namespace }} +{{- end }} +spec: + podMetricsEndpoints: + - port: http + path: "/metrics" + {{- with .Values.reloader.podMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.reloader.podMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.reloader.podMonitor.bearerTokenSecret }} + bearerTokenSecret: {{ . }} + {{- end }} + {{- with .Values.reloader.podMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .| nindent 6 }} + {{- end }} + {{- with .Values.reloader.podMonitor.timeout }} + scrapeTimeout: {{ . }} + {{- end }} + honorLabels: {{ .Values.reloader.podMonitor.honorLabels }} + {{- with .Values.reloader.podMonitor.metricRelabelings }} + metricRelabelings: + {{- tpl (toYaml . | nindent 6) $ }} + {{- end }} + {{- with .Values.reloader.podMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.reloader.podMonitor.podTargetLabels }} + podTargetLabels: + {{- toYaml . | nindent 4 }} + {{- end }} + jobLabel: {{ template "reloader-fullname" . }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{ include "reloader-labels.chart" . | nindent 6 }} +{{- end }} diff --git a/packages/system/reloader/charts/reloader/templates/role.yaml b/packages/system/reloader/charts/reloader/templates/role.yaml new file mode 100644 index 00000000..13ac4bb2 --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/role.yaml @@ -0,0 +1,103 @@ +{{- if and (not (.Values.reloader.watchGlobally)) (.Values.reloader.rbac.enabled) }} +{{- if (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") }} +apiVersion: rbac.authorization.k8s.io/v1 +{{ else }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- end }} +kind: Role +metadata: + annotations: +{{ include "reloader-helm3.annotations" . | indent 4 }} + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{- if .Values.reloader.rbac.labels }} +{{ toYaml .Values.reloader.rbac.labels | indent 4 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 4 }} +{{- end }} + name: {{ template "reloader-fullname" . }}-role + namespace: {{ .Values.namespace | default .Release.Namespace }} +rules: + - apiGroups: + - "" + resources: +{{- if .Values.reloader.ignoreSecrets }}{{- else }} + - secrets +{{- end }} +{{- if .Values.reloader.ignoreConfigMaps }}{{- else }} + - configmaps +{{- end }} + verbs: + - list + - get + - watch +{{- if and (.Capabilities.APIVersions.Has "apps.openshift.io/v1") (.Values.reloader.isOpenshift) }} + - apiGroups: + - "apps.openshift.io" + - "" + resources: + - deploymentconfigs + verbs: + - list + - get + - update + - patch +{{- end }} +{{- if and (.Capabilities.APIVersions.Has "argoproj.io/v1alpha1") (.Values.reloader.isArgoRollouts) }} + - apiGroups: + - "argoproj.io" + - "" + resources: + - rollouts + verbs: + - list + - get + - update + - patch +{{- end }} + - apiGroups: + - "apps" + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - list + - get + - update + - patch + - apiGroups: + - "batch" + resources: + - cronjobs + verbs: + - list + - get + - apiGroups: + - "batch" + resources: + - jobs + verbs: + - create + - delete + - list + - get +{{- if .Values.reloader.enableHA }} + - apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - create + - get + - update +{{- end}} + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +{{- end }} diff --git a/packages/system/reloader/charts/reloader/templates/rolebinding.yaml b/packages/system/reloader/charts/reloader/templates/rolebinding.yaml new file mode 100644 index 00000000..abeb721d --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/rolebinding.yaml @@ -0,0 +1,29 @@ +{{- if and (not (.Values.reloader.watchGlobally)) (.Values.reloader.rbac.enabled) }} +{{- if (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") }} +apiVersion: rbac.authorization.k8s.io/v1 +{{ else }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- end }} +kind: RoleBinding +metadata: + annotations: +{{ include "reloader-helm3.annotations" . | indent 4 }} + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{- if .Values.reloader.rbac.labels }} +{{ toYaml .Values.reloader.rbac.labels | indent 4 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 4 }} +{{- end }} + name: {{ template "reloader-fullname" . }}-role-binding + namespace: {{ .Values.namespace | default .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "reloader-fullname" . }}-role +subjects: + - kind: ServiceAccount + name: {{ template "reloader-serviceAccountName" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} +{{- end }} diff --git a/packages/system/reloader/charts/reloader/templates/secret.yaml b/packages/system/reloader/charts/reloader/templates/secret.yaml new file mode 100644 index 00000000..21723092 --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/secret.yaml @@ -0,0 +1,21 @@ +{{- if .Values.reloader.deployment.env.secret -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "reloader-fullname" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} +type: Opaque +data: + {{ if .Values.reloader.deployment.env.secret.ALERT_ON_RELOAD -}} + ALERT_ON_RELOAD: {{ .Values.reloader.deployment.env.secret.ALERT_ON_RELOAD | b64enc | quote }} + {{ end }} + {{- if .Values.reloader.deployment.env.secret.ALERT_SINK -}} + ALERT_SINK: {{ .Values.reloader.deployment.env.secret.ALERT_SINK | b64enc | quote }} + {{ end }} + {{- if .Values.reloader.deployment.env.secret.ALERT_WEBHOOK_URL -}} + ALERT_WEBHOOK_URL: {{ .Values.reloader.deployment.env.secret.ALERT_WEBHOOK_URL | b64enc | quote }} + {{ end }} + {{- if .Values.reloader.deployment.env.secret.ALERT_ADDITIONAL_INFO -}} + ALERT_ADDITIONAL_INFO: {{ .Values.reloader.deployment.env.secret.ALERT_ADDITIONAL_INFO | b64enc | quote }} + {{ end }} +{{ end }} diff --git a/packages/system/reloader/charts/reloader/templates/service.yaml b/packages/system/reloader/charts/reloader/templates/service.yaml new file mode 100644 index 00000000..95a8150d --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/service.yaml @@ -0,0 +1,30 @@ +{{- if .Values.reloader.service }} +apiVersion: v1 +kind: Service +metadata: + annotations: +{{ include "reloader-helm3.annotations" . | indent 4 }} +{{- if .Values.reloader.service.annotations }} +{{ toYaml .Values.reloader.service.annotations | indent 4 }} +{{- end }} + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{- if .Values.reloader.service.labels }} +{{ toYaml .Values.reloader.service.labels | indent 4 }} +{{- end }} + name: {{ template "reloader-fullname" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} +spec: + selector: +{{- if .Values.reloader.deployment.labels }} +{{ toYaml .Values.reloader.deployment.labels | indent 4 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 4 }} +{{- end }} + ports: + - port: {{ .Values.reloader.service.port }} + name: http + protocol: TCP + targetPort: http +{{- end }} diff --git a/packages/system/reloader/charts/reloader/templates/serviceaccount.yaml b/packages/system/reloader/charts/reloader/templates/serviceaccount.yaml new file mode 100644 index 00000000..27909edc --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/serviceaccount.yaml @@ -0,0 +1,26 @@ +{{- if .Values.reloader.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 2 }} +{{- end }} +{{- if hasKey .Values.reloader.serviceAccount "automountServiceAccountToken" }} +automountServiceAccountToken: {{ .Values.reloader.serviceAccount.automountServiceAccountToken }} +{{- end }} +metadata: + annotations: +{{ include "reloader-helm3.annotations" . | indent 4 }} +{{- if .Values.reloader.serviceAccount.annotations }} +{{ toYaml .Values.reloader.serviceAccount.annotations | indent 4 }} +{{- end }} + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{- if .Values.reloader.serviceAccount.labels }} +{{ toYaml .Values.reloader.serviceAccount.labels | indent 4 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 4 }} +{{- end }} + name: {{ template "reloader-serviceAccountName" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} +{{- end }} diff --git a/packages/system/reloader/charts/reloader/templates/servicemonitor.yaml b/packages/system/reloader/charts/reloader/templates/servicemonitor.yaml new file mode 100644 index 00000000..c4685fdb --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/servicemonitor.yaml @@ -0,0 +1,60 @@ +{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.reloader.serviceMonitor.enabled ) }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: +{{- if .Values.reloader.serviceMonitor.annotations }} + annotations: +{{ tpl (toYaml .Values.reloader.serviceMonitor.annotations) . | indent 4 }} +{{- end }} + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{- if .Values.reloader.serviceMonitor.labels }} +{{ tpl (toYaml .Values.reloader.serviceMonitor.labels) . | indent 4 }} +{{- end }} + name: {{ template "reloader-fullname" . }} +{{- if .Values.reloader.serviceMonitor.namespace }} + namespace: {{ tpl .Values.reloader.serviceMonitor.namespace . }} +{{- else }} + namespace: {{ .Values.namespace | default .Release.Namespace }} +{{- end }} +spec: + endpoints: + - targetPort: http + path: "/metrics" + {{- with .Values.reloader.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.reloader.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.reloader.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ . }} + {{- end }} + {{- with .Values.reloader.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .| nindent 6 }} + {{- end }} + {{- with .Values.reloader.serviceMonitor.timeout }} + scrapeTimeout: {{ . }} + {{- end }} + honorLabels: {{ .Values.reloader.serviceMonitor.honorLabels }} + {{- with .Values.reloader.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- tpl (toYaml . | nindent 6) $ }} + {{- end }} + {{- with .Values.reloader.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.reloader.serviceMonitor.targetLabels }} + targetLabels: + {{- toYaml . | nindent 4 }} + {{- end }} + jobLabel: {{ template "reloader-fullname" . }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{ include "reloader-labels.chart" . | nindent 6 }} +{{- end }} diff --git a/packages/system/reloader/charts/reloader/templates/verticalpodautoscaler.yaml b/packages/system/reloader/charts/reloader/templates/verticalpodautoscaler.yaml new file mode 100644 index 00000000..9ec2c463 --- /dev/null +++ b/packages/system/reloader/charts/reloader/templates/verticalpodautoscaler.yaml @@ -0,0 +1,40 @@ +{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.reloader.verticalPodAutoscaler.enabled) }} +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: {{ template "reloader-fullname" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} + labels: + {{- include "reloader-labels.chart" . | nindent 4 }} +spec: + {{- with .Values.reloader.verticalPodAutoscaler.recommenders }} + recommenders: + {{- toYaml . | nindent 4 }} + {{- end }} + resourcePolicy: + containerPolicies: + - containerName: {{ template "reloader-fullname" . }} + {{- with .Values.reloader.verticalPodAutoscaler.controlledResources }} + controlledResources: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.reloader.verticalPodAutoscaler.controlledValues }} + controlledValues: {{ .Values.reloader.verticalPodAutoscaler.controlledValues }} + {{- end }} + {{- if .Values.reloader.verticalPodAutoscaler.maxAllowed }} + maxAllowed: + {{ toYaml .Values.reloader.verticalPodAutoscaler.maxAllowed | nindent 8 }} + {{- end }} + {{- if .Values.reloader.verticalPodAutoscaler.minAllowed }} + minAllowed: + {{ toYaml .Values.reloader.verticalPodAutoscaler.minAllowed | nindent 8 }} + {{- end }} + targetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "reloader-fullname" . }} + {{- with .Values.reloader.verticalPodAutoscaler.updatePolicy }} + updatePolicy: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packages/system/reloader/charts/reloader/tests/deployment_test.yaml b/packages/system/reloader/charts/reloader/tests/deployment_test.yaml new file mode 100644 index 00000000..aee0f9fb --- /dev/null +++ b/packages/system/reloader/charts/reloader/tests/deployment_test.yaml @@ -0,0 +1,63 @@ +suite: Deployment + +templates: + - deployment.yaml + +tests: + - it: sets readOnlyRootFilesystem in container securityContext when reloader.readOnlyRootFileSystem is true + set: + reloader: + readOnlyRootFileSystem: true + deployment: + containerSecurityContext: + readOnlyRootFilesystem: false + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem + value: true + + - it: sets readOnlyRootFilesystem in container securityContext even if reloader.deployment.containerSecurityContext is null + set: + reloader: + readOnlyRootFileSystem: true + deployment: + containerSecurityContext: null + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem + value: true + + - it: does not override readOnlyRootFilesystem in container securityContext based on reloader.readOnlyRootFileSystem + set: + reloader: + readOnlyRootFileSystem: false + deployment: + containerSecurityContext: + readOnlyRootFilesystem: true + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem + value: true + + - it: template is still valid with no defined containerSecurityContext + set: + reloader: + readOnlyRootFileSystem: false + deployment: + containerSecurityContext: null + asserts: + - isEmpty: + path: spec.template.spec.containers[0].securityContext + + - it: template still sets POD_NAME and POD_NAMESPACE environment variables when enableHA is true + set: + reloader: + enableHA: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name diff --git a/packages/system/reloader/charts/reloader/values.schema.json b/packages/system/reloader/charts/reloader/values.schema.json new file mode 100644 index 00000000..56eb678a --- /dev/null +++ b/packages/system/reloader/charts/reloader/values.schema.json @@ -0,0 +1,19 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "reloader": { + "type": "object", + "properties": { + "reloadStrategy": { + "type": "string", + "enum": [ + "default", + "env-vars", + "annotations" + ] + } + } + } + } +} \ No newline at end of file diff --git a/packages/system/reloader/charts/reloader/values.yaml b/packages/system/reloader/charts/reloader/values.yaml new file mode 100644 index 00000000..d7f9bf74 --- /dev/null +++ b/packages/system/reloader/charts/reloader/values.yaml @@ -0,0 +1,342 @@ +# Generated from deployments/kubernetes/templates/chart/values.yaml.tmpl +global: + ## Reference to one or more secrets to be used when pulling images + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + imageRegistry: "" + imagePullSecrets: [] + #imagePullSecrets: + # - name: my-pull-secret + +kubernetes: + host: https://kubernetes.default + +nameOverride: "" +fullnameOverride: "" + +image: + name: stakater/reloader + repository: ghcr.io/stakater/reloader + tag: v1.3.0 + # digest: sha256:1234567 + pullPolicy: IfNotPresent + +reloader: + autoReloadAll: false + isArgoRollouts: false + isOpenshift: false + ignoreSecrets: false + ignoreConfigMaps: false + reloadOnCreate: false + reloadOnDelete: false + syncAfterRestart: false + reloadStrategy: default # Set to default, env-vars or annotations + ignoreNamespaces: "" # Comma separated list of namespaces to ignore + namespaceSelector: "" # Comma separated list of k8s label selectors for namespaces selection + resourceLabelSelector: "" # Comma separated list of k8s label selectors for configmap/secret selection + logFormat: "" # json + logLevel: info # Log level to use (trace, debug, info, warning, error, fatal and panic) + watchGlobally: true + # Set to true to enable leadership election allowing you to run multiple replicas + enableHA: false + # Set to true if you have a pod security policy that enforces readOnlyRootFilesystem + readOnlyRootFileSystem: false + legacy: + rbac: false + matchLabels: {} + # Set to true to expose a prometheus counter of reloads by namespace (this metric may have high cardinality in clusters with many namespaces) + enableMetricsByNamespace: false + deployment: + # If you wish to run multiple replicas set reloader.enableHA = true + replicas: 1 + + revisionHistoryLimit: 2 + + nodeSelector: + # cloud.google.com/gke-nodepool: default-pool + + # An affinity stanza to be applied to the Deployment. + # Example: + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: "node-role.kubernetes.io/infra-worker" + # operator: "Exists" + affinity: {} + + securityContext: + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + + containerSecurityContext: + {} + # capabilities: + # drop: + # - ALL + # allowPrivilegeEscalation: false + # readOnlyRootFilesystem: true + + # A list of tolerations to be applied to the Deployment. + # Example: + # tolerations: + # - key: "node-role.kubernetes.io/infra-worker" + # operator: "Exists" + # effect: "NoSchedule" + tolerations: [] + + # Topology spread constraints for pod assignment + # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + # Example: + # topologySpreadConstraints: + # - maxSkew: 1 + # topologyKey: zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app: my-app + topologySpreadConstraints: [] + + annotations: {} + labels: + provider: stakater + group: com.stakater.platform + version: v1.3.0 + # Support for extra environment variables. + env: + # Open supports Key value pair as environment variables. + open: + # secret supports Key value pair as environment variables. It gets the values based on keys from default reloader secret if any. + secret: + # ALERT_ON_RELOAD: <"true"|"false"> + # ALERT_SINK: <"slack"> # By default it will be a raw text based webhook + # ALERT_WEBHOOK_URL: <"webhook_url"> + # ALERT_ADDITIONAL_INFO: <"Additional Info like Cluster Name if needed"> + # field supports Key value pair as environment variables. It gets the values from other fields of pod. + field: + # existing secret, you can specify multiple existing secrets, for each + # specify the env var name followed by the key in existing secret that + # will be used to populate the env var + existing: + # existing_secret_name: + # ALERT_ON_RELOAD: alert_on_reload_key + # ALERT_SINK: alert_sink_key + # ALERT_WEBHOOK_URL: alert_webhook_key + # ALERT_ADDITIONAL_INFO: alert_additional_info_key + + # Liveness and readiness probe timeout values. + livenessProbe: {} + # timeoutSeconds: 5 + # failureThreshold: 5 + # periodSeconds: 10 + # successThreshold: 1 + readinessProbe: {} + # timeoutSeconds: 15 + # failureThreshold: 5 + # periodSeconds: 10 + # successThreshold: 1 + + # Specify resource requests/limits for the deployment. + # Example: + # resources: + # limits: + # cpu: "100m" + # memory: "512Mi" + # requests: + # cpu: "10m" + # memory: "128Mi" + resources: {} + pod: + annotations: {} + priorityClassName: "" + # imagePullSecrets: + # - name: myregistrykey + + # Put "0" in either to have go runtime ignore the set value. + # Otherwise, see https://pkg.go.dev/runtime#hdr-Environment_Variables for GOMAXPROCS and GOMEMLIMIT + gomaxprocsOverride: "" + gomemlimitOverride: "" + + service: + {} + + # labels: {} + # annotations: {} + # port: 9090 + + rbac: + enabled: true + labels: {} + # Service account config for the agent pods + serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + labels: {} + annotations: {} + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Optional flags to pass to the Reloader entrypoint + # Example: + # custom_annotations: + # configmap: "my.company.com/configmap" + # secret: "my.company.com/secret" + custom_annotations: {} + + serviceMonitor: + # Deprecated: Service monitor will be removed in future releases of reloader in favour of Pod monitor + # Enabling this requires service to be enabled as well, or no endpoints will be found + enabled: false + # Set the namespace the ServiceMonitor should be deployed + # namespace: monitoring + + # Fallback to the prometheus default unless specified + # interval: 10s + + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + # scheme: "" + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + # tlsConfig: {} + + # bearerTokenFile: + # Fallback to the prometheus default unless specified + # timeout: 30s + + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + labels: {} + + ## Used to pass annotations that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + annotations: {} + + # Retain the job and instance labels of the metrics pushed to the Pushgateway + # [Scraping Pushgateway](https://github.com/prometheus/pushgateway#configure-the-pushgateway-as-a-target-to-scrape) + honorLabels: true + + ## Metric relabel configs to apply to samples before ingestion. + ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## Relabel configs to apply to samples before ingestion. + ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + targetLabels: [] + + podMonitor: + enabled: false + # Set the namespace the podMonitor should be deployed + # namespace: monitoring + + # Fallback to the prometheus default unless specified + # interval: 10s + + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + # scheme: "" + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + # tlsConfig: {} + + # bearerTokenSecret: + # Fallback to the prometheus default unless specified + # timeout: 30s + + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + labels: {} + + ## Used to pass annotations that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + annotations: {} + + # Retain the job and instance labels of the metrics pushed to the Pushgateway + # [Scraping Pushgateway](https://github.com/prometheus/pushgateway#configure-the-pushgateway-as-a-target-to-scrape) + honorLabels: true + + ## Metric relabel configs to apply to samples before ingestion. + ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## Relabel configs to apply to samples before ingestion. + ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + podTargetLabels: [] + + podDisruptionBudget: + enabled: false + # Set the minimum available replicas + # minAvailable: 1 + # OR Set the maximum unavailable replicas + # maxUnavailable: 1 + # If both defined only maxUnavailable will be used + + netpol: + enabled: false + from: [] + # - podSelector: + # matchLabels: + # app.kubernetes.io/name: prometheus + to: [] + + # Enable vertical pod autoscaler + verticalPodAutoscaler: + enabled: false + + # Recommender responsible for generating recommendation for the object. + # List should be empty (then the default recommender will generate the recommendation) + # or contain exactly one recommender. + # recommenders: + # - name: custom-recommender-performance + + # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + controlledResources: [] + # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits. + # controlledValues: RequestsAndLimits + + # Define the max allowed resources for the pod + maxAllowed: {} + # cpu: 200m + # memory: 100Mi + # Define the min allowed resources for the pod + minAllowed: {} + # cpu: 200m + # memory: 100Mi + + updatePolicy: + # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction + # minReplicas: 1 + # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates + # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto". + updateMode: Auto + + volumeMounts: [] + + volumes: [] + + webhookUrl: "" diff --git a/packages/system/reloader/values.yaml b/packages/system/reloader/values.yaml new file mode 100644 index 00000000..cbfae7ca --- /dev/null +++ b/packages/system/reloader/values.yaml @@ -0,0 +1,3 @@ +reloader: + reloader: + reloadStrategy: annotations diff --git a/packages/system/vertical-pod-autoscaler-crds/Chart.yaml b/packages/system/vertical-pod-autoscaler-crds/Chart.yaml new file mode 100644 index 00000000..e5d58e96 --- /dev/null +++ b/packages/system/vertical-pod-autoscaler-crds/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozy-vertical-pod-autoscaler-crds +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/vertical-pod-autoscaler-crds/Makefile b/packages/system/vertical-pod-autoscaler-crds/Makefile new file mode 100644 index 00000000..9290640e --- /dev/null +++ b/packages/system/vertical-pod-autoscaler-crds/Makefile @@ -0,0 +1,7 @@ +export NAME=vertical-pod-autoscaler +export NAMESPACE=cozy-$(NAME) + +include ../../../scripts/package.mk + +update: + curl -o ./templates/vpa-v1-crd-gen.yaml https://raw.githubusercontent.com/kubernetes/autoscaler/refs/heads/master/vertical-pod-autoscaler/deploy/vpa-v1-crd-gen.yaml diff --git a/packages/system/vertical-pod-autoscaler-crds/templates/vpa-v1-crd-gen.yaml b/packages/system/vertical-pod-autoscaler-crds/templates/vpa-v1-crd-gen.yaml new file mode 100644 index 00000000..70345adc --- /dev/null +++ b/packages/system/vertical-pod-autoscaler-crds/templates/vpa-v1-crd-gen.yaml @@ -0,0 +1,834 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes/kubernetes/pull/63797 + controller-gen.kubebuilder.io/version: v0.16.5 + name: verticalpodautoscalercheckpoints.autoscaling.k8s.io +spec: + group: autoscaling.k8s.io + names: + kind: VerticalPodAutoscalerCheckpoint + listKind: VerticalPodAutoscalerCheckpointList + plural: verticalpodautoscalercheckpoints + shortNames: + - vpacheckpoint + singular: verticalpodautoscalercheckpoint + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + VerticalPodAutoscalerCheckpoint is the checkpoint of the internal state of VPA that + is used for recovery after recommender's restart. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the checkpoint. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. + properties: + containerName: + description: Name of the checkpointed container. + type: string + vpaObjectName: + description: Name of the VPA object that stored VerticalPodAutoscalerCheckpoint + object. + type: string + type: object + status: + description: Data of the checkpoint. + properties: + cpuHistogram: + description: Checkpoint of histogram for consumption of CPU. + properties: + bucketWeights: + description: Map from bucket index to bucket weight. + type: object + x-kubernetes-preserve-unknown-fields: true + referenceTimestamp: + description: Reference timestamp for samples collected within + this histogram. + format: date-time + nullable: true + type: string + totalWeight: + description: Sum of samples to be used as denominator for weights + from BucketWeights. + type: number + type: object + firstSampleStart: + description: Timestamp of the fist sample from the histograms. + format: date-time + nullable: true + type: string + lastSampleStart: + description: Timestamp of the last sample from the histograms. + format: date-time + nullable: true + type: string + lastUpdateTime: + description: The time when the status was last refreshed. + format: date-time + nullable: true + type: string + memoryHistogram: + description: Checkpoint of histogram for consumption of memory. + properties: + bucketWeights: + description: Map from bucket index to bucket weight. + type: object + x-kubernetes-preserve-unknown-fields: true + referenceTimestamp: + description: Reference timestamp for samples collected within + this histogram. + format: date-time + nullable: true + type: string + totalWeight: + description: Sum of samples to be used as denominator for weights + from BucketWeights. + type: number + type: object + totalSamplesCount: + description: Total number of samples in the histograms. + type: integer + version: + description: Version of the format of the stored data. + type: string + type: object + type: object + served: true + storage: true + - name: v1beta2 + schema: + openAPIV3Schema: + description: |- + VerticalPodAutoscalerCheckpoint is the checkpoint of the internal state of VPA that + is used for recovery after recommender's restart. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the checkpoint. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. + properties: + containerName: + description: Name of the checkpointed container. + type: string + vpaObjectName: + description: Name of the VPA object that stored VerticalPodAutoscalerCheckpoint + object. + type: string + type: object + status: + description: Data of the checkpoint. + properties: + cpuHistogram: + description: Checkpoint of histogram for consumption of CPU. + properties: + bucketWeights: + description: Map from bucket index to bucket weight. + type: object + x-kubernetes-preserve-unknown-fields: true + referenceTimestamp: + description: Reference timestamp for samples collected within + this histogram. + format: date-time + nullable: true + type: string + totalWeight: + description: Sum of samples to be used as denominator for weights + from BucketWeights. + type: number + type: object + firstSampleStart: + description: Timestamp of the fist sample from the histograms. + format: date-time + nullable: true + type: string + lastSampleStart: + description: Timestamp of the last sample from the histograms. + format: date-time + nullable: true + type: string + lastUpdateTime: + description: The time when the status was last refreshed. + format: date-time + nullable: true + type: string + memoryHistogram: + description: Checkpoint of histogram for consumption of memory. + properties: + bucketWeights: + description: Map from bucket index to bucket weight. + type: object + x-kubernetes-preserve-unknown-fields: true + referenceTimestamp: + description: Reference timestamp for samples collected within + this histogram. + format: date-time + nullable: true + type: string + totalWeight: + description: Sum of samples to be used as denominator for weights + from BucketWeights. + type: number + type: object + totalSamplesCount: + description: Total number of samples in the histograms. + type: integer + version: + description: Version of the format of the stored data. + type: string + type: object + type: object + served: false + storage: false +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes/kubernetes/pull/63797 + controller-gen.kubebuilder.io/version: v0.16.5 + name: verticalpodautoscalers.autoscaling.k8s.io +spec: + group: autoscaling.k8s.io + names: + kind: VerticalPodAutoscaler + listKind: VerticalPodAutoscalerList + plural: verticalpodautoscalers + shortNames: + - vpa + singular: verticalpodautoscaler + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.updatePolicy.updateMode + name: Mode + type: string + - jsonPath: .status.recommendation.containerRecommendations[0].target.cpu + name: CPU + type: string + - jsonPath: .status.recommendation.containerRecommendations[0].target.memory + name: Mem + type: string + - jsonPath: .status.conditions[?(@.type=='RecommendationProvided')].status + name: Provided + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: |- + VerticalPodAutoscaler is the configuration for a vertical pod + autoscaler, which automatically manages pod resources based on historical and + real time resource utilization. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the behavior of the autoscaler. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. + properties: + recommenders: + description: |- + Recommender responsible for generating recommendation for this object. + List should be empty (then the default recommender will generate the + recommendation) or contain exactly one recommender. + items: + description: |- + VerticalPodAutoscalerRecommenderSelector points to a specific Vertical Pod Autoscaler recommender. + In the future it might pass parameters to the recommender. + properties: + name: + description: Name of the recommender responsible for generating + recommendation for this object. + type: string + required: + - name + type: object + type: array + resourcePolicy: + description: |- + Controls how the autoscaler computes recommended resources. + The resource policy may be used to set constraints on the recommendations + for individual containers. + If any individual containers need to be excluded from getting the VPA recommendations, then + it must be disabled explicitly by setting mode to "Off" under containerPolicies. + If not specified, the autoscaler computes recommended resources for all containers in the pod, + without additional constraints. + properties: + containerPolicies: + description: Per-container resource policies. + items: + description: |- + ContainerResourcePolicy controls how autoscaler computes the recommended + resources for a specific container. + properties: + containerName: + description: |- + Name of the container or DefaultContainerResourcePolicy, in which + case the policy is used by the containers that don't have their own + policy specified. + type: string + controlledResources: + description: |- + Specifies the type of recommendations that will be computed + (and possibly applied) by VPA. + If not specified, the default of [ResourceCPU, ResourceMemory] will be used. + items: + description: ResourceName is the name identifying various + resources in a ResourceList. + type: string + type: array + controlledValues: + description: |- + Specifies which resource values should be controlled. + The default is "RequestsAndLimits". + enum: + - RequestsAndLimits + - RequestsOnly + type: string + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Specifies the maximum amount of resources that will be recommended + for the container. The default is no maximum. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Specifies the minimal amount of resources that will be recommended + for the container. The default is no minimum. + type: object + mode: + description: Whether autoscaler is enabled for the container. + The default is "Auto". + enum: + - Auto + - "Off" + type: string + type: object + type: array + type: object + targetRef: + description: |- + TargetRef points to the controller managing the set of pods for the + autoscaler to control - e.g. Deployment, StatefulSet. VerticalPodAutoscaler + can be targeted at controller implementing scale subresource (the pod set is + retrieved from the controller's ScaleStatus) or some well known controllers + (e.g. for DaemonSet the pod set is read from the controller's spec). + If VerticalPodAutoscaler cannot use specified target it will report + ConfigUnsupported condition. + Note that VerticalPodAutoscaler does not require full implementation + of scale subresource - it will not use it to modify the replica count. + The only thing retrieved is a label selector matching pods grouped by + the target resource. + properties: + apiVersion: + description: apiVersion is the API version of the referent + type: string + kind: + description: 'kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + updatePolicy: + description: |- + Describes the rules on how changes are applied to the pods. + If not specified, all fields in the `PodUpdatePolicy` are set to their + default values. + properties: + evictionRequirements: + description: |- + EvictionRequirements is a list of EvictionRequirements that need to + evaluate to true in order for a Pod to be evicted. If more than one + EvictionRequirement is specified, all of them need to be fulfilled to allow eviction. + items: + description: |- + EvictionRequirement defines a single condition which needs to be true in + order to evict a Pod + properties: + changeRequirement: + description: EvictionChangeRequirement refers to the relationship + between the new target recommendation for a Pod and its + current requests, what kind of change is necessary for + the Pod to be evicted + enum: + - TargetHigherThanRequests + - TargetLowerThanRequests + type: string + resources: + description: |- + Resources is a list of one or more resources that the condition applies + to. If more than one resource is given, the EvictionRequirement is fulfilled + if at least one resource meets `changeRequirement`. + items: + description: ResourceName is the name identifying various + resources in a ResourceList. + type: string + type: array + required: + - changeRequirement + - resources + type: object + type: array + minReplicas: + description: |- + Minimal number of replicas which need to be alive for Updater to attempt + pod eviction (pending other checks like PDB). Only positive values are + allowed. Overrides global '--min-replicas' flag. + format: int32 + type: integer + updateMode: + description: |- + Controls when autoscaler applies changes to the pod resources. + The default is 'Auto'. + enum: + - "Off" + - Initial + - Recreate + - Auto + type: string + type: object + required: + - targetRef + type: object + status: + description: Current information about the autoscaler. + properties: + conditions: + description: |- + Conditions is the set of conditions required for this autoscaler to scale its target, + and indicates whether or not those conditions are met. + items: + description: |- + VerticalPodAutoscalerCondition describes the state of + a VerticalPodAutoscaler at a certain point. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from + one status to another + format: date-time + type: string + message: + description: |- + message is a human-readable explanation containing details about + the transition + type: string + reason: + description: reason is the reason for the condition's last transition. + type: string + status: + description: status is the status of the condition (True, False, + Unknown) + type: string + type: + description: type describes the current condition + type: string + required: + - status + - type + type: object + type: array + recommendation: + description: |- + The most recently computed amount of resources recommended by the + autoscaler for the controlled pods. + properties: + containerRecommendations: + description: Resources recommended by the autoscaler for each + container. + items: + description: |- + RecommendedContainerResources is the recommendation of resources computed by + autoscaler for a specific container. Respects the container resource policy + if present in the spec. In particular the recommendation is not produced for + containers with `ContainerScalingMode` set to 'Off'. + properties: + containerName: + description: Name of the container. + type: string + lowerBound: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Minimum recommended amount of resources. Observes ContainerResourcePolicy. + This amount is not guaranteed to be sufficient for the application to operate in a stable way, however + running with less resources is likely to have significant impact on performance/availability. + type: object + target: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Recommended amount of resources. Observes ContainerResourcePolicy. + type: object + uncappedTarget: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + The most recent recommended resources target computed by the autoscaler + for the controlled pods, based only on actual resource usage, not taking + into account the ContainerResourcePolicy. + May differ from the Recommendation if the actual resource usage causes + the target to violate the ContainerResourcePolicy (lower than MinAllowed + or higher that MaxAllowed). + Used only as status indication, will not affect actual resource assignment. + type: object + upperBound: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Maximum recommended amount of resources. Observes ContainerResourcePolicy. + Any resources allocated beyond this value are likely wasted. This value may be larger than the maximum + amount of application is actually capable of consuming. + type: object + required: + - target + type: object + type: array + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + - deprecated: true + deprecationWarning: autoscaling.k8s.io/v1beta2 API is deprecated + name: v1beta2 + schema: + openAPIV3Schema: + description: |- + VerticalPodAutoscaler is the configuration for a vertical pod + autoscaler, which automatically manages pod resources based on historical and + real time resource utilization. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Specification of the behavior of the autoscaler. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. + properties: + resourcePolicy: + description: |- + Controls how the autoscaler computes recommended resources. + The resource policy may be used to set constraints on the recommendations + for individual containers. If not specified, the autoscaler computes recommended + resources for all containers in the pod, without additional constraints. + properties: + containerPolicies: + description: Per-container resource policies. + items: + description: |- + ContainerResourcePolicy controls how autoscaler computes the recommended + resources for a specific container. + properties: + containerName: + description: |- + Name of the container or DefaultContainerResourcePolicy, in which + case the policy is used by the containers that don't have their own + policy specified. + type: string + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Specifies the maximum amount of resources that will be recommended + for the container. The default is no maximum. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Specifies the minimal amount of resources that will be recommended + for the container. The default is no minimum. + type: object + mode: + description: Whether autoscaler is enabled for the container. + The default is "Auto". + enum: + - Auto + - "Off" + type: string + type: object + type: array + type: object + targetRef: + description: |- + TargetRef points to the controller managing the set of pods for the + autoscaler to control - e.g. Deployment, StatefulSet. VerticalPodAutoscaler + can be targeted at controller implementing scale subresource (the pod set is + retrieved from the controller's ScaleStatus) or some well known controllers + (e.g. for DaemonSet the pod set is read from the controller's spec). + If VerticalPodAutoscaler cannot use specified target it will report + ConfigUnsupported condition. + Note that VerticalPodAutoscaler does not require full implementation + of scale subresource - it will not use it to modify the replica count. + The only thing retrieved is a label selector matching pods grouped by + the target resource. + properties: + apiVersion: + description: apiVersion is the API version of the referent + type: string + kind: + description: 'kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + updatePolicy: + description: |- + Describes the rules on how changes are applied to the pods. + If not specified, all fields in the `PodUpdatePolicy` are set to their + default values. + properties: + updateMode: + description: |- + Controls when autoscaler applies changes to the pod resources. + The default is 'Auto'. + enum: + - "Off" + - Initial + - Recreate + - Auto + type: string + type: object + required: + - targetRef + type: object + status: + description: Current information about the autoscaler. + properties: + conditions: + description: |- + Conditions is the set of conditions required for this autoscaler to scale its target, + and indicates whether or not those conditions are met. + items: + description: |- + VerticalPodAutoscalerCondition describes the state of + a VerticalPodAutoscaler at a certain point. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from + one status to another + format: date-time + type: string + message: + description: |- + message is a human-readable explanation containing details about + the transition + type: string + reason: + description: reason is the reason for the condition's last transition. + type: string + status: + description: status is the status of the condition (True, False, + Unknown) + type: string + type: + description: type describes the current condition + type: string + required: + - status + - type + type: object + type: array + recommendation: + description: |- + The most recently computed amount of resources recommended by the + autoscaler for the controlled pods. + properties: + containerRecommendations: + description: Resources recommended by the autoscaler for each + container. + items: + description: |- + RecommendedContainerResources is the recommendation of resources computed by + autoscaler for a specific container. Respects the container resource policy + if present in the spec. In particular the recommendation is not produced for + containers with `ContainerScalingMode` set to 'Off'. + properties: + containerName: + description: Name of the container. + type: string + lowerBound: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Minimum recommended amount of resources. Observes ContainerResourcePolicy. + This amount is not guaranteed to be sufficient for the application to operate in a stable way, however + running with less resources is likely to have significant impact on performance/availability. + type: object + target: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Recommended amount of resources. Observes ContainerResourcePolicy. + type: object + uncappedTarget: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + The most recent recommended resources target computed by the autoscaler + for the controlled pods, based only on actual resource usage, not taking + into account the ContainerResourcePolicy. + May differ from the Recommendation if the actual resource usage causes + the target to violate the ContainerResourcePolicy (lower than MinAllowed + or higher that MaxAllowed). + Used only as status indication, will not affect actual resource assignment. + type: object + upperBound: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Maximum recommended amount of resources. Observes ContainerResourcePolicy. + Any resources allocated beyond this value are likely wasted. This value may be larger than the maximum + amount of application is actually capable of consuming. + type: object + required: + - target + type: object + type: array + type: object + type: object + required: + - spec + type: object + served: false + storage: false + subresources: + status: {} diff --git a/packages/system/vertical-pod-autoscaler-crds/values.yaml b/packages/system/vertical-pod-autoscaler-crds/values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/packages/system/vertical-pod-autoscaler/values.yaml b/packages/system/vertical-pod-autoscaler/values.yaml index e5ffaa66..3471a8c9 100644 --- a/packages/system/vertical-pod-autoscaler/values.yaml +++ b/packages/system/vertical-pod-autoscaler/values.yaml @@ -1,4 +1,7 @@ vertical-pod-autoscaler: + crds: + enabled: false + updater: resources: limits: diff --git a/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/Chart.lock b/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/Chart.lock index 1f83289f..f1acf647 100644 --- a/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/Chart.lock +++ b/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: "" version: 0.0.0 digest: sha256:aeada3fbffa2565a325406ad014001fd2685f7c0c9cfc1167da4f10c75a1bd65 -generated: "2024-10-03T10:30:07.403949316Z" +generated: "2025-03-15T22:08:36.140314181Z" diff --git a/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/Chart.yaml b/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/Chart.yaml index a5670978..6c0097f0 100644 --- a/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/Chart.yaml +++ b/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/Chart.yaml @@ -10,7 +10,7 @@ annotations: - name: QuentinBisson email: quentin.bisson@gmail.com apiVersion: v2 -appVersion: v0.77.1 +appVersion: v0.81.0 dependencies: - name: crds repository: "" @@ -25,14 +25,18 @@ kubeVersion: '>=1.16.0-0' maintainers: - email: dacamposol@gmail.com name: dacamposol + url: https://github.com/dacamposol - email: cedric@desaintmartin.fr name: desaintmartin + url: https://github.com/desaintmartin - email: quentin.bisson@gmail.com name: QuentinBisson + url: https://github.com/QuentinBisson - email: github@jkroepke.de - name: jkroepke + name: Jan-Otto Kröpke + url: https://github.com/jkroepke name: prometheus-operator-crds sources: - https://github.com/prometheus-community/helm-charts type: application -version: 15.0.0 +version: 19.0.0 diff --git a/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml b/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml index 993c82b1..dcb71f7c 100644 --- a/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml +++ b/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.77.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.81.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -7,8 +7,8 @@ metadata: {{- with .Values.annotations }} {{- toYaml . | nindent 4 }} {{- end }} - controller-gen.kubebuilder.io/version: v0.16.1 - operator.prometheus.io/version: 0.77.1 + controller-gen.kubebuilder.io/version: v0.17.2 + operator.prometheus.io/version: 0.81.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -81,6 +81,18 @@ spec: It requires Prometheus >= v2.28.0. pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string jobLabel: description: |- The label to use to retrieve the job name from. @@ -139,6 +151,23 @@ spec: type: string type: array type: object + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true podMetricsEndpoints: description: Defines how to scrape metrics from the selected pods. items: @@ -746,10 +775,16 @@ spec: type: string port: description: |- - Name of the Pod port which this endpoint refers to. + The `Pod` port name which exposes the endpoint. - It takes precedence over `targetPort`. + It takes precedence over the `portNumber` and `targetPort` fields. type: string + portNumber: + description: The `Pod` port number which exposes the endpoint. + format: int32 + maximum: 65535 + minimum: 1 + type: integer proxyUrl: description: |- `proxyURL` configures the HTTP Proxy URL (e.g. @@ -868,6 +903,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -878,7 +914,7 @@ spec: Name or number of the target port of the `Pod` object behind the Service, the port must be specified with container port property. - Deprecated: use 'port' instead. + Deprecated: use 'port' or 'portNumber' instead. x-kubernetes-int-or-string: true tlsConfig: description: TLS configuration to use when scraping the target. @@ -1069,6 +1105,11 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeProtocols: description: |- `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the @@ -1085,11 +1126,13 @@ spec: * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4` + * `PrometheusText1.0.0` enum: - PrometheusProto - OpenMetricsText0.0.1 - OpenMetricsText1.0.0 - PrometheusText0.0.4 + - PrometheusText1.0.0 type: string type: array x-kubernetes-list-type: set @@ -1140,6 +1183,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + selectorMechanism: + description: |- + Mechanism used to select the endpoints to scrape. + By default, the selection process relies on relabel configurations to filter the discovered targets. + Alternatively, you can opt in for role selectors, which may offer better efficiency in large clusters. + Which strategy is best for your use case needs to be carefully evaluated. + + It requires Prometheus >= v2.17.0. + enum: + - RelabelConfig + - RoleSelector + type: string targetLimit: description: |- `targetLimit` defines a limit on the number of scraped targets that will diff --git a/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml b/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml index c0b346cc..05a75775 100644 --- a/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml +++ b/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.77.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.81.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -7,8 +7,8 @@ metadata: {{- with .Values.annotations }} {{- toYaml . | nindent 4 }} {{- end }} - controller-gen.kubebuilder.io/version: v0.16.1 - operator.prometheus.io/version: 0.77.1 + controller-gen.kubebuilder.io/version: v0.17.2 + operator.prometheus.io/version: 0.81.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -177,6 +177,18 @@ spec: - key type: object x-kubernetes-map-type: atomic + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string interval: description: |- Interval at which targets are probed using the configured prober. @@ -304,6 +316,23 @@ spec: Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml type: string + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true oauth2: description: OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer. @@ -664,6 +693,11 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeProtocols: description: |- `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the @@ -680,11 +714,13 @@ spec: * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4` + * `PrometheusText1.0.0` enum: - PrometheusProto - OpenMetricsText0.0.1 - OpenMetricsText1.0.0 - PrometheusText0.0.4 + - PrometheusText1.0.0 type: string type: array x-kubernetes-list-type: set @@ -692,6 +728,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: diff --git a/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml b/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml index 892546f0..dd13e8fd 100644 --- a/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml +++ b/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.77.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.81.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -7,8 +7,8 @@ metadata: {{- with .Values.annotations }} {{- toYaml . | nindent 4 }} {{- end }} - controller-gen.kubebuilder.io/version: v0.16.1 - operator.prometheus.io/version: 0.77.1 + controller-gen.kubebuilder.io/version: v0.17.2 + operator.prometheus.io/version: 0.81.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -62,6 +62,16 @@ spec: are evaluated. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + labels: + additionalProperties: + type: string + description: |- + Labels to add or overwrite before storing the result for its rules. + The labels defined at the rule level take precedence. + + It requires Prometheus >= 3.0.0. + The field is ignored for Thanos Ruler. + type: object limit: description: |- Limit the number of alerts an alerting rule and series a recording @@ -79,6 +89,14 @@ spec: More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response pattern: ^(?i)(abort|warn)?$ type: string + query_offset: + description: |- + Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past. + + It requires Prometheus >= v2.53.0. + It is not supported for ThanosRuler. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string rules: description: List of alerting and recording rules. items: diff --git a/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml b/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml index 2e2220ea..64e19e48 100644 --- a/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml +++ b/packages/system/victoria-metrics-operator/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.77.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.81.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -7,8 +7,8 @@ metadata: {{- with .Values.annotations }} {{- toYaml . | nindent 4 }} {{- end }} - controller-gen.kubebuilder.io/version: v0.16.1 - operator.prometheus.io/version: 0.77.1 + controller-gen.kubebuilder.io/version: v0.17.2 + operator.prometheus.io/version: 0.81.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -820,6 +820,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -1014,6 +1015,18 @@ spec: type: boolean type: object type: array + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string jobLabel: description: |- `jobLabel` selects the label from the associated Kubernetes `Service` @@ -1072,6 +1085,23 @@ spec: type: string type: array type: object + nativeHistogramBucketLimit: + description: |- + If there are more than this many buckets in a native histogram, + buckets will be merged to stay within the limit. + It requires Prometheus >= v2.45.0. + format: int64 + type: integer + nativeHistogramMinBucketFactor: + anyOf: + - type: integer + - type: string + description: |- + If the growth factor of one bucket to the next is smaller than this, + buckets will be merged to increase the factor sufficiently. + It requires Prometheus >= v2.50.0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true podTargetLabels: description: |- `podTargetLabels` defines the labels which are transferred from the @@ -1089,6 +1119,11 @@ spec: description: The scrape class to apply. minLength: 1 type: string + scrapeClassicHistograms: + description: |- + Whether to scrape a classic histogram that is also exposed as a native histogram. + It requires Prometheus >= v2.45.0. + type: boolean scrapeProtocols: description: |- `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the @@ -1105,11 +1140,13 @@ spec: * `OpenMetricsText1.0.0` * `PrometheusProto` * `PrometheusText0.0.4` + * `PrometheusText1.0.0` enum: - PrometheusProto - OpenMetricsText0.0.1 - OpenMetricsText1.0.0 - PrometheusText0.0.4 + - PrometheusText1.0.0 type: string type: array x-kubernetes-list-type: set @@ -1160,6 +1197,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + selectorMechanism: + description: |- + Mechanism used to select the endpoints to scrape. + By default, the selection process relies on relabel configurations to filter the discovered targets. + Alternatively, you can opt in for role selectors, which may offer better efficiency in large clusters. + Which strategy is best for your use case needs to be carefully evaluated. + + It requires Prometheus >= v2.17.0. + enum: + - RelabelConfig + - RoleSelector + type: string targetLabels: description: |- `targetLabels` defines the labels which are transferred from the diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/.helmignore b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/.helmignore index 50af0317..2ccbd54f 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/.helmignore +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/.helmignore @@ -20,3 +20,5 @@ .idea/ *.tmproj .vscode/ +*.md +*.md.gotmpl diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/CHANGELOG.md b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/CHANGELOG.md deleted file mode 100644 index 56d07e8f..00000000 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/CHANGELOG.md +++ /dev/null @@ -1,612 +0,0 @@ -## Next release - -- TODO - -## 0.36.0 - -**Release date:** 2024-10-22 - -![AppVersion: v0.48.4](https://img.shields.io/static/v1?label=AppVersion&message=v0.48.4&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- replaced `crd.enabled` property to `crds.plain`. Instead of disabling CRDs it selects if CRDs should be rendered from template or as plain CRDs - -## 0.35.5 - -**Release date:** 2024-10-15 - -![AppVersion: v0.48.4](https://img.shields.io/static/v1?label=AppVersion&message=v0.48.4&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- updates operator to [v0.48.4](https://github.com/VictoriaMetrics/operator/releases/tag/v0.48.4) version - -## 0.35.4 - -**Release date:** 2024-10-11 - -![AppVersion: v0.48.3](https://img.shields.io/static/v1?label=AppVersion&message=v0.48.3&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Human-readable error about Helm version requirement - -## 0.35.3 - -**Release date:** 2024-10-10 - -![AppVersion: v0.48.3](https://img.shields.io/static/v1?label=AppVersion&message=v0.48.3&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- upgraded common chart dependency -- made webhook pod port configurable. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1565) -- added configurable cleanup hook resources. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1571) -- added ability to configure `terminationGracePeriodSeconds` and `lifecycle`. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1563) for details - -## 0.35.2 - -**Release date:** 2024-09-29 - -![AppVersion: v0.48.3](https://img.shields.io/static/v1?label=AppVersion&message=v0.48.3&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- updates operator to [v0.48.3](https://github.com/VictoriaMetrics/operator/releases/tag/v0.48.3) version - -## 0.35.1 - -**Release date:** 2024-09-26 - -![AppVersion: v0.48.1](https://img.shields.io/static/v1?label=AppVersion&message=v0.48.1&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- updates operator to [v0.48.1](https://github.com/VictoriaMetrics/operator/releases/tag/v0.48.1) version - -## 0.35.0 - -**Release date:** 2024-09-26 - -![AppVersion: v0.48.0](https://img.shields.io/static/v1?label=AppVersion&message=v0.48.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Made webhook port configurable. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1506) -- Changed crd cleanup hook delete policy to prevent `resource already exists` error. -- updates operator to [v0.48.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.48.0) version - -## 0.34.8 - -**Release date:** 2024-09-10 - -![AppVersion: v0.47.3](https://img.shields.io/static/v1?label=AppVersion&message=v0.47.3&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Added ability to override deployment namespace using `namespaceOverride` and `global.namespaceOverride` variables -- Fixed template for cert-manager certificates -- Fixed operator Role creation when only watching own namespace using `watchNamespaces` -- Changed webhook service port from 443 to 9443 - -## 0.34.7 - -**Release date:** 2024-09-03 - -![AppVersion: v0.47.3](https://img.shields.io/static/v1?label=AppVersion&message=v0.47.3&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Do not create ClusterRole if `watchNamespaces` contains only namespace, where operator is deployed - -## 0.34.6 - -**Release date:** 2024-08-29 - -![AppVersion: v0.47.3](https://img.shields.io/static/v1?label=AppVersion&message=v0.47.3&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- updates operator to [v0.47.3](https://github.com/VictoriaMetrics/operator/releases/tag/v0.47.3) version -- Made `cleanupCRD` deprecated in a favour of `crd.cleanup.enabled` -- Made `cleanupImage` deprecated in a favour of `crd.cleanup.image` -- Made `watchNamespace` string deprecated in a favour of `watchNamespaces` slice -- Decreased rendering time by 2 seconds - -## 0.34.5 - -**Release date:** 2024-08-26 - -![AppVersion: v0.47.2](https://img.shields.io/static/v1?label=AppVersion&message=v0.47.2&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- fixes typo at clean webhook. vmlogs->vlogs. - -## 0.34.4 - -**Release date:** 2024-08-26 - -![AppVersion: v0.47.2](https://img.shields.io/static/v1?label=AppVersion&message=v0.47.2&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- fixes RBAC by rollback - -## 0.34.3 - -**Release date:** 2024-08-26 - -![AppVersion: v0.47.2](https://img.shields.io/static/v1?label=AppVersion&message=v0.47.2&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- removes not implemented scrape CRDs from validation webhook - -## 0.34.2 - -**Release date:** 2024-08-26 - -![AppVersion: v0.47.2](https://img.shields.io/static/v1?label=AppVersion&message=v0.47.2&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- set `admissionWebhooks.keepTLSSecret` to `true` by default -- fixed indent, for Issuer crd, when `cert-manager.enabled: true` -- updates operator to [v0.47.2](https://github.com/VictoriaMetrics/operator/releases/tag/v0.47.2) version - -## 0.34.1 - -**Release date:** 2024-08-23 - -![AppVersion: v0.47.1](https://img.shields.io/static/v1?label=AppVersion&message=v0.47.1&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -**Update note**: main container name was changed to `operator`, which will recreate a pod. - -- Updated operator to v0.47.1 release -- Added global imagePullSecrets and image.registry -- Use static container names in a pod -- Updated operator service scrape config -- Added `.Values.vmstorage.service.ipFamilies` and `.Values.vmstorage.service.ipFamilyPolicy` for service IP family management -- Enabled webhook by default -- Generate webhook certificate when Cert Manager is not enabled -- Added ability to configure container port -- Fixed image pull secrets. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1285) - -## 0.34.0 - -**Release date:** 2024-08-15 - -![AppVersion: v0.47.0](https://img.shields.io/static/v1?label=AppVersion&message=v0.47.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Set minimal kubernetes version to 1.25 -- Removed support for policy/v1beta1/PodDisruptionBudget -- Added configurable probes at `.Values.probe` -- updates operator to [v0.47.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.47.0) release -- adds RBAC permissions to VLogs object - -## 0.33.6 - -**Release date:** 2024-08-07 - -![AppVersion: v0.46.4](https://img.shields.io/static/v1?label=AppVersion&message=v0.46.4&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- add missing permission to allow patching `horizontalpodautoscalers` when operator watches single namespace. - -## 0.33.5 - -**Release date:** 2024-08-01 - -![AppVersion: v0.46.4](https://img.shields.io/static/v1?label=AppVersion&message=v0.46.4&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- fix cleanup job image tag when `.Capabilities.KubeVersion.Minor` returns version with plus sign. See [this pull request](https://github.com/VictoriaMetrics/helm-charts/pull/1169) by @dimaslv. - -## 0.33.4 - -**Release date:** 2024-07-10 - -![AppVersion: v0.46.4](https://img.shields.io/static/v1?label=AppVersion&message=v0.46.4&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- updates operator to [v0.46.4](https://github.com/VictoriaMetrics/operator/releases/tag/v0.46.4) release - -## 0.33.3 - -**Release date:** 2024-07-05 - -![AppVersion: v0.46.3](https://img.shields.io/static/v1?label=AppVersion&message=v0.46.3&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- updates operator to [v0.46.3](https://github.com/VictoriaMetrics/operator/releases/tag/v0.46.3) release - -## 0.33.2 - -**Release date:** 2024-07-04 - -![AppVersion: v0.46.2](https://img.shields.io/static/v1?label=AppVersion&message=v0.46.2&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- breaking change: operator uses different entrypoint, remove `command` entrypoint -- breaking change: operator uses new flag for leader election `leader-elect` -- removes podsecurity policy. It's longer supported by kubernetes -- updates operator to [v0.46.2](https://github.com/VictoriaMetrics/operator/releases/tag/v0.46.2) release - -## 0.33.1 - -**Release date:** 2024-07-03 - -![AppVersion: v0.46.0](https://img.shields.io/static/v1?label=AppVersion&message=v0.46.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- breaking change: operator uses different entrypoint, remove `command` entrypoint -- breaking change: operator uses new flag for leader election `leader-elect` -- removes podsecurity policy. It's longer supported by kubernetes -- updates operator to [v0.46.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.46.0) release - -## 0.32.3 - -**Release date:** 2024-07-02 - -![AppVersion: v0.45.0](https://img.shields.io/static/v1?label=AppVersion&message=v0.45.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- use bitnami/kubectl image for cleanup instead of deprecated gcr.io/google_containers/hyperkube - -## 0.32.2 - -**Release date:** 2024-06-14 - -![AppVersion: v0.45.0](https://img.shields.io/static/v1?label=AppVersion&message=v0.45.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- fix default image tag when using `Chart.AppVersion`, previously the version is missing "v". - -## 0.32.1 - -**Release date:** 2024-06-14 - -![AppVersion: 0.45.0](https://img.shields.io/static/v1?label=AppVersion&message=0.45.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -**Update note**: The VictoriaMetrics components image tag template has been updated. This change introduces `.Values..image.variant` to specify tag suffixes like `-scratch`, `-cluster`, `-enterprise`. Additionally, you can now omit `.Values..image.tag` to automatically use the version specified in `.Chart.AppVersion`. - -- support specifying image tag suffix like "-enterprise" for VictoriaMetrics components using `.Values..image.variant`. - -## 0.32.0 - -**Release date:** 2024-06-10 - -![AppVersion: 0.45.0](https://img.shields.io/static/v1?label=AppVersion&message=0.45.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- updates operator to [v0.45.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.45.0) - -## 0.31.2 - -**Release date:** 2024-05-14 - -![AppVersion: 0.44.0](https://img.shields.io/static/v1?label=AppVersion&message=0.44.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- fix missing serviceaccounts patch permission in ClusterRole, see [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1012) for details. - -## 0.31.1 - -**Release date:** 2024-05-10 - -![AppVersion: 0.44.0](https://img.shields.io/static/v1?label=AppVersion&message=0.44.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- fix serviceAccount template when `.Values.serviceAccount.create=false`, see this [pull request](https://github.com/VictoriaMetrics/helm-charts/pull/1002) by @tylerturk for details. -- support creating aggregated clusterRoles for VM CRDs with admin and read permissions, see this [pull request](https://github.com/VictoriaMetrics/helm-charts/pull/996) by @reegnz for details. - -## 0.31.0 - -**Release date:** 2024-05-09 - -![AppVersion: 0.44.0](https://img.shields.io/static/v1?label=AppVersion&message=0.44.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- updates operator to [v0.44.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.44.0) - -## 0.30.3 - -**Release date:** 2024-04-26 - -![AppVersion: 0.43.5](https://img.shields.io/static/v1?label=AppVersion&message=0.43.5&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- updates operator to [v0.43.5](https://github.com/VictoriaMetrics/operator/releases/tag/v0.43.5) - -## 0.30.2 - -**Release date:** 2024-04-23 - -![AppVersion: 0.43.3](https://img.shields.io/static/v1?label=AppVersion&message=0.43.3&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- updates operator to v0.43.1 version -- fixes typo at single-namespace role for `vmscrapeconfig`. See this [issue](https://github.com/VictoriaMetrics/helm-charts/issues/987) for details. - -## 0.30.1 - -**Release date:** 2024-04-18 - -![AppVersion: 0.43.1](https://img.shields.io/static/v1?label=AppVersion&message=0.43.1&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- TODO - -- updates operator to v0.43.1 version - -## 0.30.0 - -**Release date:** 2024-04-18 - -![AppVersion: 0.43.0](https://img.shields.io/static/v1?label=AppVersion&message=0.43.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- updates operator to v0.43.0-0 version -- adds `events` create permission -- properly truncate value of `app.kubernetes.io/managed-by` and `app.kubernetes.io/instance` labels in case release name exceeds 63 characters. - -## 0.29.6 - -**Release date:** 2024-04-16 - -![AppVersion: 0.42.4](https://img.shields.io/static/v1?label=AppVersion&message=0.42.4&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- clean up vmauth as well when uninstall chart with `cleanupCRD: true`, since it also has `finalizers`. -- sync new crd VMScrapeConfig from operator, see detail in . - -## 0.29.5 - -**Release date:** 2024-04-02 - -![AppVersion: 0.42.4](https://img.shields.io/static/v1?label=AppVersion&message=0.42.4&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- bump version of VM operator to [0.42.4](https://github.com/VictoriaMetrics/operator/releases/tag/v0.42.4) - -## 0.29.4 - -**Release date:** 2024-03-28 - -![AppVersion: 0.42.3](https://img.shields.io/static/v1?label=AppVersion&message=0.42.3&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- added ability to use slice variables in extraArgs (#944) - -## 0.29.3 - -**Release date:** 2024-03-12 - -![AppVersion: 0.42.3](https://img.shields.io/static/v1?label=AppVersion&message=0.42.3&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- TODO - -## 0.29.2 - -**Release date:** 2024-03-06 - -![AppVersion: 0.42.2](https://img.shields.io/static/v1?label=AppVersion&message=0.42.2&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- bump version of VM operator to [0.42.2](https://github.com/VictoriaMetrics/operator/releases/tag/v0.42.2) - -## 0.29.0 - -**Release date:** 2024-03-06 - -![AppVersion: 0.42.1](https://img.shields.io/static/v1?label=AppVersion&message=0.42.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- bump version of VM operator to [0.42.1](https://github.com/VictoriaMetrics/operator/releases/tag/v0.42.1) - -## 0.29.0 - -**Release date:** 2024-03-04 - -![AppVersion: 0.42.0](https://img.shields.io/static/v1?label=AppVersion&message=0.42.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- bump version of VM operator to [0.42.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.42.0) - -## 0.28.1 - -**Release date:** 2024-02-21 - -![AppVersion: 0.41.2](https://img.shields.io/static/v1?label=AppVersion&message=0.41.2&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- bump version of VM operator to [0.41.2](https://github.com/VictoriaMetrics/operator/releases/tag/v0.41.2) - -## 0.28.0 - -**Release date:** 2024-02-09 - -![AppVersion: 0.41.1](https://img.shields.io/static/v1?label=AppVersion&message=0.41.1&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Update victoriametrics CRD resources yaml. - -## 0.27.11 - -**Release date:** 2024-02-01 - -![AppVersion: 0.41.1](https://img.shields.io/static/v1?label=AppVersion&message=0.41.1&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- bump version of VM operator to [0.41.1](https://github.com/VictoriaMetrics/operator/releases/tag/v0.41.1) - -## 0.27.10 - -**Release date:** 2024-01-24 - -![AppVersion: 0.40.0](https://img.shields.io/static/v1?label=AppVersion&message=0.40.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Bump operator version to [0.40.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.40.0) - -## 0.27.9 - -**Release date:** 2023-12-12 - -![AppVersion: 0.39.4](https://img.shields.io/static/v1?label=AppVersion&message=0.39.4&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- bump version of VM operator to [0.39.4](https://github.com/VictoriaMetrics/operator/releases/tag/v0.39.4) - -## 0.27.8 - -**Release date:** 2023-12-08 - -![AppVersion: 0.39.3](https://img.shields.io/static/v1?label=AppVersion&message=0.39.3&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Sync CRD resources with operator [v0.39.3](https://github.com/VictoriaMetrics/operator/releases/tag/v0.39.3). - -## 0.27.7 - -**Release date:** 2023-12-08 - -![AppVersion: 0.39.3](https://img.shields.io/static/v1?label=AppVersion&message=0.39.3&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Skip deleting victoriametrics CRD resources when uninstall release. - -## 0.27.6 - -**Release date:** 2023-11-16 - -![AppVersion: 0.39.3](https://img.shields.io/static/v1?label=AppVersion&message=0.39.3&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- bump version of VM operator to [0.39.3](https://github.com/VictoriaMetrics/operator/releases/tag/v0.39.3) - -## 0.27.5 - -**Release date:** 2023-11-15 - -![AppVersion: 0.39.2](https://img.shields.io/static/v1?label=AppVersion&message=0.39.2&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- bump version of VM operator to [0.39.2](https://github.com/VictoriaMetrics/operator/releases/tag/v0.39.2) -- Add `extraObjects` to allow deploying additional resources with the chart release. (#751) - -## 0.27.4 - -**Release date:** 2023-11-01 - -![AppVersion: 0.39.1](https://img.shields.io/static/v1?label=AppVersion&message=0.39.1&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- bump version of VM operator to [0.39.1](https://github.com/VictoriaMetrics/operator/releases/tag/v0.39.1) - -## 0.27.3 - -**Release date:** 2023-10-08 - -![AppVersion: 0.39.0](https://img.shields.io/static/v1?label=AppVersion&message=0.39.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Added endpointslices permissions to operator roles (#708) - -## 0.27.2 - -**Release date:** 2023-10-04 - -![AppVersion: 0.39.0](https://img.shields.io/static/v1?label=AppVersion&message=0.39.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- bump version of VM operator to [0.39.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.39.0) - -## 0.27.1 - -**Release date:** 2023-09-28 - -![AppVersion: 0.38.0](https://img.shields.io/static/v1?label=AppVersion&message=0.38.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Fix `relabelConfigs` for operator's VMServiceScrape (#624) - -## 0.27.0 - -**Release date:** 2023-09-11 - -![AppVersion: 0.38.0](https://img.shields.io/static/v1?label=AppVersion&message=0.38.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Bump version of operator to [v0.38.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.38.0) - -## 0.26.2 - -**Release date:** 2023-09-07 - -![AppVersion: 0.37.1](https://img.shields.io/static/v1?label=AppVersion&message=0.37.1&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Updated CRDs for operator - -## 0.26.1 - -**Release date:** 2023-09-04 - -![AppVersion: 0.37.1](https://img.shields.io/static/v1?label=AppVersion&message=0.37.1&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Bump version of Victoria Metrics operator to `v0.37.1` - -## 0.26.0 - -**Release date:** 2023-08-30 - -![AppVersion: 0.37.0](https://img.shields.io/static/v1?label=AppVersion&message=0.37.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Bump operator version to [v0.37.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.37.0) -- `psp_auto_creation_enabled` for operator is disabled by default - -## 0.25.0 - -**Release date:** 2023-08-24 - -![AppVersion: 0.36.0](https://img.shields.io/static/v1?label=AppVersion&message=0.36.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Added `topologySpreadConstraints` for the operator + a small refactoring (#611) -- Fix vm operator appVersion (#589) -- Fixes operator doc description -- Add `cleanupCRD` option to clean up vm cr resources when uninstalling (#593) -- Bump operator version to [v0.36.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.36.0) - -## 0.24.1 - -**Release date:** 2023-07-13 - -![AppVersion: 0.35.](https://img.shields.io/static/v1?label=AppVersion&message=0.35.&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- operator release v0.35.1 - -## 0.24.0 - -**Release date:** 2023-07-03 - -![AppVersion: 0.35.0](https://img.shields.io/static/v1?label=AppVersion&message=0.35.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- updates operator for v0.35.0 -- updates for v1.91.1 release - -## 0.23.1 - -**Release date:** 2023-05-29 - -![AppVersion: 0.34.1](https://img.shields.io/static/v1?label=AppVersion&message=0.34.1&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- updates operator for v0.34.1 version - -## 0.23.0 - -**Release date:** 2023-05-25 - -![AppVersion: 0.34.0](https://img.shields.io/static/v1?label=AppVersion&message=0.34.0&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- bump operator version -- feat(operator): add PodDisruptionBudget (#546) diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/Chart.lock b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/Chart.lock index 894b9f5d..6c7b4c55 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/Chart.lock +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: victoria-metrics-common repository: https://victoriametrics.github.io/helm-charts - version: 0.0.16 + version: 0.0.42 - name: crds repository: "" version: 0.0.* -digest: sha256:1dbeda933645106331943d21d8ba9fb76db1eca47446d47f98c916eadd1bbfbd -generated: "2024-10-16T22:31:25.325936+03:00" +digest: sha256:d186ad6f54d64a2f828cd80a136e06dcf1f30dbc8ae94964bb9b166ee32eb30e +generated: "2025-03-19T09:59:22.84209872Z" diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/Chart.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/Chart.yaml index 21859c26..b6574d02 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/Chart.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/Chart.yaml @@ -1,18 +1,20 @@ annotations: artifacthub.io/category: monitoring-logging artifacthub.io/changes: | - - replaced `crd.enabled` property to `crds.plain`. Instead of disabling CRDs it selects if CRDs should be rendered from template or as plain CRDs + - updates operator to [v0.55.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.55.0) version artifacthub.io/license: Apache-2.0 artifacthub.io/links: | - name: Sources - url: https://github.com/VictoriaMetrics/helm-charts + url: https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-operator - name: Charts repo url: https://victoriametrics.github.io/helm-charts/ - name: Docs url: https://docs.victoriametrics.com/operator + - name: Changelog + url: https://docs.victoriametrics.com/operator/changelog artifacthub.io/operator: "true" apiVersion: v2 -appVersion: v0.48.4 +appVersion: v0.55.0 dependencies: - name: victoria-metrics-common repository: https://victoriametrics.github.io/helm-charts @@ -40,4 +42,4 @@ sources: - https://github.com/VictoriaMetrics/helm-charts - https://github.com/VictoriaMetrics/operator type: application -version: 0.36.0 +version: 0.44.0 diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/README.md b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/README.md deleted file mode 100644 index b6229cf2..00000000 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/README.md +++ /dev/null @@ -1,1056 +0,0 @@ -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.36.0](https://img.shields.io/badge/Version-0.36.0-informational?style=flat-square) -[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/victoriametrics)](https://artifacthub.io/packages/helm/victoriametrics/victoria-metrics-operator) - -Victoria Metrics Operator - -## Prerequisites - -* Install the follow packages: ``git``, ``kubectl``, ``helm``, ``helm-docs``. See this [tutorial](https://docs.victoriametrics.com/helm/requirements/). -* PV support on underlying infrastructure. - -## ArgoCD issues - -When running operator using ArgoCD without Cert Manager (`.Values.admissionWebhooks.certManager.enabled: false`) it will rerender webhook certificates -on each sync since Helm `lookup` function is not respected by ArgoCD. To prevent this please update you operator Application `spec.syncPolicy` and `spec.ignoreDifferences` with a following: - -```yaml -apiVersion: argoproj.io/v1alpha1 -kind: Application -... -spec: - ... - syncPolicy: - syncOptions: - # https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/#respect-ignore-difference-configs - # argocd must also ignore difference during apply stage - # otherwise it ll silently override changes and cause a problem - - RespectIgnoreDifferences=true - ignoreDifferences: - - group: "" - kind: Secret - name: -validation - namespace: kube-system - jsonPointers: - - /data - - group: admissionregistration.k8s.io - kind: ValidatingWebhookConfiguration - name: -admission - jqPathExpressions: - - '.webhooks[]?.clientConfig.caBundle' -``` -where `` is output of `{{ include "vm-operator.fullname" }}` for your setup - -## Upgrade guide - - During release an issue with helm CRD was discovered. So for upgrade from version less then 0.1.3 you have to two options: - 1) use helm management for CRD, enabled by default. - 2) use own management system, need to add variable: --set createCRD=false. - -If you choose helm management, following steps must be done before upgrade: - -1) define namespace and helm release name variables - -``` -export NAMESPACE=default -export RELEASE_NAME=operator -``` - -execute kubectl commands: - -``` -kubectl get crd | grep victoriametrics.com | awk '{print $1 }' | xargs -i kubectl label crd {} app.kubernetes.io/managed-by=Helm --overwrite -kubectl get crd | grep victoriametrics.com | awk '{print $1 }' | xargs -i kubectl annotate crd {} meta.helm.sh/release-namespace="$NAMESPACE" meta.helm.sh/release-name="$RELEASE_NAME" --overwrite -``` - -run helm upgrade command. - -## Chart Details - -This chart will do the following: - -* Rollout victoria metrics operator - -## How to install - -Access a Kubernetes cluster. - -### Setup chart repository (can be omitted for OCI repositories) - -Add a chart helm repository with follow commands: - -```console -helm repo add vm https://victoriametrics.github.io/helm-charts/ - -helm repo update -``` -List versions of `vm/victoria-metrics-operator` chart available to installation: - -```console -helm search repo vm/victoria-metrics-operator -l -``` - -### Install `victoria-metrics-operator` chart - -Export default values of `victoria-metrics-operator` chart to file `values.yaml`: - - - For HTTPS repository - - ```console - helm show values vm/victoria-metrics-operator > values.yaml - ``` - - For OCI repository - - ```console - helm show values oci://ghcr.io/victoriametrics/helm-charts/victoria-metrics-operator > values.yaml - ``` - -Change the values according to the need of the environment in ``values.yaml`` file. - -Test the installation with command: - - - For HTTPS repository - - ```console - helm install vmo vm/victoria-metrics-operator -f values.yaml -n NAMESPACE --debug --dry-run - ``` - - - For OCI repository - - ```console - helm install vmo oci://ghcr.io/victoriametrics/helm-charts/victoria-metrics-operator -f values.yaml -n NAMESPACE --debug --dry-run - ``` - -Install chart with command: - - - For HTTPS repository - - ```console - helm install vmo vm/victoria-metrics-operator -f values.yaml -n NAMESPACE - ``` - - - For OCI repository - - ```console - helm install vmo oci://ghcr.io/victoriametrics/helm-charts/victoria-metrics-operator -f values.yaml -n NAMESPACE - ``` - -Get the pods lists by running this commands: - -```console -kubectl get pods -A | grep 'vmo' -``` - -Get the application by running this command: - -```console -helm list -f vmo -n NAMESPACE -``` - -See the history of versions of `vmo` application with command. - -```console -helm history vmo -n NAMESPACE -``` - -## Validation webhook - - Its possible to use validation of created resources with operator. For now, you need cert-manager to easily certificate management https://cert-manager.io/docs/ - -```yaml -admissionWebhooks: - enabled: true - # what to do in case, when operator not available to validate request. - certManager: - # enables cert creation and injection by cert-manager - enabled: true -``` - -## How to uninstall - -Remove application with command. - -```console -helm uninstall vmo -n NAMESPACE -``` - -## Documentation of Helm Chart - -Install ``helm-docs`` following the instructions on this [tutorial](https://docs.victoriametrics.com/helm/requirements/). - -Generate docs with ``helm-docs`` command. - -```bash -cd charts/victoria-metrics-operator - -helm-docs -``` - -The markdown generation is entirely go template driven. The tool parses metadata from charts and generates a number of sub-templates that can be referenced in a template file (by default ``README.md.gotmpl``). If no template file is provided, the tool has a default internal template that will generate a reasonably formatted README. - -## Parameters - -The following tables lists the configurable parameters of the chart and their default values. - -Change the values according to the need of the environment in ``victoria-metrics-operator/values.yaml`` file. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KeyTypeDefaultDescription
admissionWebhooksobject
-certManager:
-    enabled: false
-    issuer: {}
-enabled: true
-enabledCRDValidation:
-    vlogs: true
-    vmagent: true
-    vmalert: true
-    vmalertmanager: true
-    vmalertmanagerconfig: true
-    vmauth: true
-    vmcluster: true
-    vmrule: true
-    vmsingle: true
-    vmuser: true
-keepTLSSecret: true
-policy: Fail
-tls:
-    caCert: null
-    cert: null
-    key: null
-
-
-

Configures resource validation

-
admissionWebhooks.certManagerobject
-enabled: false
-issuer: {}
-
-
-

Enables custom ca bundle, if you are not using cert-manager. In case of custom ca, you have to create secret - {chart-name}-validation with keys: tls.key, tls.crt, ca.crt

-
admissionWebhooks.certManager.enabledbool
-false
-
-
-

Enables cert creation and injection by cert-manager.

-
admissionWebhooks.certManager.issuerobject
-{}
-
-
-

If needed, provide own issuer. Operator will create self-signed if empty.

-
admissionWebhooks.enabledbool
-true
-
-
-

Enables validation webhook.

-
admissionWebhooks.policystring
-Fail
-
-
-

What to do in case, when operator not available to validate request.

-
affinityobject
-{}
-
-
-

Pod affinity

-
annotationsobject
-{}
-
-
-

Annotations to be added to the all resources

-
crds.cleanup.enabledbool
-false
-
-
-

Tells helm to clean up all the vm resources under this release’s namespace when uninstalling

-
crds.cleanup.imageobject
-pullPolicy: IfNotPresent
-repository: bitnami/kubectl
-tag: ""
-
-
-

Image configuration for CRD cleanup Job

-
crds.cleanup.resourcesobject
-limits:
-    cpu: 500m
-    memory: 256Mi
-requests:
-    cpu: 100m
-    memory: 56Mi
-
-
-

Cleanup hook resources

-
crds.plainbool
-false
-
-
-

check if plain or templated CRDs should be created. with this option set to false, all CRDs will be rendered from templates. with this option set to true, all CRDs are immutable and require manual upgrade.

-
envlist
-[]
-
-
-

Extra settings for the operator deployment. Full list here

-
envFromlist
-[]
-
-
-

Specify alternative source for env variables

-
extraArgsobject
-{}
-
-
-

Operator container additional commandline arguments

-
extraContainerslist
-[]
-
-
-

Extra containers to run in a pod with operator

-
extraHostPathMountslist
-[]
-
-
-

Additional hostPath mounts

-
extraLabelsobject
-{}
-
-
-

Labels to be added to the all resources

-
extraObjectslist
-[]
-
-
-

Add extra specs dynamically to this chart

-
extraVolumeMountslist
-[]
-
-
-

Extra Volume Mounts for the container

-
extraVolumeslist
-[]
-
-
-

Extra Volumes for the pod

-
fullnameOverridestring
-""
-
-
-

Overrides the full name of server component

-
global.cluster.dnsDomainstring
-cluster.local
-
-
-
global.compatibilityobject
-openshift:
-    adaptSecurityContext: auto
-
-
-

Openshift security context compatibility configuration

-
global.image.registrystring
-""
-
-
-

Image registry, that can be shared across multiple helm charts

-
global.imagePullSecretslist
-[]
-
-
-

Image pull secrets, that can be shared across multiple helm charts

-
imageobject
-pullPolicy: IfNotPresent
-registry: ""
-repository: victoriametrics/operator
-tag: ""
-variant: ""
-
-
-

operator image configuration

-
image.pullPolicystring
-IfNotPresent
-
-
-

Image pull policy

-
image.registrystring
-""
-
-
-

Image registry

-
image.repositorystring
-victoriametrics/operator
-
-
-

Image repository

-
image.tagstring
-""
-
-
-

Image tag override Chart.AppVersion

-
imagePullSecretslist
-[]
-
-
-

Secret to pull images

-
lifecycleobject
-{}
-
-
-

Operator lifecycle. See this article for details.

-
logLevelstring
-info
-
-
-

VM operator log level. Possible values: info and error.

-
nameOverridestring
-""
-
-
-

VM operatror deployment name override

-
nodeSelectorobject
-{}
-
-
-

Pod’s node selector. Details are here

-
operator.disable_prometheus_converterbool
-false
-
-
-

By default, operator converts prometheus-operator objects.

-
operator.enable_converter_ownershipbool
-false
-
-
-

Enables ownership reference for converted prometheus-operator objects, it will remove corresponding victoria-metrics objects in case of deletion prometheus one.

-
operator.prometheus_converter_add_argocd_ignore_annotationsbool
-false
-
-
-

Compare-options and sync-options for prometheus objects converted by operator for properly use with ArgoCD

-
operator.useCustomConfigReloaderbool
-false
-
-
-

Enables custom config-reloader, bundled with operator. It should reduce vmagent and vmauth config sync-time and make it predictable.

-
podDisruptionBudgetobject
-enabled: false
-labels: {}
-
-
-

See kubectl explain poddisruptionbudget.spec for more or check these docs

-
podLabelsobject
-{}
-
-
-

extra Labels for Pods only

-
podSecurityContextobject
-enabled: true
-
-
-

Pod’s security context. Details are here

-
probe.livenessobject
-failureThreshold: 3
-initialDelaySeconds: 5
-periodSeconds: 15
-tcpSocket:
-    port: probe
-timeoutSeconds: 5
-
-
-

Liveness probe

-
probe.readinessobject
-failureThreshold: 3
-httpGet:
-    port: probe
-initialDelaySeconds: 5
-periodSeconds: 15
-timeoutSeconds: 5
-
-
-

Readiness probe

-
probe.startupobject
-{}
-
-
-

Startup probe

-
rbac.aggregatedClusterRolesobject
-enabled: true
-labels:
-    admin:
-        rbac.authorization.k8s.io/aggregate-to-admin: "true"
-    view:
-        rbac.authorization.k8s.io/aggregate-to-view: "true"
-
-
-

Create aggregated clusterRoles for CRD readonly and admin permissions

-
rbac.aggregatedClusterRoles.labelsobject
-admin:
-    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-view:
-    rbac.authorization.k8s.io/aggregate-to-view: "true"
-
-
-

Labels attached to according clusterRole

-
rbac.createbool
-true
-
-
-

Specifies whether the RBAC resources should be created

-
replicaCountint
-1
-
-
-

Number of operator replicas

-
resourcesobject
-{}
-
-
-

Resource object

-
securityContextobject
-enabled: true
-
-
-

Security context to be added to server pods

-
service.annotationsobject
-{}
-
-
-

Service annotations

-
service.clusterIPstring
-""
-
-
-

Service ClusterIP

-
service.externalIPsstring
-""
-
-
-

Service external IPs. Check here for details

-
service.externalTrafficPolicystring
-""
-
-
-

Service external traffic policy. Check here for details

-
service.healthCheckNodePortstring
-""
-
-
-

Health check node port for a service. Check here for details

-
service.ipFamilieslist
-[]
-
-
-

List of service IP families. Check here for details.

-
service.ipFamilyPolicystring
-""
-
-
-

Service IP family policy. Check here for details.

-
service.labelsobject
-{}
-
-
-

Service labels

-
service.loadBalancerIPstring
-""
-
-
-

Service load balacner IP

-
service.loadBalancerSourceRangeslist
-[]
-
-
-

Load balancer source range

-
service.servicePortint
-8080
-
-
-

Service port

-
service.typestring
-ClusterIP
-
-
-

Service type

-
service.webhookPortint
-9443
-
-
-

Service webhook port

-
serviceAccount.createbool
-true
-
-
-

Specifies whether a service account should be created

-
serviceAccount.namestring
-""
-
-
-

The name of the service account to use. If not set and create is true, a name is generated using the fullname template

-
serviceMonitorobject
-annotations: {}
-basicAuth: {}
-enabled: false
-extraLabels: {}
-interval: ""
-relabelings: []
-scheme: ""
-scrapeTimeout: ""
-tlsConfig: {}
-
-
-

Configures monitoring with serviceScrape. VMServiceScrape must be pre-installed

-
terminationGracePeriodSecondsint
-30
-
-
-

Graceful pod termination timeout. See this article for details.

-
tolerationslist
-[]
-
-
-

Array of tolerations object. Spec is here

-
topologySpreadConstraintslist
-[]
-
-
-

Pod Topology Spread Constraints. Spec is here

-
watchNamespaceslist
-[]
-
-
-

By default, the operator will watch all the namespaces If you want to override this behavior, specify the namespace. Operator supports multiple namespaces for watching.

-
diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/README.md.gotmpl b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/README.md.gotmpl deleted file mode 100644 index 6c35359f..00000000 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/README.md.gotmpl +++ /dev/null @@ -1,98 +0,0 @@ -{{ template "chart.typeBadge" . }} {{ template "chart.versionBadge" . }} -[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/victoriametrics)](https://artifacthub.io/packages/helm/victoriametrics/victoria-metrics-operator) - -{{ template "chart.description" . }} - -## Prerequisites - -* Install the follow packages: ``git``, ``kubectl``, ``helm``, ``helm-docs``. See this [tutorial](https://docs.victoriametrics.com/helm/requirements/). -* PV support on underlying infrastructure. - -## ArgoCD issues - -When running operator using ArgoCD without Cert Manager (`.Values.admissionWebhooks.certManager.enabled: false`) it will rerender webhook certificates -on each sync since Helm `lookup` function is not respected by ArgoCD. To prevent this please update you operator Application `spec.syncPolicy` and `spec.ignoreDifferences` with a following: - -```yaml -apiVersion: argoproj.io/v1alpha1 -kind: Application -... -spec: - ... - syncPolicy: - syncOptions: - # https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/#respect-ignore-difference-configs - # argocd must also ignore difference during apply stage - # otherwise it ll silently override changes and cause a problem - - RespectIgnoreDifferences=true - ignoreDifferences: - - group: "" - kind: Secret - name: -validation - namespace: kube-system - jsonPointers: - - /data - - group: admissionregistration.k8s.io - kind: ValidatingWebhookConfiguration - name: -admission - jqPathExpressions: - - '.webhooks[]?.clientConfig.caBundle' -``` -where `` is output of `{{"{{"}} include "vm-operator.fullname" {{"}}"}}` for your setup - -## Upgrade guide - - During release an issue with helm CRD was discovered. So for upgrade from version less then 0.1.3 you have to two options: - 1) use helm management for CRD, enabled by default. - 2) use own management system, need to add variable: --set createCRD=false. - -If you choose helm management, following steps must be done before upgrade: - -1) define namespace and helm release name variables - -``` -export NAMESPACE=default -export RELEASE_NAME=operator -``` - -execute kubectl commands: - -``` -kubectl get crd | grep victoriametrics.com | awk '{print $1 }' | xargs -i kubectl label crd {} app.kubernetes.io/managed-by=Helm --overwrite -kubectl get crd | grep victoriametrics.com | awk '{print $1 }' | xargs -i kubectl annotate crd {} meta.helm.sh/release-namespace="$NAMESPACE" meta.helm.sh/release-name="$RELEASE_NAME" --overwrite -``` - -run helm upgrade command. - -## Chart Details - -This chart will do the following: - -* Rollout victoria metrics operator - -{{ include "chart.installSection" . }} - -## Validation webhook - - Its possible to use validation of created resources with operator. For now, you need cert-manager to easily certificate management https://cert-manager.io/docs/ - -```yaml -admissionWebhooks: - enabled: true - # what to do in case, when operator not available to validate request. - certManager: - # enables cert creation and injection by cert-manager - enabled: true -``` - -{{ include "chart.uninstallSection" . }} - -{{ include "chart.helmDocs" . }} - -## Parameters - -The following tables lists the configurable parameters of the chart and their default values. - -Change the values according to the need of the environment in ``victoria-metrics-operator/values.yaml`` file. - -{{ template "chart.valuesTableHtml" . }} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/RELEASE_NOTES b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/RELEASE_NOTES new file mode 100644 index 00000000..55ceea77 --- /dev/null +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/RELEASE_NOTES @@ -0,0 +1,7 @@ +# Release notes for version 0.44.0 + +**Release date:** 02 Apr 2025 + +![Helm: v3](https://img.shields.io/badge/Helm-v3.14%2B-informational?color=informational&logo=helm&link=https%3A%2F%2Fgithub.com%2Fhelm%2Fhelm%2Freleases%2Ftag%2Fv3.14.0) ![AppVersion: v0.55.0](https://img.shields.io/badge/v0.55.0-success?logo=VictoriaMetrics&labelColor=gray&link=https%3A%2F%2Fdocs.victoriametrics.com%2Foperator%2Fchangelog%23v0550) + +- updates operator to [v0.55.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.55.0) version diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/RELEASE_NOTES.md b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/RELEASE_NOTES.md deleted file mode 100644 index 33616242..00000000 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/RELEASE_NOTES.md +++ /dev/null @@ -1,8 +0,0 @@ -# Release notes for version 0.36.0 - -**Release date:** 2024-10-22 - -![AppVersion: v0.48.4](https://img.shields.io/static/v1?label=AppVersion&message=v0.48.4&color=success&logo=) -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- replaced `crd.enabled` property to `crds.plain`. Instead of disabling CRDs it selects if CRDs should be rendered from template or as plain CRDs diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/_changelog.md b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/_changelog.md deleted file mode 100644 index da8b8162..00000000 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/_changelog.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -weight: 1 -title: CHANGELOG -menu: - docs: - weight: 1 - identifier: helm-victoriametrics-operator-changelog - parent: helm-victoriametrics-operator -url: /helm/victoriametrics-operator/changelog -aliases: - - /helm/victoriametrics-operator/changelog/index.html ---- -{{% content "CHANGELOG.md" %}} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/_index.md b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/_index.md deleted file mode 100644 index ec9c24c5..00000000 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/_index.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -weight: 10 -title: VictoriaMetrics Operator -menu: - docs: - parent: helm - weight: 10 - identifier: helm-victoriametrics-operator -url: /helm/victoriametrics-operator -aliases: - - /helm/victoriametrics-operator/index.html ---- -{{% content "README.md" %}} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/crds/crds/crd.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/crds/crds/crd.yaml index bb065953..038cc276 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/crds/crds/crd.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/crds/crds/crd.yaml @@ -2,19 +2,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vlogs.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: system - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VLogs @@ -28,10 +18,15 @@ spec: jsonPath: .status.status name: Status type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1beta1 schema: openAPIV3Schema: - description: VLogs is the Schema for the vlogs API + description: |- + VLogs is fast, cost-effective and scalable logs database. + VLogs is the Schema for the vlogs API properties: apiVersion: description: |- @@ -77,6 +72,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator @@ -111,9 +114,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -164,6 +170,53 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array futureRetention: description: |- FutureRetention for the stored logs @@ -253,9 +306,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -301,9 +352,32 @@ spec: this can be useful for debugging of high cardinality issues with log streams; see https://docs.victoriametrics.com/victorialogs/keyconcepts/#stream-fields type: boolean + managedMetadata: + description: |- + ManagedMetadata defines metadata that will be added to the all objects + created by operator for the given CustomResource + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Labels Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + type: object + type: object minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -394,11 +468,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -409,6 +481,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -725,7 +803,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -881,10 +959,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -892,11 +968,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -935,32 +1009,81 @@ spec: status: description: VLogsStatus defines the observed state of VLogs properties: - availableReplicas: - description: AvailableReplicas Total number of available pods (ready - for at least minReadySeconds) targeted by this VLogs. - format: int32 + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 type: integer reason: - description: Reason defines a reason in case of update failure + description: Reason defines human readable error reason type: string - replicas: - description: ReplicaCount Total number of non-terminated pods targeted - by this VLogs. - format: int32 - type: integer - status: - description: UpdateStatus defines a status of vlogs instance rollout + updateStatus: + description: UpdateStatus defines a status for update rollout type: string - unavailableReplicas: - description: UnavailableReplicas Total number of unavailable pods - targeted by this VLogs. - format: int32 - type: integer - updatedReplicas: - description: UpdatedReplicas Total number of non-terminated pods targeted - by this VLogs. - format: int32 - type: integer type: object type: object served: true @@ -972,19 +1095,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmagents.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMAgent @@ -1006,6 +1119,9 @@ spec: jsonPath: .status.updateStatus name: Status type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1beta1 schema: openAPIV3Schema: @@ -1034,6 +1150,49 @@ spec: description: VMAgentSpec defines the desired state of VMAgent properties: aPIServerConfig: + description: |- + APIServerConfig allows specifying a host and auth methods to access apiserver. + If left empty, VMAgent is assumed to run inside of the cluster + and will discover API servers automatically and use the pod's CA certificate + and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + aPIServerConfig is deprecated use apiServerConfig instead + required: + - host + type: object + x-kubernetes-preserve-unknown-fields: true + additionalScrapeConfigs: + description: |- + AdditionalScrapeConfigs As scrape configs are appended, the user is responsible to make sure it + is valid. Note that using this feature may expose the possibility to + break upgrades of VMAgent. It is advised to review VMAgent release + notes to ensure that no incompatible scrape configs are going to break + VMAgent after the upgrade. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + affinity: + description: Affinity If specified, the pod's scheduling constraints. + type: object + x-kubernetes-preserve-unknown-fields: true + apiServerConfig: description: |- APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, VMAgent is assumed to run inside of the cluster @@ -1057,9 +1216,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1096,9 +1253,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1129,9 +1284,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1157,7 +1310,8 @@ spec: description: TLSConfig Config to use for accessing apiserver. properties: ca: - description: Stuct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the + targets. properties: configMap: description: ConfigMap containing data to use for the @@ -1173,9 +1327,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1199,9 +1351,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1234,9 +1384,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1260,9 +1408,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1299,9 +1445,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1318,40 +1462,6 @@ spec: required: - host type: object - additionalScrapeConfigs: - description: |- - AdditionalScrapeConfigs As scrape configs are appended, the user is responsible to make sure it - is valid. Note that using this feature may expose the possibility to - break upgrades of VMAgent. It is advised to review VMAgent release - notes to ensure that no incompatible scrape configs are going to break - VMAgent after the upgrade. - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - affinity: - description: Affinity If specified, the pod's scheduling constraints. - type: object - x-kubernetes-preserve-unknown-fields: true arbitraryFSAccessThroughSMs: description: |- ArbitraryFSAccessThroughSMs configures whether configuration @@ -1576,7 +1686,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -1616,7 +1726,7 @@ spec: volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io - prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus + prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState @@ -1636,12 +1746,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the - given PVC.\n\n\nA controller that receives PVC update - with previously unknown resourceName or ClaimResourceStatus\nshould + given PVC.\n\nA controller that receives PVC update with + previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that - change other valid\nresources associated with PVC.\n\n\nThis + change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -1660,7 +1770,7 @@ spec: volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io - prefix are considered\nreserved and hence may not be used.\n\n\nCapacity + prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources @@ -1669,12 +1779,12 @@ spec: capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the - requested capacity.\n\n\nA controller that receives PVC + requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that - change other valid\nresources associated with PVC.\n\n\nThis + change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -1717,10 +1827,15 @@ spec: persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType is - a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status @@ -1734,13 +1849,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -1799,11 +1914,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1814,6 +1927,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1858,6 +1977,21 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + daemonSetMode: + description: |- + DaemonSetMode enables DaemonSet deployment mode instead of Deployment. + Supports only VMPodScrape + (available from v0.55.0). + Cannot be used with statefulMode + type: boolean + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator @@ -1892,9 +2026,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -1912,6 +2049,13 @@ spec: dnsPolicy: description: DNSPolicy sets DNS policy for the pod type: string + enableKubernetesAPISelectors: + description: |- + EnableKubernetesAPISelectors instructs vmagent to use CRD scrape objects spec.selectors for + Kubernetes API list and watch requests. + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#list-and-watch-filtering + It could be useful to reduce Kubernetes API server resource usage for serving less than 100 CRD scrape objects in total. + type: boolean enforcedNamespaceLabel: description: |- EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert @@ -1958,6 +2102,53 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array host_aliases: description: |- HostAliasesUnderScore provides mapping for ip and hostname, @@ -2048,9 +2239,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -2186,6 +2375,9 @@ spec: Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) properties: + forceOffline: + description: Enforce offline verification of the license key. + type: boolean key: description: |- Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). @@ -2206,9 +2398,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -2218,6 +2408,10 @@ spec: - key type: object x-kubernetes-map-type: atomic + reloadInterval: + description: Interval to be used for checking for license key + changes. Note that this is only applicable when using KeyRef. + type: string type: object livenessProbe: description: LivenessProbe that will be added CRD pod @@ -2240,6 +2434,29 @@ spec: - FATAL - PANIC type: string + managedMetadata: + description: |- + ManagedMetadata defines metadata that will be added to the all objects + created by operator for the given CustomResource + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Labels Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + type: object + type: object maxScrapeInterval: description: |- MaxScrapeInterval allows limiting maximum scrape interval for VMServiceScrape, VMPodScrape and other scrapes @@ -2247,7 +2464,7 @@ spec: type: string minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -2918,9 +3135,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key must be @@ -2960,9 +3175,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2993,9 +3206,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3020,9 +3231,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3124,9 +3333,10 @@ spec: type: object type: array maxDiskUsage: - description: MaxDiskUsage defines the maximum file-based buffer - size in bytes for -remoteWrite.url - type: string + description: |- + MaxDiskUsage defines the maximum file-based buffer size in bytes for the given remoteWrite + It overrides global configuration defined at remoteWriteSettings.maxDiskUsagePerURL + x-kubernetes-preserve-unknown-fields: true oauth2: description: OAuth2 defines auth configuration properties: @@ -3148,9 +3358,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -3174,9 +3382,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3201,9 +3407,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3222,11 +3426,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -3257,9 +3473,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -3283,6 +3497,10 @@ spec: items: type: string type: array + enableWindows: + description: EnableWindows enables aggregating data in separate + windows ( available from v0.54.0). + type: boolean ignoreFirstIntervals: description: IgnoreFirstIntervals instructs to ignore first interval @@ -3304,10 +3522,8 @@ spec: description: |- By is an optional list of labels for grouping input series. - See also Without. - If neither By nor Without are set, then the Outputs are calculated individually per each input time series. items: @@ -3321,11 +3537,14 @@ spec: description: |- DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples. - Labels are dropped before de-duplication and aggregation. items: type: string type: array + enable_windows: + description: EnableWindows enables aggregating data + in separate windows + type: boolean flush_on_shutdown: description: |- FlushOnShutdown defines whether to flush the aggregation state on process termination @@ -3430,7 +3649,6 @@ spec: description: |- Match is a label selector (or list of label selectors) for filtering time series for the given selector. - If the match isn't set, then all the input time series are processed. x-kubernetes-preserve-unknown-fields: true no_align_flush_to_interval: @@ -3520,10 +3738,8 @@ spec: description: |- Outputs is a list of output aggregate functions to produce. - The following names are allowed: - - total - aggregates input counters - increase - counts the increase over input counters - count_series - counts the input series @@ -3538,10 +3754,8 @@ spec: - histogram_bucket - creates VictoriaMetrics histogram for input samples - quantiles(phi1, ..., phiN) - quantiles' estimation for phi in the range [0..1] - The output time series will have the following names: - input_name:aggr__ items: type: string @@ -3555,10 +3769,8 @@ spec: description: |- Without is an optional list of labels, which must be excluded when grouping input series. - See also By. - If neither By nor Without are set, then the Outputs are calculated individually per each input time series. items: @@ -3575,7 +3787,7 @@ spec: write target properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -3592,9 +3804,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -3618,9 +3828,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3653,9 +3861,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -3679,9 +3885,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3718,9 +3922,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3751,9 +3953,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key must @@ -3790,8 +3990,7 @@ spec: type: integer maxDiskUsagePerURL: description: The maximum file-based buffer size in bytes at -remoteWrite.tmpDataPath - format: int64 - type: integer + x-kubernetes-preserve-unknown-fields: true queues: description: The number of concurrent queues format: int32 @@ -3826,11 +4025,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -3841,6 +4038,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -4664,7 +4867,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -4705,8 +4908,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -4725,12 +4928,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -4750,21 +4953,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -4807,10 +5010,15 @@ spec: persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status @@ -4824,13 +5032,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -4991,7 +5199,7 @@ spec: type: array staticScrapeSelector: description: |- - StaticScrapeSelector defines PodScrapes to be selected for target discovery. + StaticScrapeSelector defines VMStaticScrape to be selected for target discovery. Works in combination with NamespaceSelector. If both nil - match everything. NamespaceSelector nil - only objects at VMAgent namespace. @@ -5057,9 +5265,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key must @@ -5082,6 +5288,10 @@ spec: items: type: string type: array + enableWindows: + description: EnableWindows enables aggregating data in separate + windows ( available from v0.54.0). + type: boolean ignoreFirstIntervals: description: IgnoreFirstIntervals instructs to ignore first interval type: integer @@ -5102,10 +5312,8 @@ spec: description: |- By is an optional list of labels for grouping input series. - See also Without. - If neither By nor Without are set, then the Outputs are calculated individually per each input time series. items: @@ -5118,11 +5326,14 @@ spec: description: |- DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples. - Labels are dropped before de-duplication and aggregation. items: type: string type: array + enable_windows: + description: EnableWindows enables aggregating data in separate + windows + type: boolean flush_on_shutdown: description: |- FlushOnShutdown defines whether to flush the aggregation state on process termination @@ -5225,7 +5436,6 @@ spec: description: |- Match is a label selector (or list of label selectors) for filtering time series for the given selector. - If the match isn't set, then all the input time series are processed. x-kubernetes-preserve-unknown-fields: true no_align_flush_to_interval: @@ -5315,10 +5525,8 @@ spec: description: |- Outputs is a list of output aggregate functions to produce. - The following names are allowed: - - total - aggregates input counters - increase - counts the increase over input counters - count_series - counts the input series @@ -5333,10 +5541,8 @@ spec: - histogram_bucket - creates VictoriaMetrics histogram for input samples - quantiles(phi1, ..., phiN) - quantiles' estimation for phi in the range [0..1] - The output time series will have the following names: - input_name:aggr__ items: type: string @@ -5350,10 +5556,8 @@ spec: description: |- Without is an optional list of labels, which must be excluded when grouping input series. - See also By. - If neither By nor Without are set, then the Outputs are calculated individually per each input time series. items: @@ -5492,10 +5696,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -5503,11 +5705,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -5546,15 +5746,77 @@ spec: status: description: VMAgentStatus defines the observed state of VMAgent properties: - availableReplicas: + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: description: |- - AvailableReplicas Total number of available pods (ready for at least minReadySeconds) - targeted by this VMAlert cluster. - format: int32 + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 type: integer reason: - description: Reason defines fail reason for update process, effective - only for statefulMode + description: Reason defines human readable error reason type: string replicas: description: ReplicaCount Total number of pods targeted by this VMAgent @@ -5568,21 +5830,9 @@ spec: with uniq scrape targets format: int32 type: integer - unavailableReplicas: - description: UnavailableReplicas Total number of unavailable pods - targeted by this VMAgent cluster. - format: int32 - type: integer updateStatus: - description: UpdateStatus defines a status for update rollout, effective - only for statefulMode + description: UpdateStatus defines a status for update rollout type: string - updatedReplicas: - description: |- - UpdatedReplicas Total number of non-terminated pods targeted by this VMAgent - cluster that have the desired version spec. - format: int32 - type: integer type: object type: object served: true @@ -5598,19 +5848,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmalertmanagerconfigs.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMAlertmanagerConfig @@ -5623,13 +5863,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastErrorParentAlertmanagerName - name: VMAlertmanager Error - type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -5702,6 +5939,17 @@ spec: discord_configs: items: properties: + avatar_url: + description: |- + AvatarURL defines message avatar URL + Available from operator v0.55.0 and alertmanager v0.28.0 + type: string + content: + description: |- + Content defines message content template + Available from operator v0.55.0 and alertmanager v0.28.0 + maxLength: 2000 + type: string http_config: description: HTTP client configuration. properties: @@ -5725,9 +5973,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5764,9 +6010,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5797,9 +6041,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5830,9 +6072,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -5864,9 +6104,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5892,9 +6130,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5920,9 +6156,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5942,12 +6176,24 @@ spec: description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -5963,8 +6209,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Stuct containing the CA cert to use - for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: description: ConfigMap containing data to @@ -5980,9 +6226,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6008,9 +6252,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6043,9 +6285,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6071,9 +6311,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6110,9 +6348,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6138,6 +6374,11 @@ spec: title: description: The message title template type: string + username: + description: |- + Username defines message username + Available from operator v0.55.0 and alertmanager v0.28.0 + type: string webhook_url: description: |- The discord webhook URL @@ -6160,9 +6401,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6197,9 +6436,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6225,9 +6462,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6279,8 +6514,8 @@ spec: description: TLS configuration properties: ca: - description: Stuct containing the CA cert to use for - the targets. + description: Struct containing the CA cert to use + for the targets. properties: configMap: description: ConfigMap containing data to use @@ -6296,9 +6531,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6323,9 +6556,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6358,9 +6589,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6385,9 +6614,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6424,9 +6651,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -6445,6 +6670,83 @@ spec: type: string type: object type: array + jira_configs: + items: + description: |- + JiraConfig represent alertmanager's jira_config entry + https://prometheus.io/docs/alerting/latest/configuration/#jira_config + available from v0.55.0 operator version + and v0.28.0 alertmanager version + properties: + api_url: + description: |- + The URL to send API requests to. The full API path must be included. + Example: https://company.atlassian.net/rest/api/2/ + type: string + custom_fields: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: |- + Other issue and custom fields. + Jira issue field can have multiple types. + Depends on the field type, the values must be provided differently. + See https://developer.atlassian.com/server/jira/platform/jira-rest-api-examples/#setting-custom-field-data-for-other-field-types for further examples. + type: object + description: + description: Issue description template. + type: string + http_config: + description: |- + The HTTP client's configuration. You must use this configuration to supply the personal access token (PAT) as part of the HTTP `Authorization` header. + For Jira Cloud, use basic_auth with the email address as the username and the PAT as the password. + For Jira Data Center, use the 'authorization' field with 'credentials: '. + x-kubernetes-preserve-unknown-fields: true + issue_type: + description: Type of the issue (e.g. Bug) + type: string + labels: + description: Labels to be added to the issue + items: + type: string + type: array + priority: + description: Priority of the issue + type: string + project: + description: The project key where issues are created + type: string + reopen_duration: + description: |- + If reopen_transition is defined, reopen the issue when it is not older than this value (rounded down to the nearest minute). + The resolutiondate field is used to determine the age of the issue. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + reopen_transition: + description: |- + Name of the workflow transition to resolve an issue. + The target status must have the category "done". + type: string + resolve_transition: + description: |- + Name of the workflow transition to reopen an issue. + The target status should not have the category "done". + type: string + send_resolved: + description: SendResolved controls notify about resolved + alerts. + type: boolean + summary: + description: Issue summary template + type: string + wont_fix_resolution: + description: If reopen_transition is defined, ignore issues + with that resolution. + type: string + required: + - issue_type + - project + type: object + type: array msteams_configs: items: properties: @@ -6471,9 +6773,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6510,9 +6810,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6543,9 +6841,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6576,9 +6872,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -6610,9 +6904,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6638,9 +6930,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6666,9 +6956,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6688,12 +6976,24 @@ spec: description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -6709,8 +7009,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Stuct containing the CA cert to use - for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: description: ConfigMap containing data to @@ -6726,9 +7026,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6754,9 +7052,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6789,9 +7085,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6817,9 +7111,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6856,9 +7148,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6906,9 +7196,61 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + msteamsv2_configs: + items: + description: |- + MSTeamsV2Config sends notifications using the new message format with adaptive cards as required by flows. + https://support.microsoft.com/en-gb/office/create-incoming-webhooks-with-workflows-for-microsoft-teams-8ae491c7-0394-4861-ba59-055e33f75498 + available from v0.55.0 operator version + and v0.28.0 alertmanager version + properties: + http_config: + x-kubernetes-preserve-unknown-fields: true + send_resolved: + description: SendResolved controls notify about resolved + alerts. + type: boolean + text: + description: Message body template. + type: string + title: + description: Message title template. + type: string + webhook_url: + description: |- + The incoming webhook URL + one of `urlSecret` and `url` must be defined. + type: string + webhook_url_secret: + description: |- + URLSecret defines secret name and key at the CRD namespace. + It must contain the webhook URL. + one of `webhook_url` or `webhook_url_secret` must be defined. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key @@ -6954,9 +7296,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7126,9 +7466,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7160,9 +7498,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7240,9 +7576,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7275,9 +7609,129 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + rocketchat_configs: + items: + description: |- + RocketchatConfig configures notifications via Rocketchat. + https://prometheus.io/docs/alerting/latest/configuration/#rocketchat_config + available from v0.55.0 operator version + and v0.28.0 alertmanager version + properties: + actions: + items: + description: |- + RocketchatAttachmentAction defines message attachements + https://github.com/RocketChat/Rocket.Chat.Go.SDK/blob/master/models/message.go + properties: + msg: + type: string + text: + type: string + type: + type: string + url: + type: string + type: object + type: array + api_url: + type: string + channel: + description: 'RocketChat channel override, (like #other-channel + or @username).' + type: string + color: + type: string + emoji: + type: string + fields: + items: + description: |- + RocketchatAttachmentField defines API fields + https://developer.rocket.chat/reference/api/rest-api/endpoints/messaging/chat-endpoints/postmessage#attachment-field-objects + properties: + short: + type: boolean + title: + type: string + value: + type: string + type: object + type: array + http_config: + x-kubernetes-preserve-unknown-fields: true + icon_url: + type: string + image_url: + type: string + link_names: + type: boolean + send_resolved: + description: SendResolved controls notify about resolved + alerts. + type: boolean + short_fields: + type: boolean + text: + type: string + thumb_url: + type: string + title: + type: string + title_link: + type: string + token: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + token_id: + description: |- + The sender token and token_id + See https://docs.rocket.chat/use-rocket.chat/user-guides/user-panel/my-account#personal-access-tokens + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key @@ -7362,9 +7816,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7477,9 +7929,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7516,9 +7966,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7549,9 +7997,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7582,9 +8028,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -7616,9 +8060,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -7644,9 +8086,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -7672,9 +8112,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7694,12 +8132,24 @@ spec: description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -7715,8 +8165,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Stuct containing the CA cert to use - for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: description: ConfigMap containing data to @@ -7732,9 +8182,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -7760,9 +8208,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -7795,9 +8241,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -7823,9 +8267,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -7862,9 +8304,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7916,9 +8356,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -7954,9 +8392,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -8007,9 +8443,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8033,6 +8467,10 @@ spec: message: description: Message is templated message type: string + message_thread_id: + description: MessageThreadID defines ID of the message + thread where to send the messages. + type: integer parse_mode: description: |- ParseMode for telegram message, @@ -8072,9 +8510,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8120,9 +8556,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8159,9 +8593,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8192,9 +8624,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8225,9 +8655,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -8259,9 +8687,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8287,9 +8713,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8315,9 +8739,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8337,12 +8759,24 @@ spec: description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -8358,8 +8792,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Stuct containing the CA cert to use - for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: description: ConfigMap containing data to @@ -8375,9 +8809,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8403,9 +8835,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8438,9 +8868,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8466,9 +8894,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8505,9 +8931,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8577,9 +9001,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8616,9 +9038,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8649,9 +9069,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8682,9 +9100,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -8716,9 +9132,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8744,9 +9158,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8772,9 +9184,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8794,12 +9204,24 @@ spec: description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -8815,8 +9237,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Stuct containing the CA cert to use - for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: description: ConfigMap containing data to @@ -8832,9 +9254,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8860,9 +9280,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8895,9 +9313,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8923,9 +9339,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8962,9 +9376,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8991,6 +9403,8 @@ spec: description: SendResolved controls notify about resolved alerts. type: boolean + required: + - room_id type: object type: array webhook_configs: @@ -9036,9 +9450,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -9076,9 +9488,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -9121,9 +9531,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9160,9 +9568,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9193,9 +9599,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9226,9 +9630,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -9260,9 +9662,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -9288,9 +9688,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -9316,9 +9714,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9338,12 +9734,24 @@ spec: description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -9359,8 +9767,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Stuct containing the CA cert to use - for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: description: ConfigMap containing data to @@ -9376,9 +9784,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -9404,9 +9810,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -9439,9 +9843,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -9467,9 +9869,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -9506,9 +9906,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9672,6 +10070,7 @@ spec: type: object type: array required: + - name - time_intervals type: object type: array @@ -9683,18 +10082,82 @@ spec: description: VMAlertmanagerConfigStatus defines the observed state of VMAlertmanagerConfig properties: + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map lastErrorParentAlertmanagerName: type: string - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation - type: string - lastSyncErrorTimestamp: - description: LastSyncErrorTimestamp defines time when error occured + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile format: int64 type: integer - status: - description: Status defines CRD processing status + reason: + description: Reason defines human readable error reason + type: string + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object type: object @@ -9707,19 +10170,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmalertmanagers.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMAlertmanager @@ -9731,10 +10184,6 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - description: The version of VMAlertmanager - jsonPath: .spec.image.tag - name: Version - type: string - description: The desired replicas number of Alertmanagers jsonPath: .spec.replicaCount name: ReplicaCount @@ -9998,7 +10447,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -10038,7 +10487,7 @@ spec: volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io - prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus + prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState @@ -10058,12 +10507,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the - given PVC.\n\n\nA controller that receives PVC update - with previously unknown resourceName or ClaimResourceStatus\nshould + given PVC.\n\nA controller that receives PVC update with + previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that - change other valid\nresources associated with PVC.\n\n\nThis + change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -10082,7 +10531,7 @@ spec: volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io - prefix are considered\nreserved and hence may not be used.\n\n\nCapacity + prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources @@ -10091,12 +10540,12 @@ spec: capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the - requested capacity.\n\n\nA controller that receives PVC + requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that - change other valid\nresources associated with PVC.\n\n\nThis + change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -10139,10 +10588,15 @@ spec: persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType is - a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status @@ -10156,13 +10610,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -10290,11 +10744,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -10305,6 +10757,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -10409,6 +10867,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableNamespaceMatcher: description: |- DisableNamespaceMatcher disables top route namespace label matcher for VMAlertmanagerConfig @@ -10452,9 +10918,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -10520,6 +10989,53 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array gossipConfig: description: GossipConfig defines gossip TLS configuration for Alertmanager cluster @@ -10549,9 +11065,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10582,9 +11096,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10620,9 +11132,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10661,9 +11171,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10712,9 +11220,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10752,9 +11258,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10871,9 +11375,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -10919,9 +11421,32 @@ spec: - WARN - ERROR type: string + managedMetadata: + description: |- + ManagedMetadata defines metadata that will be added to the all objects + created by operator for the given CustomResource + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Labels Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + type: object + type: object minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -11042,11 +11567,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -11057,6 +11580,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -11483,7 +12012,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -11524,8 +12053,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -11544,12 +12073,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -11569,21 +12098,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -11626,10 +12155,15 @@ spec: persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status @@ -11643,13 +12177,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -11697,9 +12231,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string required: - key @@ -11819,10 +12351,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -11830,11 +12360,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -11920,9 +12448,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -11971,9 +12497,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12011,9 +12535,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12053,11 +12575,80 @@ spec: Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status properties: + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer reason: - description: Reason has non empty reason for update failure + description: Reason defines human readable error reason type: string updateStatus: - description: Status defines a status of object update + description: UpdateStatus defines a status for update rollout type: string type: object required: @@ -12072,19 +12663,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmalerts.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMAlert @@ -12098,6 +12679,13 @@ spec: jsonPath: .status.updateStatus name: Status type: string + - description: The desired replicas number of Alertmanagers + jsonPath: .spec.replicaCount + name: ReplicaCount + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1beta1 schema: openAPIV3Schema: @@ -12157,11 +12745,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -12172,6 +12758,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -12240,9 +12832,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12273,9 +12863,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12303,9 +12891,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -12343,6 +12929,14 @@ spec: required: - url type: object + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator @@ -12377,9 +12971,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -12447,6 +13044,53 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array host_aliases: description: |- HostAliasesUnderScore provides mapping for ip and hostname, @@ -12531,9 +13175,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -12557,6 +13199,9 @@ spec: Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) properties: + forceOffline: + description: Enforce offline verification of the license key. + type: boolean key: description: |- Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). @@ -12577,9 +13222,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -12589,6 +13232,10 @@ spec: - key type: object x-kubernetes-map-type: atomic + reloadInterval: + description: Interval to be used for checking for license key + changes. Note that this is only applicable when using KeyRef. + type: string type: object livenessProbe: description: LivenessProbe that will be added CRD pod @@ -12611,9 +13258,32 @@ spec: - FATAL - PANIC type: string + managedMetadata: + description: |- + ManagedMetadata defines metadata that will be added to the all objects + created by operator for the given CustomResource + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Labels Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + type: object + type: object minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -12650,9 +13320,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12683,9 +13351,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12713,9 +13379,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -12838,9 +13502,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -12878,9 +13540,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12911,9 +13571,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12941,9 +13599,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -13170,9 +13826,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -13203,9 +13857,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -13233,9 +13885,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -13306,9 +13956,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -13339,9 +13987,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -13369,9 +14015,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -13442,11 +14086,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -13457,6 +14099,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -13859,10 +14507,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -13870,11 +14516,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -13913,37 +14557,81 @@ spec: status: description: VMAlertStatus defines the observed state of VMAlert properties: - availableReplicas: + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: description: |- - AvailableReplicas Total number of available pods (ready for at least minReadySeconds) - targeted by this VMAlert cluster. - format: int32 + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 type: integer reason: - description: Reason defines fail reason for update process, effective - only for statefulMode + description: Reason defines human readable error reason type: string - replicas: - description: |- - ReplicaCount Total number of non-terminated pods targeted by this VMAlert - cluster (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: UnavailableReplicas Total number of unavailable pods - targeted by this VMAlert cluster. - format: int32 - type: integer updateStatus: - description: UpdateStatus defines a status for update rollout, effective - only for statefulMode + description: UpdateStatus defines a status for update rollout type: string - updatedReplicas: - description: |- - UpdatedReplicas Total number of non-terminated pods targeted by this VMAlert - cluster that have the desired version spec. - format: int32 - type: integer type: object type: object served: true @@ -13955,19 +14643,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmauths.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: system - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMAuth @@ -13981,6 +14659,13 @@ spec: jsonPath: .status.updateStatus name: Status type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The desired replicas number of Alertmanagers + jsonPath: .spec.replicaCount + name: ReplicaCount + type: integer name: v1beta1 schema: openAPIV3Schema: @@ -14039,11 +14724,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -14054,6 +14737,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -14093,6 +14782,7 @@ spec: configuration must be inside secret key: config.yaml. It must be created and managed manually. If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders + Deprecated, use externalConfig.secretRef instead type: string containers: description: |- @@ -14106,23 +14796,20 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array - default_url: + disableAutomountServiceAccountToken: description: |- - DefaultURLs backend url for non-matching paths filter - usually used for default backend with error message - items: - type: string - type: array + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator for the application. Has priority over `VM_DISABLESELFSERVICESCRAPECREATION` operator env variable type: boolean - discover_backend_ips: - description: DiscoverBackendIPs instructs discovering URLPrefix backend - IPs via DNS. - type: boolean dnsConfig: description: |- Specifies the DNS parameters of a pod. @@ -14151,9 +14838,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -14171,11 +14861,42 @@ spec: dnsPolicy: description: DNSPolicy sets DNS policy for the pod type: string - drop_src_path_prefix_parts: + externalConfig: description: |- - DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. - See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. - type: integer + ExternalConfig defines a source of external VMAuth configuration. + If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders + properties: + localPath: + description: |- + LocalPath contains static path to a config, which is managed externally for cases + when using secrets is not applicable, e.g.: Vault sidecar. + type: string + secretRef: + description: SecretRef defines selector for externally managed + secret which contains configuration + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object extraArgs: additionalProperties: type: string @@ -14209,15 +14930,52 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array - headers: + extraEnvsFrom: description: |- - Headers represent additional http headers, that vmauth uses - in form of ["header_key: header_value"] - multiple values for header key: - ["header_key: value1,value2"] - it's available since 1.68.0 version of vmauth + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap items: - type: string + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object type: array host_aliases: description: |- @@ -14303,9 +15061,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -14347,8 +15103,8 @@ spec: these may change in the future.\nIncoming requests are matched against the host before the\nIngressRuleValue. If the host is unspecified, the Ingress routes all\ntraffic - based on the specified IngressRuleValue.\n\n\nhost can - be \"precise\" which is a domain name without the terminating + based on the specified IngressRuleValue.\n\nhost can be + \"precise\" which is a domain name without the terminating dot of\na network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name\nprefixed with a single wildcard label (e.g. \"*.foo.com\").\nThe wildcard character '*' @@ -14436,6 +15192,7 @@ spec: format: int32 type: integer type: object + x-kubernetes-map-type: atomic required: - name type: object @@ -14551,26 +15308,15 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array - ip_filters: - description: |- - IPFilters defines per target src ip filters - supported only with enterprise version of [vmauth](https://docs.victoriametrics.com/vmauth/#ip-filters) - properties: - allow_list: - items: - type: string - type: array - deny_list: - items: - type: string - type: array - type: object license: description: |- License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) properties: + forceOffline: + description: Enforce offline verification of the license key. + type: boolean key: description: |- Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). @@ -14591,9 +15337,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -14603,20 +15347,15 @@ spec: - key type: object x-kubernetes-map-type: atomic + reloadInterval: + description: Interval to be used for checking for license key + changes. Note that this is only applicable when using KeyRef. + type: string type: object livenessProbe: description: LivenessProbe that will be added CRD pod type: object x-kubernetes-preserve-unknown-fields: true - load_balancing_policy: - description: |- - LoadBalancingPolicy defines load balancing policy to use for backend urls. - Supported policies: least_loaded, first_available. - See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default "least_loaded") - enum: - - least_loaded - - first_available - type: string logFormat: description: LogFormat for VMAuth to be configured with. enum: @@ -14633,14 +15372,32 @@ spec: - FATAL - PANIC type: string - max_concurrent_requests: + managedMetadata: description: |- - MaxConcurrentRequests defines max concurrent requests per user - 300 is default value for vmauth - type: integer + ManagedMetadata defines metadata that will be added to the all objects + created by operator for the given CustomResource + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Labels Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + type: object + type: object minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -14756,11 +15513,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -14771,6 +15526,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -14803,23 +15564,6 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object - response_headers: - description: |- - ResponseHeaders represent additional http headers, that vmauth adds for request response - in form of ["header_key: header_value"] - multiple values for header key: - ["header_key: value1,value2"] - it's available since 1.93.0 version of vmauth - items: - type: string - type: array - retry_status_codes: - description: |- - RetryStatusCodes defines http status codes in numeric format for request retries - e.g. [429,503] - items: - type: integer - type: array revisionHistoryLimitCount: description: |- The number of old ReplicaSets to retain to allow rollback in deployment or @@ -14926,164 +15670,6 @@ spec: termination format: int64 type: integer - tlsConfig: - description: TLSConfig specifies TLSConfig configuration parameters. - properties: - ca: - description: Stuct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to use for the - targets. - type: string - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container for - the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container for - the targets. - type: string - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object tolerations: description: Tolerations If specified, the pod's tolerations. items: @@ -15140,88 +15726,342 @@ spec: x-kubernetes-preserve-unknown-fields: true type: array unauthorizedAccessConfig: - description: UnauthorizedAccessConfig configures access for un authorized - users - items: - properties: - discover_backend_ips: - description: DiscoverBackendIPs instructs discovering URLPrefix - backend IPs via DNS. - type: boolean - drop_src_path_prefix_parts: - description: |- - DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. - See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. - type: integer - headers: - description: |- - RequestHeaders represent additional http headers, that vmauth uses - in form of ["header_key: header_value"] - multiple values for header key: - ["header_key: value1,value2"] - it's available since 1.68.0 version of vmauth - items: - type: string - type: array - load_balancing_policy: - description: |- - LoadBalancingPolicy defines load balancing policy to use for backend urls. - Supported policies: least_loaded, first_available. - See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default "least_loaded") - enum: - - least_loaded - - first_available + description: |- + UnauthorizedAccessConfig configures access for un authorized users + + Deprecated, use unauthorizedUserAccessSpec instead + will be removed at v1.0 release + x-kubernetes-preserve-unknown-fields: true + unauthorizedUserAccessSpec: + description: UnauthorizedUserAccessSpec defines unauthorized_user + config section of vmauth config + properties: + default_url: + description: |- + DefaultURLs backend url for non-matching paths filter + usually used for default backend with error message + items: type: string - response_headers: + type: array + discover_backend_ips: + description: DiscoverBackendIPs instructs discovering URLPrefix + backend IPs via DNS. + type: boolean + drop_src_path_prefix_parts: + description: |- + DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. + See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. + type: integer + dump_request_on_errors: + description: |- + DumpRequestOnErrors instructs vmauth to return detailed request params to the client + if routing rules don't allow to forward request to the backends. + Useful for debugging `src_hosts` and `src_headers` based routing rules + + available since v1.107.0 vmauth version + type: boolean + headers: + description: |- + Headers represent additional http headers, that vmauth uses + in form of ["header_key: header_value"] + multiple values for header key: + ["header_key: value1,value2"] + it's available since 1.68.0 version of vmauth + items: + type: string + type: array + ip_filters: + description: |- + IPFilters defines per target src ip filters + supported only with enterprise version of [vmauth](https://docs.victoriametrics.com/vmauth/#ip-filters) + properties: + allow_list: + items: + type: string + type: array + deny_list: + items: + type: string + type: array + type: object + load_balancing_policy: + description: |- + LoadBalancingPolicy defines load balancing policy to use for backend urls. + Supported policies: least_loaded, first_available. + See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default "least_loaded") + enum: + - least_loaded + - first_available + type: string + max_concurrent_requests: + description: |- + MaxConcurrentRequests defines max concurrent requests per user + 300 is default value for vmauth + type: integer + metric_labels: + additionalProperties: + type: string + description: MetricLabels - additional labels for metrics exported + by vmauth for given user. + type: object + response_headers: + description: |- + ResponseHeaders represent additional http headers, that vmauth adds for request response + in form of ["header_key: header_value"] + multiple values for header key: + ["header_key: value1,value2"] + it's available since 1.93.0 version of vmauth + items: + type: string + type: array + retry_status_codes: + description: |- + RetryStatusCodes defines http status codes in numeric format for request retries + e.g. [429,503] + items: + type: integer + type: array + tlsConfig: + description: TLSConfig defines tls configuration for the backend + connection + properties: + ca: + description: Struct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: Path to the CA cert in the container to use for + the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: Path to the client cert file in the container + for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url_map: + items: description: |- - ResponseHeaders represent additional http headers, that vmauth adds for request response - in form of ["header_key: header_value"] - multiple values for header key: - ["header_key: value1,value2"] - it's available since 1.93.0 version of vmauth - items: - type: string - type: array - retry_status_codes: - description: |- - RetryStatusCodes defines http status codes in numeric format for request retries - Can be defined per target or at VMUser.spec level - e.g. [429,503] - items: - type: integer - type: array - src_headers: - description: SrcHeaders is an optional list of headers, which - must match request headers. - items: - type: string - type: array - src_hosts: - description: SrcHosts is an optional list of regular expressions, - which must match the request hostname. - items: - type: string - type: array - src_paths: - description: SrcPaths is an optional list of regular expressions, - which must match the request path. - items: - type: string - type: array - src_query_args: - description: SrcQueryArgs is an optional list of query args, - which must match request URL query args. - items: - type: string - type: array - url_prefix: - description: UrlPrefix contains backend url prefixes for the - proxied request url. - items: - type: string - type: array - type: object - type: array + UnauthorizedAccessConfigURLMap defines element of url_map routing configuration + For UnauthorizedAccessConfig and VMAuthUnauthorizedUserAccessSpec.URLMap + properties: + discover_backend_ips: + description: DiscoverBackendIPs instructs discovering URLPrefix + backend IPs via DNS. + type: boolean + drop_src_path_prefix_parts: + description: |- + DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. + See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. + type: integer + headers: + description: |- + RequestHeaders represent additional http headers, that vmauth uses + in form of ["header_key: header_value"] + multiple values for header key: + ["header_key: value1,value2"] + it's available since 1.68.0 version of vmauth + items: + type: string + type: array + load_balancing_policy: + description: |- + LoadBalancingPolicy defines load balancing policy to use for backend urls. + Supported policies: least_loaded, first_available. + See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default "least_loaded") + enum: + - least_loaded + - first_available + type: string + response_headers: + description: |- + ResponseHeaders represent additional http headers, that vmauth adds for request response + in form of ["header_key: header_value"] + multiple values for header key: + ["header_key: value1,value2"] + it's available since 1.93.0 version of vmauth + items: + type: string + type: array + retry_status_codes: + description: |- + RetryStatusCodes defines http status codes in numeric format for request retries + Can be defined per target or at VMUser.spec level + e.g. [429,503] + items: + type: integer + type: array + src_headers: + description: SrcHeaders is an optional list of headers, + which must match request headers. + items: + type: string + type: array + src_hosts: + description: SrcHosts is an optional list of regular expressions, + which must match the request hostname. + items: + type: string + type: array + src_paths: + description: SrcPaths is an optional list of regular expressions, + which must match the request path. + items: + type: string + type: array + src_query_args: + description: SrcQueryArgs is an optional list of query args, + which must match request URL query args. + items: + type: string + type: array + url_prefix: + description: |- + UrlPrefix contains backend url prefixes for the proxied request url. + URLPrefix defines prefix prefix for destination + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + url_prefix: + description: URLPrefix defines prefix prefix for destination + x-kubernetes-preserve-unknown-fields: true + type: object useDefaultResources: description: |- UseDefaultResources controls resource settings @@ -15376,10 +16216,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -15387,11 +16225,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -15425,16 +16261,84 @@ spec: x-kubernetes-preserve-unknown-fields: true type: array type: object + x-kubernetes-preserve-unknown-fields: true status: description: VMAuthStatus defines the observed state of VMAuth properties: + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer reason: - description: Reason defines fail reason for update process, effective - only for statefulMode + description: Reason defines human readable error reason type: string updateStatus: - description: UpdateStatus defines a status for update rollout, effective - only for statefulMode + description: UpdateStatus defines a status for update rollout type: string type: object type: object @@ -15447,19 +16351,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmclusters.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMCluster @@ -15485,7 +16379,7 @@ spec: name: Age type: date - description: Current status of cluster - jsonPath: .status.clusterStatus + jsonPath: .status.updateStatus name: Status type: string name: v1beta1 @@ -15543,9 +16437,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -15556,6 +16448,9 @@ spec: Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) properties: + forceOffline: + description: Enforce offline verification of the license key. + type: boolean key: description: |- Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). @@ -15576,9 +16471,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -15588,6 +16481,33 @@ spec: - key type: object x-kubernetes-map-type: atomic + reloadInterval: + description: Interval to be used for checking for license key + changes. Note that this is only applicable when using KeyRef. + type: string + type: object + managedMetadata: + description: |- + ManagedMetadata defines metadata that will be added to the all objects + created by operator for the given CustomResource + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Labels Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + type: object type: object paused: description: |- @@ -15600,6 +16520,25 @@ spec: distinct storage nodes format: int32 type: integer + requestsLoadBalancer: + description: |- + RequestsLoadBalancer configures load-balancing for vminsert and vmselect requests + it helps to evenly spread load across pods + usually it's not possible with kubernetes TCP based service + properties: + disableInsertBalancing: + type: boolean + disableSelectBalancing: + type: boolean + enabled: + type: boolean + spec: + description: |- + VMAuthLoadBalancerSpec defines configuration spec for VMAuth used as load-balancer + for VMCluster component + type: object + x-kubernetes-preserve-unknown-fields: true + type: object retentionPeriod: description: |- RetentionPeriod for the stored metrics @@ -15651,6 +16590,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator @@ -15685,9 +16632,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -15740,6 +16690,54 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array host_aliases: description: |- HostAliasesUnderScore provides mapping for ip and hostname, @@ -15829,9 +16827,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -15888,7 +16884,7 @@ spec: type: string minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -16005,11 +17001,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -16020,6 +17014,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -16293,10 +17293,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -16304,11 +17302,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -16343,6 +17339,8 @@ spec: type: array type: object vmselect: + description: VMSelect defines configuration section for vmselect components + of the victoria-metrics cluster properties: affinity: description: Affinity If specified, the pod's scheduling constraints. @@ -16572,7 +17570,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -16614,8 +17612,8 @@ spec: as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not - be used.\n\n\nClaimResourceStatus can be in any of - following states:\n\t- ControllerResizeInProgress:\n\t\tState + be used.\n\nClaimResourceStatus can be in any of following + states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -16635,14 +17633,14 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC - update with previously unknown resourceName or ClaimResourceStatus\nshould + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated - with PVC.\n\n\nThis is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature." + with PVC.\n\nThis is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." type: object x-kubernetes-map-type: granular allocatedResources: @@ -16661,8 +17659,8 @@ spec: as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not - be used.\n\n\nCapacity reported here may be larger - than the actual capacity when a volume expansion operation\nis + be used.\n\nCapacity reported here may be larger than + the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources @@ -16670,15 +17668,14 @@ spec: expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis - equal or lower than the requested capacity.\n\n\nA - controller that receives PVC update with previously - unknown resourceName\nshould ignore the update for - the purpose it was designed. For example - a controller - that\nonly is responsible for resizing capacity of - the volume, should ignore PVC updates that change - other valid\nresources associated with PVC.\n\n\nThis - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." + equal or lower than the requested capacity.\n\nA controller + that receives PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. + For example - a controller that\nonly is responsible + for resizing capacity of the volume, should ignore + PVC updates that change other valid\nresources associated + with PVC.\n\nThis is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." type: object capacity: additionalProperties: @@ -16719,10 +17716,15 @@ spec: persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status @@ -16736,13 +17738,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -16798,6 +17800,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator @@ -16832,9 +17842,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -16887,6 +17900,54 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array host_aliases: description: |- HostAliasesUnderScore provides mapping for ip and hostname, @@ -16977,9 +18038,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -17020,7 +18079,7 @@ spec: type: string minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -17179,11 +18238,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -17194,6 +18251,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -17601,7 +18664,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -17643,7 +18706,7 @@ spec: names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\n\nClaimResourceStatus + and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState @@ -17664,14 +18727,14 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress - for the given PVC.\n\n\nA controller that receives + for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with - PVC.\n\n\nThis is an alpha field and requires enabling + PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object x-kubernetes-map-type: granular @@ -17691,7 +18754,7 @@ spec: names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\n\nCapacity reported + and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources @@ -17701,13 +18764,13 @@ spec: request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower - than the requested capacity.\n\n\nA controller that + than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated - with PVC.\n\n\nThis is an alpha field and requires + with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object capacity: @@ -17750,10 +18813,15 @@ spec: persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status @@ -17767,13 +18835,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -17912,10 +18980,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -17923,11 +18989,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -18186,7 +19250,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -18228,8 +19292,8 @@ spec: as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not - be used.\n\n\nClaimResourceStatus can be in any of - following states:\n\t- ControllerResizeInProgress:\n\t\tState + be used.\n\nClaimResourceStatus can be in any of following + states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -18249,14 +19313,14 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC - update with previously unknown resourceName or ClaimResourceStatus\nshould + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated - with PVC.\n\n\nThis is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature." + with PVC.\n\nThis is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." type: object x-kubernetes-map-type: granular allocatedResources: @@ -18275,8 +19339,8 @@ spec: as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not - be used.\n\n\nCapacity reported here may be larger - than the actual capacity when a volume expansion operation\nis + be used.\n\nCapacity reported here may be larger than + the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources @@ -18284,15 +19348,14 @@ spec: expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis - equal or lower than the requested capacity.\n\n\nA - controller that receives PVC update with previously - unknown resourceName\nshould ignore the update for - the purpose it was designed. For example - a controller - that\nonly is responsible for resizing capacity of - the volume, should ignore PVC updates that change - other valid\nresources associated with PVC.\n\n\nThis - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." + equal or lower than the requested capacity.\n\nA controller + that receives PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. + For example - a controller that\nonly is responsible + for resizing capacity of the volume, should ignore + PVC updates that change other valid\nresources associated + with PVC.\n\nThis is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." type: object capacity: additionalProperties: @@ -18333,10 +19396,15 @@ spec: persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status @@ -18350,13 +19418,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -18407,6 +19475,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator @@ -18441,9 +19517,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -18496,6 +19575,54 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array host_aliases: description: |- HostAliasesUnderScore provides mapping for ip and hostname, @@ -18580,9 +19707,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -18640,7 +19765,7 @@ spec: type: array minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -18757,11 +19882,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -18772,6 +19895,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -19047,9 +20176,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -19128,9 +20255,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -19196,9 +20321,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -19213,6 +20336,56 @@ spec: - name type: object type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array image: description: Image - docker image settings for VMBackuper properties: @@ -19257,11 +20430,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -19272,6 +20443,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -19362,10 +20539,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -19373,11 +20548,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -19439,10 +20612,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -19450,11 +20621,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -19495,18 +20664,84 @@ spec: description: VMClusterStatus defines the observed state of VMCluster properties: clusterStatus: - description: UpdateStatus defines status for application + description: LegacyStatus is deprecated and will be removed at v0.52.0 + version type: string - lastSync: - description: Deprecated. - type: string - reason: - type: string - updateFailCount: - description: Deprecated. + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 type: integer - required: - - updateFailCount + reason: + description: Reason defines human readable error reason + type: string + updateStatus: + description: UpdateStatus defines a status for update rollout + type: string type: object required: - spec @@ -19520,7 +20755,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmnodescrapes.operator.victoriametrics.com spec: group: operator.victoriametrics.com @@ -19535,10 +20770,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -19586,9 +20821,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -19625,9 +20858,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -19658,9 +20889,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -19692,9 +20921,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -19820,9 +21047,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -19846,9 +21071,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -19873,9 +21096,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -19893,11 +21114,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -20009,6 +21242,8 @@ spec: enum: - http - https + - HTTPS + - HTTP type: string scrape_interval: description: |- @@ -20080,7 +21315,7 @@ spec: description: TLSConfig configuration to use when scraping the endpoint properties: ca: - description: Stuct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -20095,9 +21330,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -20121,9 +21354,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20154,9 +21385,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -20180,9 +21409,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20218,9 +21445,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -20245,7 +21470,7 @@ spec: description: |- disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets - could be re-used. + could be reused. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements type: boolean headers: @@ -20285,9 +21510,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -20318,9 +21541,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -20345,9 +21566,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20360,170 +21579,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration parameters. - properties: - ca: - description: Stuct containing the CA cert to use for the - targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to use - for the targets. - type: string - cert: - description: Struct containing the client cert file for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object scrape_align_interval: type: string @@ -20536,12 +21592,80 @@ spec: status: description: ScrapeObjectStatus defines the observed state of ScrapeObjects properties: - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines update status of resource + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object type: object @@ -20554,7 +21678,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmpodscrapes.operator.victoriametrics.com spec: group: operator.victoriametrics.com @@ -20569,10 +21693,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -20664,9 +21788,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20703,9 +21825,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20736,9 +21856,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20770,9 +21888,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20904,9 +22020,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -20930,9 +22044,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -20957,9 +22069,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20978,11 +22088,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -21004,6 +22126,13 @@ spec: port: description: Name of the port exposed at Pod. type: string + portNumber: + description: PortNumber defines the `Pod` port number which + exposes the endpoint. + format: int32 + maximum: 65535 + minimum: 1 + type: integer proxyURL: description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. @@ -21095,6 +22224,8 @@ spec: enum: - http - https + - HTTPS + - HTTP type: string scrape_interval: description: |- @@ -21115,15 +22246,15 @@ spec: - type: integer - type: string description: |- - TargetPort - Name or number of the pod port this endpoint refers to. Mutually exclusive with port. + TargetPort defines name or number of the pod port this endpoint refers to. + Mutually exclusive with Port and PortNumber. x-kubernetes-int-or-string: true tlsConfig: description: TLSConfig configuration to use when scraping the endpoint properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -21140,9 +22271,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -21166,9 +22295,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -21201,9 +22328,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -21227,9 +22352,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -21266,9 +22389,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -21293,7 +22414,7 @@ spec: description: |- disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets - could be re-used. + could be reused. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements type: boolean headers: @@ -21333,9 +22454,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -21366,9 +22485,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -21393,9 +22510,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -21408,172 +22523,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration - parameters. - properties: - ca: - description: Stuct containing the CA cert to use - for the targets. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container - to use for the targets. - type: string - cert: - description: Struct containing the client cert file - for the targets. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the - container for the targets. - type: string - keySecret: - description: Secret containing the client key file - for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object scrape_align_interval: type: string @@ -21653,12 +22603,80 @@ spec: status: description: ScrapeObjectStatus defines the observed state of ScrapeObjects properties: - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines update status of resource + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object type: object @@ -21671,7 +22689,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmprobes.operator.victoriametrics.com spec: group: operator.victoriametrics.com @@ -21686,10 +22704,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -21737,9 +22755,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -21776,9 +22792,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -21809,9 +22823,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -21843,9 +22855,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -21977,9 +22987,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -22003,9 +23011,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22030,9 +23036,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -22050,11 +23054,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -22087,6 +23103,8 @@ spec: enum: - http - https + - HTTPS + - HTTP type: string scrape_interval: description: |- @@ -22349,7 +23367,7 @@ spec: description: TLSConfig configuration to use when scraping the endpoint properties: ca: - description: Stuct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -22364,9 +23382,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -22390,9 +23406,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22423,9 +23437,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -22449,9 +23461,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22487,9 +23497,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -22514,7 +23522,7 @@ spec: description: |- disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets - could be re-used. + could be reused. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements type: boolean headers: @@ -22554,9 +23562,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -22587,9 +23593,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -22614,9 +23618,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22629,170 +23631,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration parameters. - properties: - ca: - description: Stuct containing the CA cert to use for the - targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to use - for the targets. - type: string - cert: - description: Struct containing the client cert file for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object scrape_align_interval: type: string @@ -22831,12 +23670,80 @@ spec: status: description: ScrapeObjectStatus defines the observed state of ScrapeObjects properties: - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines update status of resource + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object required: @@ -22851,19 +23758,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmrules.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMRule @@ -22876,10 +23773,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -23050,7 +23947,7 @@ spec: type: description: |- Type defines datasource type for enterprise version of vmalert - possible values - prometheus,graphite + possible values - prometheus,graphite,vlogs type: string required: - name @@ -23063,12 +23960,80 @@ spec: status: description: VMRuleStatus defines the observed state of VMRule properties: - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines CRD processing status + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object required: @@ -23083,7 +24048,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmscrapeconfigs.operator.victoriametrics.com spec: group: operator.victoriametrics.com @@ -23098,10 +24063,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -23147,9 +24112,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -23201,9 +24164,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -23257,9 +24218,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -23290,9 +24249,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -23324,9 +24281,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -23365,9 +24320,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -23403,9 +24356,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -23436,9 +24387,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -23453,6 +24402,11 @@ spec: description: Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter. type: string + filter: + description: |- + Filter defines filter for /v1/catalog/services requests + See https://developer.hashicorp.com/consul/api-docs/features/filtering + type: string followRedirects: description: |- Configure whether HTTP requests follow HTTP 3xx redirects. @@ -23489,9 +24443,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -23515,9 +24467,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -23542,9 +24492,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -23563,11 +24511,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -23604,9 +24564,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -23637,9 +24595,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -23664,9 +24620,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -23679,171 +24633,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration - parameters. - properties: - ca: - description: Stuct containing the CA cert to use for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to - use for the targets. - type: string - cert: - description: Struct containing the client cert file - for the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object proxyURL: description: ProxyURL eg http://proxyserver:2195 Directs scrapes @@ -23883,7 +24673,7 @@ spec: description: TLS configuration to use on every scrape request properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -23900,9 +24690,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -23926,9 +24714,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -23961,9 +24747,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -23987,9 +24771,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -24026,9 +24808,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24057,9 +24837,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24099,9 +24877,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24143,9 +24919,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -24169,9 +24943,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -24196,9 +24968,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24217,11 +24987,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -24258,9 +25040,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -24291,9 +25071,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -24318,9 +25096,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24333,171 +25109,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration - parameters. - properties: - ca: - description: Stuct containing the CA cert to use for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to - use for the targets. - type: string - cert: - description: Struct containing the client cert file - for the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object proxyURL: description: ProxyURL eg http://proxyserver:2195 Directs scrapes @@ -24507,7 +25119,7 @@ spec: description: TLS configuration to use on every scrape request properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -24524,9 +25136,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -24550,9 +25160,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -24585,9 +25193,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -24611,9 +25217,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -24650,9 +25254,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24723,9 +25325,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24781,9 +25381,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24826,7 +25424,6 @@ spec: the public IP address with relabeling. See [here](https://docs.victoriametrics.com/sd_configs#gce_sd_configs) - The GCE service discovery will load the Google Cloud credentials from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform @@ -24853,8 +25450,7 @@ spec: zone: description: The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs. - minLength: 1 - type: string + x-kubernetes-preserve-unknown-fields: true required: - project - zone @@ -24893,9 +25489,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24931,9 +25525,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24964,9 +25556,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25002,9 +25592,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25035,9 +25623,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25062,9 +25648,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25077,171 +25661,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration - parameters. - properties: - ca: - description: Stuct containing the CA cert to use for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to - use for the targets. - type: string - cert: - description: Struct containing the client cert file - for the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object proxyURL: description: ProxyURL eg http://proxyserver:2195 Directs scrapes @@ -25251,7 +25671,7 @@ spec: description: TLS configuration to use on every scrape request properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -25268,9 +25688,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -25294,9 +25712,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25329,9 +25745,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -25355,9 +25769,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25394,9 +25806,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25465,9 +25875,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25503,9 +25911,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25536,9 +25942,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25590,9 +25994,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -25616,9 +26018,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25643,9 +26043,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25664,11 +26062,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -25702,9 +26112,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25735,9 +26143,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25762,9 +26168,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25777,171 +26181,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration - parameters. - properties: - ca: - description: Stuct containing the CA cert to use for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to - use for the targets. - type: string - cert: - description: Struct containing the client cert file - for the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object proxyURL: description: ProxyURL eg http://proxyserver:2195 Directs scrapes @@ -25973,7 +26213,7 @@ spec: description: TLS configuration to use on every scrape request properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -25990,9 +26230,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -26016,9 +26254,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -26051,9 +26287,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -26077,9 +26311,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -26116,9 +26348,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -26236,9 +26466,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -26262,9 +26490,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -26289,9 +26515,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -26309,11 +26533,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -26361,9 +26597,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -26412,9 +26646,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -26455,7 +26687,7 @@ spec: description: TLS configuration to use on every scrape request properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -26472,9 +26704,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -26498,9 +26728,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -26533,9 +26761,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -26559,9 +26785,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -26598,9 +26822,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -26729,6 +26951,8 @@ spec: enum: - http - https + - HTTPS + - HTTP type: string scrape_interval: description: |- @@ -26770,7 +26994,7 @@ spec: description: TLSConfig configuration to use when scraping the endpoint properties: ca: - description: Stuct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -26785,9 +27009,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -26811,9 +27033,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -26844,9 +27064,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -26870,9 +27088,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -26908,9 +27124,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -26935,7 +27149,7 @@ spec: description: |- disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets - could be re-used. + could be reused. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements type: boolean headers: @@ -26975,9 +27189,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -27008,9 +27220,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -27035,9 +27245,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27050,170 +27258,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration parameters. - properties: - ca: - description: Stuct containing the CA cert to use for the - targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to use - for the targets. - type: string - cert: - description: Struct containing the client cert file for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object scrape_align_interval: type: string @@ -27226,12 +27271,80 @@ spec: status: description: ScrapeObjectStatus defines the observed state of ScrapeObjects properties: - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines update status of resource + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object type: object @@ -27244,7 +27357,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmservicescrapes.operator.victoriametrics.com spec: group: operator.victoriametrics.com @@ -27259,10 +27372,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -27348,9 +27461,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27387,9 +27498,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27420,9 +27529,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27454,9 +27561,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27582,9 +27687,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -27608,9 +27711,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -27635,9 +27736,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27656,11 +27755,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -27773,6 +27884,8 @@ spec: enum: - http - https + - HTTPS + - HTTP type: string scrape_interval: description: |- @@ -27801,7 +27914,7 @@ spec: endpoint properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -27818,9 +27931,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -27844,9 +27955,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -27879,9 +27988,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -27905,9 +28012,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -27944,9 +28049,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27971,7 +28074,7 @@ spec: description: |- disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets - could be re-used. + could be reused. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements type: boolean headers: @@ -28011,9 +28114,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -28044,9 +28145,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -28071,9 +28170,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -28086,172 +28183,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration - parameters. - properties: - ca: - description: Stuct containing the CA cert to use - for the targets. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container - to use for the targets. - type: string - cert: - description: Struct containing the client cert file - for the targets. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the - container for the targets. - type: string - keySecret: - description: Secret containing the client key file - for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object scrape_align_interval: type: string @@ -28356,12 +28288,80 @@ spec: status: description: ScrapeObjectStatus defines the observed state of ScrapeObjects properties: - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines update status of resource + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object required: @@ -28376,19 +28376,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmsingles.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMSingle @@ -28399,9 +28389,12 @@ spec: versions: - additionalPrinterColumns: - description: Current status of single node update process - jsonPath: .status.singleStatus + jsonPath: .status.updateStatus name: Status type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1beta1 schema: openAPIV3Schema: @@ -28451,6 +28444,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator @@ -28485,9 +28486,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -28538,6 +28542,53 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array host_aliases: description: |- HostAliasesUnderScore provides mapping for ip and hostname, @@ -28622,9 +28673,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -28664,6 +28713,9 @@ spec: Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) properties: + forceOffline: + description: Enforce offline verification of the license key. + type: boolean key: description: |- Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). @@ -28684,9 +28736,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -28696,6 +28746,10 @@ spec: - key type: object x-kubernetes-map-type: atomic + reloadInterval: + description: Interval to be used for checking for license key + changes. Note that this is only applicable when using KeyRef. + type: string type: object livenessProbe: description: LivenessProbe that will be added CRD pod @@ -28717,9 +28771,32 @@ spec: - FATAL - PANIC type: string + managedMetadata: + description: |- + ManagedMetadata defines metadata that will be added to the all objects + created by operator for the given CustomResource + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Labels Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + type: object + type: object minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -28810,11 +28887,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -28825,6 +28900,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -28962,6 +29043,7 @@ spec: description: |- Storage is the definition of how storage will be used by the VMSingle by default it`s empty dir + this option is ignored if storageDataPath is set properties: accessModes: description: |- @@ -29145,7 +29227,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -29161,6 +29243,7 @@ spec: description: |- StorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary --storageDataPath, its users responsibility to mount proper device into given path. + It requires to provide spec.volumes and spec.volumeMounts with at least 1 value type: string storageMetadata: description: StorageMeta defines annotations and labels attached to @@ -29211,9 +29294,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key must @@ -29236,6 +29317,10 @@ spec: items: type: string type: array + enableWindows: + description: EnableWindows enables aggregating data in separate + windows ( available from v0.54.0). + type: boolean ignoreFirstIntervals: description: IgnoreFirstIntervals instructs to ignore first interval type: integer @@ -29256,10 +29341,8 @@ spec: description: |- By is an optional list of labels for grouping input series. - See also Without. - If neither By nor Without are set, then the Outputs are calculated individually per each input time series. items: @@ -29272,11 +29355,14 @@ spec: description: |- DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples. - Labels are dropped before de-duplication and aggregation. items: type: string type: array + enable_windows: + description: EnableWindows enables aggregating data in separate + windows + type: boolean flush_on_shutdown: description: |- FlushOnShutdown defines whether to flush the aggregation state on process termination @@ -29379,7 +29465,6 @@ spec: description: |- Match is a label selector (or list of label selectors) for filtering time series for the given selector. - If the match isn't set, then all the input time series are processed. x-kubernetes-preserve-unknown-fields: true no_align_flush_to_interval: @@ -29469,10 +29554,8 @@ spec: description: |- Outputs is a list of output aggregate functions to produce. - The following names are allowed: - - total - aggregates input counters - increase - counts the increase over input counters - count_series - counts the input series @@ -29487,10 +29570,8 @@ spec: - histogram_bucket - creates VictoriaMetrics histogram for input samples - quantiles(phi1, ..., phiN) - quantiles' estimation for phi in the range [0..1] - The output time series will have the following names: - input_name:aggr__ items: type: string @@ -29504,10 +29585,8 @@ spec: description: |- Without is an optional list of labels, which must be excluded when grouping input series. - See also By. - If neither By nor Without are set, then the Outputs are calculated individually per each input time series. items: @@ -29621,9 +29700,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -29701,9 +29778,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -29769,9 +29844,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -29786,6 +29859,54 @@ spec: - name type: object type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array image: description: Image - docker image settings for VMBackuper properties: @@ -29830,11 +29951,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -29845,6 +29964,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -29933,10 +30058,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -29944,11 +30067,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -30004,10 +30125,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -30015,11 +30134,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -30058,32 +30175,85 @@ spec: status: description: VMSingleStatus defines the observed state of VMSingle properties: - availableReplicas: - description: AvailableReplicas Total number of available pods (ready - for at least minReadySeconds) targeted by this VMSingle. - format: int32 + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 type: integer reason: - description: Reason defines a reason in case of update failure + description: Reason defines human readable error reason type: string - replicas: - description: ReplicaCount Total number of non-terminated pods targeted - by this VMSingle. - format: int32 - type: integer singleStatus: - description: UpdateStatus defines a status of single node rollout + description: LegacyStatus is deprecated and will be removed at v0.52.0 + version + type: string + updateStatus: + description: UpdateStatus defines a status for update rollout type: string - unavailableReplicas: - description: UnavailableReplicas Total number of unavailable pods - targeted by this VMSingle. - format: int32 - type: integer - updatedReplicas: - description: UpdatedReplicas Total number of non-terminated pods targeted - by this VMSingle. - format: int32 - type: integer type: object type: object served: true @@ -30095,7 +30265,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmstaticscrapes.operator.victoriametrics.com spec: group: operator.victoriametrics.com @@ -30110,10 +30280,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -30177,9 +30347,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -30216,9 +30384,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -30249,9 +30415,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -30283,9 +30447,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -30416,9 +30578,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -30442,9 +30602,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -30469,9 +30627,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -30490,11 +30646,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -30604,6 +30772,8 @@ spec: enum: - http - https + - HTTPS + - HTTP type: string scrape_interval: description: |- @@ -30630,7 +30800,7 @@ spec: endpoint properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -30647,9 +30817,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -30673,9 +30841,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -30708,9 +30874,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -30734,9 +30898,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -30773,9 +30935,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -30800,7 +30960,7 @@ spec: description: |- disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets - could be re-used. + could be reused. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements type: boolean headers: @@ -30840,9 +31000,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -30873,9 +31031,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -30900,9 +31056,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -30915,172 +31069,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration - parameters. - properties: - ca: - description: Stuct containing the CA cert to use - for the targets. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container - to use for the targets. - type: string - cert: - description: Struct containing the client cert file - for the targets. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the - container for the targets. - type: string - keySecret: - description: Secret containing the client key file - for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object scrape_align_interval: type: string @@ -31099,12 +31088,80 @@ spec: status: description: ScrapeObjectStatus defines the observed state of ScrapeObjects properties: - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines update status of resource + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object type: object @@ -31117,19 +31174,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmusers.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMUser @@ -31142,10 +31189,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -31197,6 +31244,14 @@ spec: DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. type: integer + dump_request_on_errors: + description: |- + DumpRequestOnErrors instructs vmauth to return detailed request params to the client + if routing rules don't allow to forward request to the backends. + Useful for debugging `src_hosts` and `src_headers` based routing rules + + available since v1.107.0 vmauth version + type: boolean generatePassword: description: |- GeneratePassword instructs operator to generate password for user @@ -31268,9 +31323,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -31318,6 +31371,7 @@ spec: - VMAgent - VMAlert - VMSingle + - VLogs - VMAlertManager - VMAlertmanager - VMCluster/vmselect @@ -31444,9 +31498,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -31473,9 +31525,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -31492,10 +31542,10 @@ spec: type: object type: array tlsConfig: - description: TLSConfig specifies TLSConfig configuration parameters. + description: TLSConfig defines tls configuration for the backend connection properties: ca: - description: Stuct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -31510,9 +31560,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -31536,9 +31584,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -31569,9 +31615,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -31595,9 +31639,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -31633,9 +31675,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -31664,9 +31704,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -31686,13 +31724,80 @@ spec: status: description: VMUserStatus defines the observed state of VMUser properties: - lastSyncError: + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: description: |- - LastSyncError contains error message for unsuccessful config generation - for given user + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines update status of resource + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object type: object diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/crds/values.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/crds/values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/.helmignore b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/.helmignore index 50af0317..2ccbd54f 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/.helmignore +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/.helmignore @@ -20,3 +20,5 @@ .idea/ *.tmproj .vscode/ +*.md +*.md.gotmpl diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/CHANGELOG.md b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/CHANGELOG.md deleted file mode 100644 index f2142b1b..00000000 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/CHANGELOG.md +++ /dev/null @@ -1,159 +0,0 @@ -# CHANGELOG for `victoria-metrics-common` helm-chart - -## Next release - -- TODO - -## 0.0.16 - -**Release date:** 2024-10-15 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Allow extract name prefix from app level fullnameOverride property - -## 0.0.15 - -**Release date:** 2024-10-11 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Display compatibility error message - -## 0.0.14 - -**Release date:** 2024-10-04 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Fixed openshift compatibility templates - -## 0.0.13 - -**Release date:** 2024-09-16 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Do not use image variant if custom image tag is set in `vm.image` template -- Support multiple license flag styles, which are different for vmanomaly and other services - -## 0.0.12 - -**Release date:** 2024-09-16 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Add enterprise to existing variant if enterprise enabled -- Added `vm.enterprise.disabled` template to check if enterprise license is disabled -- Use `service.servicePort` as a port source if flag is not set in `vm.url` - -## 0.0.11 - -**Release date:** 2024-09-11 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Added ability to pass extra prefix for `vm.managed.fullname` - -## 0.0.10 - -**Release date:** 2024-09-10 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Fixed protocol extraction with TLS enabled -- Typo fixes -- use appkey as `app` label by default -- support multiple service naming styles for `vm.service` - -## 0.0.9 - -**Release date:** 2024-09-02 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Allow `appKey` argument to be a list to support deeply nested objects -- Added `vm.namespace`, which returns `namespaceOverride` or `global.namespaceOverride` or `Release.Namespace` as a default -- Added `vm.managed.fullname`, which returns default fullname prefixed by `appKey` -- Added `vm.plain.fullname`, which returns default fullname suffixed by `appKey` - -## 0.0.8 - -**Release date:** 2024-08-29 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Added `vm.service` for unified service name generation -- Added `vm.url` to construct service base url -- Added `vm.name` for chart name -- Added `vm.fullname` which is actively used in resource name construction -- Added `vm.chart` to construct chart name label value -- Added `vm.labels` for common labels -- Added `vm.sa` for service account name -- Added `vm.release` for release name -- Added `vm.selectorLabels` for common selector labels - -## 0.0.7 - -**Release date:** 2024-08-27 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Support short and long args flags in `vm.args` -- Updated `vm.enterprise.only` error message - -## 0.0.6 - -**Release date:** 2024-08-27 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Changed structure of `vm.args` template output -- Removed `eula` support - -## 0.0.5 - -**Release date:** 2024-08-26 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Fixed `vm.enterprise.only` template to check if at least one of both global.licence.eula and .Values.license.eula are defined -- Convert `vm.args` bool `true` values to flags without values - -## 0.0.4 - -**Release date:** 2024-08-26 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Updated `vm.probe.*` templates to remove Helm 3.14 restriction. -- Added `vm.args` template for cmd args generation - -## 0.0.3 - -**Release date:** 2024-08-25 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Moved license templates from other charts `vm.license.volume`, `vm.license.mount`, `vm.license.flag` -- Moved `vm.compatibility.renderSecurityContext` template -- Fixed a case, when null is passed to a `.Values.global`. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1296) - -## 0.0.2 - -**Release date:** 2024-08-23 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Added `vm.port.from.flag` template to extract port from cmd flag listen address. - -## 0.0.1 - -**Release date:** 2024-08-15 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Added `vm.enterprise.only` template to fail rendering if required license arguments weren't set. -- Added `vm.image` template that introduces common chart logic of how to build image name from application variables. -- Added `vm.ingress.port` template to render properly tngress port configuration depending on args type. -- Added `vm.probe.*` templates to render probes params consistently across all templates. diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/Chart.lock b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/Chart.lock index 6f0b69b5..7d366f4c 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/Chart.lock +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/Chart.lock @@ -1,3 +1,3 @@ dependencies: [] digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726 -generated: "2024-10-15T17:49:14.591209997Z" +generated: "2024-11-13T12:10:17.363248379Z" diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/Chart.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/Chart.yaml index 65339e2a..a90e9d6e 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/Chart.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/Chart.yaml @@ -1,11 +1,11 @@ annotations: artifacthub.io/category: monitoring-logging artifacthub.io/changes: | - - Allow extract name prefix from app level fullnameOverride property + - Support custom case for list empty argument. artifacthub.io/license: Apache-2.0 artifacthub.io/links: | - name: Sources - url: https://github.com/VictoriaMetrics/helm-charts + url: https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-common - name: Charts repo url: https://victoriametrics.github.io/helm-charts/ apiVersion: v2 @@ -25,4 +25,4 @@ name: victoria-metrics-common sources: - https://github.com/VictoriaMetrics/helm-charts type: library -version: 0.0.16 +version: 0.0.42 diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/RELEASE_NOTES b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/RELEASE_NOTES new file mode 100644 index 00000000..6de533d6 --- /dev/null +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/RELEASE_NOTES @@ -0,0 +1,7 @@ +# Release notes for version 0.0.42 + +**Release date:** 19 Mar 2025 + +![Helm: v3](https://img.shields.io/badge/Helm-v3.14%2B-informational?color=informational&logo=helm&link=https%3A%2F%2Fgithub.com%2Fhelm%2Fhelm%2Freleases%2Ftag%2Fv3.14.0) + +- Support custom case for list empty argument. diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/RELEASE_NOTES.md b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/RELEASE_NOTES.md deleted file mode 100644 index 3d9209af..00000000 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/RELEASE_NOTES.md +++ /dev/null @@ -1,7 +0,0 @@ -# Release notes for version 0.0.16 - -**Release date:** 2024-10-15 - -![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) - -- Allow extract name prefix from app level fullnameOverride property diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_enterprise.tpl b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_enterprise.tpl index 7c555348..1890e499 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_enterprise.tpl +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_enterprise.tpl @@ -1,11 +1,23 @@ {{- define "vm.license.secret.key" -}} {{- $Values := (.helm).Values | default .Values -}} - {{- (($Values.license).secret).key | default ((($Values.global).license).secret).key | default "" -}} + {{- $plain := (($Values.license).secret).key | default ((($Values.global).license).secret).key -}} + {{- $managed := (($Values.license).keyRef).key | default ((($Values.global).license).keyRef).key }} + {{- if $plain -}} + {{- $plain -}} + {{- else if $managed -}} + {{- $managed -}} + {{- end -}} {{- end -}} {{- define "vm.license.secret.name" -}} {{- $Values := (.helm).Values | default .Values -}} - {{- (($Values.license).secret).name | default ((($Values.global).license).secret).name | default "" -}} + {{- $plain := (($Values.license).secret).name | default ((($Values.global).license).secret).name -}} + {{- $managed := (($Values.license).keyRef).name | default ((($Values.global).license).keyRef).name -}} + {{- if $plain -}} + {{- $plain -}} + {{- else if $managed -}} + {{- $managed -}} + {{- end -}} {{- end -}} {{- define "vm.license.key" -}} @@ -17,7 +29,7 @@ {{- $licenseKey := (include "vm.license.key" .) -}} {{- $licenseSecretKey := (include "vm.license.secret.key" .) -}} {{- $licenseSecretName := (include "vm.license.secret.name" .) -}} - {{- and (empty $licenseKey) (and (empty $licenseSecretName) (empty $licenseSecretKey)) -}} + {{- or .noEnterprise (and (empty $licenseKey) (and (empty $licenseSecretName) (empty $licenseSecretKey))) -}} {{- end -}} {{- define "vm.enterprise.only" -}} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_helpers.tpl b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_helpers.tpl index e6d27de1..7983440f 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_helpers.tpl +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_helpers.tpl @@ -1,15 +1,16 @@ {{- define "vm.namespace" -}} + {{- include "vm.validate.args" . -}} {{- $Release := (.helm).Release | default .Release -}} {{- $Values := (.helm).Values | default .Values -}} - {{- $Capabilities := (.helm).Capabilities | default .Capabilities -}} - {{- if semverCompare "<3.14.0" $Capabilities.HelmVersion.Version }} - {{- fail "This chart requires helm version 3.14.0 or higher" }} - {{- end }} {{- $Values.namespaceOverride | default ($Values.global).namespaceOverride | default $Release.Namespace -}} {{- end -}} {{- define "vm.validate.args" -}} {{- $Chart := (.helm).Chart | default .Chart -}} + {{- $Capabilities := (.helm).Capabilities | default .Capabilities -}} + {{- if semverCompare "<3.14.0" $Capabilities.HelmVersion.Version }} + {{- fail "This chart requires helm version 3.14.0 or higher" }} + {{- end }} {{- if empty $Chart -}} {{- fail "invalid template data" -}} {{- end -}} @@ -20,7 +21,12 @@ {{- include "vm.validate.args" . -}} {{- $Chart := (.helm).Chart | default .Chart -}} {{- $Values := (.helm).Values | default .Values -}} - {{- $Values.nameOverride | default ($Values.global).nameOverride | default $Chart.Name | trunc 63 | trimSuffix "-" }} + {{- $nameOverride := $Values.nameOverride | default ($Values.global).nameOverride | default $Chart.Name -}} + {{- if or ($Values.global).disableNameTruncation $Values.disableNameTruncation -}} + {{- $nameOverride -}} + {{- else -}} + {{- $nameOverride | trunc 63 | trimSuffix "-" -}} + {{- end -}} {{- end -}} {{- /* @@ -34,88 +40,127 @@ If release name contains chart name it will be used as a full name. {{- $Chart := (.helm).Chart | default .Chart -}} {{- $Release := (.helm).Release | default .Release -}} {{- $fullname := "" -}} - {{- if .appKey -}} - {{- $appKey := ternary (list .appKey) .appKey (kindIs "string" .appKey) -}} - {{- $values := $Values -}} - {{- $global := (index $Values.global $Chart.Name) | default dict -}} - {{- range $ak := $appKey }} - {{- if $values -}} - {{- $values = (index $values $ak) | default dict -}} - {{- end -}} - {{- if $global -}} - {{- $global = (index $global $ak) | default dict -}} - {{- end -}} - {{- if and (kindIs "map" $values) $values.name -}} - {{- $fullname = $values.name -}} - {{- else if and (kindIs "map" $values) $values.fullnameOverride -}} - {{- $fullname = $values.fullnameOverride -}} - {{- else if and (kindIs "map" $global) $global.name -}} - {{- $fullname = $global.name -}} - {{- end -}} - {{- end }} - {{- end -}} - {{- if empty $fullname -}} - {{- if $Values.fullnameOverride -}} - {{- $fullname = $Values.fullnameOverride -}} - {{- else if (dig $Chart.Name "fullnameOverride" "" ($Values.global)) -}} - {{- $fullname = (dig $Chart.Name "fullnameOverride" "" ($Values.global)) -}} - {{- else if ($Values.global).fullnameOverride -}} - {{- $fullname = $Values.global.fullnameOverride -}} + {{- if $Values.fullnameOverride -}} + {{- $fullname = $Values.fullnameOverride -}} + {{- else if ($Values.global).fullnameOverride -}} + {{- $fullname = $Values.global.fullnameOverride -}} + {{- else -}} + {{- $name := default $Chart.Name $Values.nameOverride -}} + {{- if contains $name $Release.Name -}} + {{- $fullname = $Release.Name -}} {{- else -}} - {{- $name := default $Chart.Name $Values.nameOverride -}} - {{- if contains $name $Release.Name -}} - {{- $fullname = $Release.Name -}} - {{- else -}} - {{- $fullname = (printf "%s-%s" $Release.Name $name) }} - {{- end -}} + {{- $fullname = (printf "%s-%s" $Release.Name $name) }} {{- end -}} {{- end -}} - {{- with .prefix -}} - {{- $fullname = printf "%s-%s" . $fullname -}} + {{- $fullname = tpl $fullname . -}} + {{- if or ($Values.global).disableNameTruncation $Values.disableNameTruncation -}} + {{- $fullname -}} + {{- else -}} + {{- $fullname | trunc 63 | trimSuffix "-" -}} {{- end -}} - {{- with .suffix -}} - {{- $fullname = printf "%s-%s" $fullname . -}} - {{- end -}} - {{- $fullname | trunc 63 | trimSuffix "-" -}} {{- end }} +{{- define "vm.cr.fullname" -}} + {{- $Values := (.helm).Values | default .Values -}} + {{- $_ := set . "overrideKey" "name" -}} + {{- $fullname := include "vm.internal.key" . -}} + {{- $_ := unset . "overrideKey" -}} + {{- if empty $fullname -}} + {{- $fullname = include "vm.fullname" . -}} + {{- end -}} + {{- $fullname = tpl $fullname . -}} + {{- if or ($Values.global).disableNameTruncation $Values.disableNameTruncation -}} + {{- $fullname -}} + {{- else -}} + {{- $fullname | trunc 63 | trimSuffix "-" -}} + {{- end -}} +{{- end -}} + {{- define "vm.managed.fullname" -}} - {{- $prefix := .appKey -}} - {{- $oldPrefix := .prefix -}} - {{- if kindIs "slice" $prefix -}} - {{- $prefix = last $prefix -}} + {{- $Values := (.helm).Values | default .Values -}} + {{- $_ := set . "overrideKey" "name" -}} + {{- $fullname := include "vm.internal.key" . -}} + {{- $_ := unset . "overrideKey" -}} + {{- if empty $fullname -}} + {{- $fullname = include "vm.fullname" . -}} {{- end -}} - {{- if $prefix -}} - {{- with $oldPrefix -}} - {{- $prefix = printf "%s-%s" $prefix . -}} - {{- end }} - {{- $_ := set $ "prefix" $prefix -}} + {{- with include "vm.internal.key.default" . -}} + {{- $prefix := ternary . (printf "vm%s" .) (or (hasPrefix "vm" .) (hasPrefix "vl" .)) -}} + {{- $fullname = printf "%s-%s" $prefix $fullname -}} + {{- end -}} + {{- $fullname = tpl $fullname . -}} + {{- if or ($Values.global).disableNameTruncation $Values.disableNameTruncation -}} + {{- $fullname -}} + {{- else -}} + {{- $fullname | trunc 63 | trimSuffix "-" -}} {{- end -}} - {{- include "vm.fullname" . -}} - {{- $_ := set . "prefix" $oldPrefix -}} {{- end -}} {{- define "vm.plain.fullname" -}} - {{- $suffix := .appKey -}} - {{- $oldSuffix := .suffix -}} - {{- if kindIs "slice" $suffix -}} - {{- $suffix = last $suffix }} - {{- end -}} - {{- if $suffix -}} - {{- with $oldSuffix -}} - {{- $suffix = printf "%s-%s" $suffix . -}} + {{- $Values := (.helm).Values | default .Values -}} + {{- $_ := set . "overrideKey" "fullnameOverride" -}} + {{- $fullname := include "vm.internal.key" . -}} + {{- $_ := unset . "overrideKey" -}} + {{- if empty $fullname -}} + {{- $fullname = include "vm.fullname" . -}} + {{- with include "vm.internal.key.default" . -}} + {{- $fullname = printf "%s-%s" $fullname . -}} {{- end -}} - {{- $_ := set . "suffix" $suffix -}} {{- end -}} - {{- include "vm.fullname" . -}} - {{- $_ := set . "suffix" $oldSuffix -}} + {{- $fullname = tpl $fullname . -}} + {{- if or ($Values.global).disableNameTruncation $Values.disableNameTruncation -}} + {{- $fullname -}} + {{- else -}} + {{- $fullname | trunc 63 | trimSuffix "-" -}} + {{- end -}} +{{- end -}} + +{{- define "vm.internal.key" -}} + {{- include "vm.validate.args" . -}} + {{- $overrideKey := .overrideKey | default "fullnameOverride" -}} + {{- $Values := (.helm).Values | default .Values -}} + {{- $key := "" -}} + {{- if .appKey -}} + {{- $appKey := ternary (list .appKey) .appKey (kindIs "string" .appKey) -}} + {{- $ctx := . -}} + {{- $values := $Values -}} + {{- range $ak := $appKey }} + {{- $values = ternary (default dict) (index $values $ak | default dict) (empty $values) -}} + {{- $ctx = ternary (default dict) (index $ctx $ak | default dict) (empty $ctx) -}} + {{- if and (empty $values) (empty $ctx) -}} + {{- fail (printf "No data for appKey %s" (join "->" $appKey)) -}} + {{- end -}} + {{- if and (kindIs "map" $values) (index $values $overrideKey) -}} + {{- $key = index $values $overrideKey -}} + {{- else if and (kindIs "map" $ctx) (index $ctx $overrideKey) -}} + {{- $key = index $ctx $overrideKey -}} + {{- end -}} + {{- end }} + {{- if and (empty $key) .fallback -}} + {{- $key = include "vm.internal.key.default" . -}} + {{- end -}} + {{- end -}} + {{- $key -}} +{{- end -}} + +{{- define "vm.internal.key.default" -}} + {{- with .appKey -}} + {{- $key := ternary (list .) . (kindIs "string" .) -}} + {{- last (without $key "spec") -}} + {{- end -}} {{- end -}} {{- /* Create chart name and version as used by the chart label. */ -}} {{- define "vm.chart" -}} {{- include "vm.validate.args" . -}} + {{- $Values := (.helm).Values | default .Values -}} {{- $Chart := (.helm).Chart | default .Chart -}} - {{- printf "%s-%s" $Chart.Name $Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} + {{- $chart := printf "%s-%s" $Chart.Name $Chart.Version | replace "+" "_" -}} + {{- if or ($Values.global).disableNameTruncation $Values.disableNameTruncation -}} + {{- $chart -}} + {{- else -}} + {{- $chart | trunc 63 | trimSuffix "-" -}} + {{- end }} {{- end }} {{- /* Create the name of the service account to use */ -}} @@ -138,14 +183,22 @@ If release name contains chart name it will be used as a full name. {{- toYaml $labels -}} {{- end -}} +{{- define "vm.podLabels" -}} + {{- include "vm.validate.args" . -}} + {{- $Release := (.helm).Release | default .Release -}} + {{- $labels := fromYaml (include "vm.selectorLabels" .) -}} + {{- $labels = mergeOverwrite $labels (.extraLabels | default dict) -}} + {{- $_ := set $labels "app.kubernetes.io/managed-by" $Release.Service -}} + {{- toYaml $labels -}} +{{- end -}} + {{- /* Common labels */ -}} {{- define "vm.labels" -}} {{- include "vm.validate.args" . -}} - {{- $Chart := (.helm).Chart | default .Chart -}} {{- $labels := fromYaml (include "vm.selectorLabels" .) -}} {{- $labels = mergeOverwrite $labels (fromYaml (include "vm.metaLabels" .)) -}} - {{- with $Chart.AppVersion -}} - {{- $_ := set $labels "app.kubernetes.io/version" ($Chart.AppVersion) -}} + {{- with (include "vm.image.tag" .) }} + {{- $_ := set $labels "app.kubernetes.io/version" (regexReplaceAll "(.*)(@sha.*)" . "${1}") -}} {{- end -}} {{- toYaml $labels -}} {{- end -}} @@ -154,28 +207,20 @@ If release name contains chart name it will be used as a full name. {{- include "vm.validate.args" . -}} {{- $Release := (.helm).Release | default .Release -}} {{- $Values := (.helm).Values | default .Values -}} - {{- default $Release.Name $Values.argocdReleaseOverride | trunc 63 | trimSuffix "-" -}} + {{- $release := default $Release.Name $Values.argocdReleaseOverride -}} + {{- if or ($Values.global).disableNameTruncation $Values.disableNameTruncation -}} + {{- $release -}} + {{- else -}} + {{- $release | trunc 63 | trimSuffix "-" -}} + {{- end -}} {{- end -}} {{- define "vm.app.name" -}} - {{- if .appKey -}} - {{- $Values := (.helm).Values | default .Values -}} - {{- $Chart := (.helm).Chart | default .Chart -}} - {{- $values := $Values -}} - {{- $global := (index $Values.global $Chart.Name) | default dict -}} - {{- $appKey := ternary (list .appKey) .appKey (kindIs "string" .appKey) -}} - {{- $name := last $appKey }} - {{- range $ak := $appKey }} - {{- $values = (index $values $ak) | default dict -}} - {{- $global = (index $global $ak) | default dict -}} - {{- if $values.name -}} - {{- $name = $values.name -}} - {{- else if $global.name -}} - {{- $name = $global.name -}} - {{- end -}} - {{- end -}} - {{- $name -}} - {{- end -}} + {{- $_ := set . "overrideKey" "name" -}} + {{- $_ := set . "fallback" true -}} + {{- tpl (include "vm.internal.key" .) . -}} + {{- $_ := unset . "overrideKey" -}} + {{- $_ := unset . "fallback" -}} {{- end -}} {{- /* Selector labels */ -}} @@ -184,7 +229,11 @@ If release name contains chart name it will be used as a full name. {{- $_ := set $labels "app.kubernetes.io/name" (include "vm.name" .) -}} {{- $_ := set $labels "app.kubernetes.io/instance" (include "vm.release" .) -}} {{- with (include "vm.app.name" .) -}} - {{- $_ := set $labels "app" . -}} + {{- if eq $.style "managed" -}} + {{- $_ := set $labels "app.kubernetes.io/component" (printf "%s-%s" (include "vm.name" $) .) -}} + {{- else -}} + {{- $_ := set $labels "app" . -}} + {{- end -}} {{- end -}} {{- toYaml $labels -}} {{- end }} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_image.tpl b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_image.tpl index 618d6fae..cae561dd 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_image.tpl +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_image.tpl @@ -2,12 +2,25 @@ Victoria Metrics Image */}} {{- define "vm.image" -}} + {{- $image := (fromYaml (include "vm.internal.image" .)).image | default dict -}} + {{- $tag := include "vm.image.tag" . -}} + {{- if empty $image.repository -}} + {{- fail "cannot create image without `.repository` defined" -}} + {{- end -}} + {{- $result := tpl (printf "%s:%s" $image.repository $tag) . -}} + {{- with $image.registry | default "" -}} + {{- $result = (printf "%s/%s" . $result) -}} + {{- end -}} + {{- $result -}} +{{- end -}} + +{{- define "vm.image.tag" -}} {{- $Chart := (.helm).Chart | default .Chart -}} - {{- $Values := (.helm).Values | default .Values -}} - {{- $tag := .app.image.tag -}} + {{- $image := (fromYaml (include "vm.internal.image" .)).image | default dict -}} + {{- $tag := $image.tag -}} {{- if empty $tag }} {{- $tag = $Chart.AppVersion -}} - {{- $variant := .app.image.variant }} + {{- $variant := $image.variant }} {{- if eq (include "vm.enterprise.disabled" .) "false" -}} {{- if $variant }} {{- $variant = printf "enterprise-%s" $variant }} @@ -19,9 +32,30 @@ Victoria Metrics Image {{- $tag = (printf "%s-%s" $tag .) -}} {{- end -}} {{- end -}} - {{- $image := tpl (printf "%s:%s" .app.image.repository $tag) . -}} - {{- with .app.image.registry | default (($Values.global).image).registry | default "" -}} - {{- $image = (printf "%s/%s" . $image) -}} - {{- end -}} - {{- $image -}} + {{- $tag -}} +{{- end -}} + +{{- define "vm.internal.image" -}} + {{- $Values := (.helm).Values | default .Values -}} + {{- $values := $Values -}} + {{- $ctx := . -}} + {{- with .appKey -}} + {{- $appKey := ternary (list .) . (kindIs "string" .) -}} + {{- range $ak := $appKey -}} + {{- $values = ternary (default dict) (index $values $ak | default dict) (empty $values) -}} + {{- $ctx = ternary (default dict) (index $ctx $ak | default dict) (empty $ctx) -}} + {{- if and (empty $values) (empty $ctx) -}} + {{- fail (printf "No data for appKey %s" (join "->" $appKey)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- $image := ternary $ctx.image $values.image (hasKey $ctx "image") -}} + {{- if not $image.registry }} + {{- if (($Values.global).image).registry -}} + {{- $_ := set $image "registry" (($Values.global).image).registry -}} + {{- else if hasKey $image "registry" -}} + {{- $_ := unset $image "registry" -}} + {{- end -}} + {{- end -}} + {{- toYaml (dict "image" $image) -}} {{- end -}} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_pod.tpl b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_pod.tpl index 05866cff..7534ae2d 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_pod.tpl +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_pod.tpl @@ -24,16 +24,13 @@ Usage: {{- include "vm.securityContext" (dict "securityContext" .Values.containerSecurityContext "helm" .) -}} */ -}} {{- define "vm.securityContext" -}} - {{- $securityContext := .securityContext -}} + {{- $securityContext := omit .securityContext "enabled" -}} {{- $Values := (.helm).Values | default .Values -}} {{- $adaptMode := (((($Values).global).compatibility).openshift).adaptSecurityContext | default "" -}} {{- if or (eq $adaptMode "force") (and (eq $adaptMode "auto") (include "vm.isOpenshift" .)) -}} - {{- $securityContext = omit $securityContext "fsGroup" "runAsUser" "runAsGroup" -}} - {{- if not $securityContext.seLinuxOptions -}} - {{- $securityContext = omit $securityContext "seLinuxOptions" -}} - {{- end -}} + {{- $securityContext = omit $securityContext "fsGroup" "runAsUser" "runAsGroup" "seLinuxOptions" -}} {{- end -}} - {{- omit $securityContext "enabled" | toYaml -}} + {{- toYaml $securityContext -}} {{- end -}} {{- /* @@ -75,7 +72,11 @@ HTTP GET probe path HTTP GET probe scheme */ -}} {{- define "vm.probe.http.scheme" -}} - {{- ternary "HTTPS" "HTTP" (.app.extraArgs.tls | default false) -}} + {{- $isSecure := false -}} + {{- with ((.app).extraArgs).tls -}} + {{- $isSecure = eq (toString .) "true" -}} + {{- end -}} + {{- ternary "HTTPS" "HTTP" $isSecure -}} {{- end -}} {{- /* @@ -86,12 +87,12 @@ Net probe port {{- end -}} {{- define "vm.arg" -}} - {{- if empty .value }} + {{- if and (empty .value) (kindIs "string" .value) (ne (toString .list) "true") }} {{- .key -}} - {{- else if and (kindIs "bool" .value) .value -}} + {{- else if eq (toString .value) "true" -}} -{{ ternary "" "-" (eq (len .key) 1) }}{{ .key }} {{- else -}} - -{{ ternary "" "-" (eq (len .key) 1) }}{{ .key }}={{ .value }} + -{{ ternary "" "-" (eq (len .key) 1) }}{{ .key }}={{ ternary (toJson .value | squote) .value (has (kindOf .value) (list "map" "slice")) }} {{- end -}} {{- end -}} @@ -106,7 +107,7 @@ command line arguments {{- end -}} {{- if kindIs "slice" $value -}} {{- range $v := $value -}} - {{- $args = append $args (include "vm.arg" (dict "key" $key "value" $v)) -}} + {{- $args = append $args (include "vm.arg" (dict "key" $key "value" $v "list" true)) -}} {{- end -}} {{- else -}} {{- $args = append $args (include "vm.arg" (dict "key" $key "value" $value)) -}} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_service.tpl b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_service.tpl index 7f862ae0..77a1365f 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_service.tpl +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/templates/_service.tpl @@ -2,11 +2,13 @@ {{- define "vm.service" -}} {{- include "vm.validate.args" . -}} {{- $Values := (.helm).Values | default .Values -}} - {{- $nameTpl := "vm.fullname" }} + {{- $nameTpl := "" -}} {{- if eq .style "managed" -}} {{- $nameTpl = "vm.managed.fullname" }} {{- else if eq .style "plain" -}} {{- $nameTpl = "vm.plain.fullname" }} + {{- else -}} + {{- fail ".style argument should be either `plain` or `managed`"}} {{- end -}} {{- include $nameTpl . -}} {{- end }} @@ -32,18 +34,26 @@ {{- $Values := (.helm).Values | default .Values -}} {{- if .appKey -}} {{- $appKey := ternary (list .appKey) .appKey (kindIs "string" .appKey) -}} - {{- $spec := $Values -}} + {{- $values := $Values -}} + {{- $ctx := . -}} {{- range $ak := $appKey -}} - {{- if index $spec $ak -}} - {{- $spec = (index $spec $ak) -}} - {{- end -}} - {{- if and (kindIs "map" $spec) (hasKey $spec "spec") -}} - {{- $spec = $spec.spec -}} - {{- end -}} + {{- $values = ternary (default dict) (index $values $ak | default dict) (empty $values) -}} + {{- $ctx = ternary (default dict) (index $ctx $ak | default dict) (empty $ctx) -}} + {{- end -}} + {{- $spec := default dict -}} + {{- if $ctx -}} + {{- $spec = $ctx -}} + {{- else if $values -}} + {{- $spec = $values -}} + {{- end -}} + {{- with ($spec.extraArgs).tls -}} + {{- $isSecure = eq (toString .) "true" -}} {{- end -}} - {{- $isSecure = (eq ($spec.extraArgs).tls "true") | default $isSecure -}} {{- $port = (ternary 443 80 $isSecure) -}} - {{- $port = $spec.port | default ($spec.service).servicePort | default $port -}} + {{- $port = $spec.port | default ($spec.service).servicePort | default ($spec.service).port | default $port -}} + {{- if hasKey . "appIdx" -}} + {{- $port = (include "vm.port.from.flag" (dict "flag" ($spec.extraArgs).httpListenAddr "default" $port)) -}} + {{- end }} {{- end }} {{- $fqdn }}:{{ $port }} {{- end -}} @@ -56,18 +66,23 @@ {{- $isSecure := ternary false true (empty .appSecure) -}} {{- if .appKey -}} {{- $appKey := ternary (list .appKey) .appKey (kindIs "string" .appKey) -}} - {{- $spec := $Values -}} + {{- $values := $Values -}} + {{- $ctx := . -}} {{- range $ak := $appKey -}} - {{- if index $spec $ak -}} - {{- $spec = (index $spec $ak) -}} - {{- end -}} - {{- if and (kindIs "map" $spec) (hasKey $spec "spec") -}} - {{- $spec = $spec.spec -}} - {{- end -}} + {{- $values = ternary (default dict) (index $values $ak | default dict) (empty $values) -}} + {{- $ctx = ternary (default dict) (index $ctx $ak | default dict) (empty $ctx) -}} + {{- end -}} + {{- $spec := default dict -}} + {{- if $values -}} + {{- $spec = $values -}} + {{- else if $ctx -}} + {{- $spec = $ctx -}} + {{- end -}} + {{- with ($spec.extraArgs).tls -}} + {{- $isSecure = eq (toString .) "true" -}} {{- end -}} - {{- $isSecure = (eq ($spec.extraArgs).tls "true") | default $isSecure -}} {{- $proto = (ternary "https" "http" $isSecure) -}} {{- $path = dig "http.pathPrefix" $path ($spec.extraArgs | default dict) -}} {{- end -}} - {{- printf "%s://%s%s" $proto $host $path -}} + {{- printf "%s://%s%s" $proto $host (trimSuffix "/" $path) -}} {{- end -}} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/values.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/values.yaml new file mode 100644 index 00000000..fb6bffdc --- /dev/null +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/charts/victoria-metrics-common/values.yaml @@ -0,0 +1 @@ +unitTest: false diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/crd.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/crd.yaml index bb065953..038cc276 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/crd.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/crd.yaml @@ -2,19 +2,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vlogs.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: system - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VLogs @@ -28,10 +18,15 @@ spec: jsonPath: .status.status name: Status type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1beta1 schema: openAPIV3Schema: - description: VLogs is the Schema for the vlogs API + description: |- + VLogs is fast, cost-effective and scalable logs database. + VLogs is the Schema for the vlogs API properties: apiVersion: description: |- @@ -77,6 +72,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator @@ -111,9 +114,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -164,6 +170,53 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array futureRetention: description: |- FutureRetention for the stored logs @@ -253,9 +306,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -301,9 +352,32 @@ spec: this can be useful for debugging of high cardinality issues with log streams; see https://docs.victoriametrics.com/victorialogs/keyconcepts/#stream-fields type: boolean + managedMetadata: + description: |- + ManagedMetadata defines metadata that will be added to the all objects + created by operator for the given CustomResource + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Labels Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + type: object + type: object minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -394,11 +468,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -409,6 +481,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -725,7 +803,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -881,10 +959,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -892,11 +968,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -935,32 +1009,81 @@ spec: status: description: VLogsStatus defines the observed state of VLogs properties: - availableReplicas: - description: AvailableReplicas Total number of available pods (ready - for at least minReadySeconds) targeted by this VLogs. - format: int32 + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 type: integer reason: - description: Reason defines a reason in case of update failure + description: Reason defines human readable error reason type: string - replicas: - description: ReplicaCount Total number of non-terminated pods targeted - by this VLogs. - format: int32 - type: integer - status: - description: UpdateStatus defines a status of vlogs instance rollout + updateStatus: + description: UpdateStatus defines a status for update rollout type: string - unavailableReplicas: - description: UnavailableReplicas Total number of unavailable pods - targeted by this VLogs. - format: int32 - type: integer - updatedReplicas: - description: UpdatedReplicas Total number of non-terminated pods targeted - by this VLogs. - format: int32 - type: integer type: object type: object served: true @@ -972,19 +1095,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmagents.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMAgent @@ -1006,6 +1119,9 @@ spec: jsonPath: .status.updateStatus name: Status type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1beta1 schema: openAPIV3Schema: @@ -1034,6 +1150,49 @@ spec: description: VMAgentSpec defines the desired state of VMAgent properties: aPIServerConfig: + description: |- + APIServerConfig allows specifying a host and auth methods to access apiserver. + If left empty, VMAgent is assumed to run inside of the cluster + and will discover API servers automatically and use the pod's CA certificate + and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + aPIServerConfig is deprecated use apiServerConfig instead + required: + - host + type: object + x-kubernetes-preserve-unknown-fields: true + additionalScrapeConfigs: + description: |- + AdditionalScrapeConfigs As scrape configs are appended, the user is responsible to make sure it + is valid. Note that using this feature may expose the possibility to + break upgrades of VMAgent. It is advised to review VMAgent release + notes to ensure that no incompatible scrape configs are going to break + VMAgent after the upgrade. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + affinity: + description: Affinity If specified, the pod's scheduling constraints. + type: object + x-kubernetes-preserve-unknown-fields: true + apiServerConfig: description: |- APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, VMAgent is assumed to run inside of the cluster @@ -1057,9 +1216,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1096,9 +1253,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1129,9 +1284,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1157,7 +1310,8 @@ spec: description: TLSConfig Config to use for accessing apiserver. properties: ca: - description: Stuct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the + targets. properties: configMap: description: ConfigMap containing data to use for the @@ -1173,9 +1327,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1199,9 +1351,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1234,9 +1384,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -1260,9 +1408,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -1299,9 +1445,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -1318,40 +1462,6 @@ spec: required: - host type: object - additionalScrapeConfigs: - description: |- - AdditionalScrapeConfigs As scrape configs are appended, the user is responsible to make sure it - is valid. Note that using this feature may expose the possibility to - break upgrades of VMAgent. It is advised to review VMAgent release - notes to ensure that no incompatible scrape configs are going to break - VMAgent after the upgrade. - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - affinity: - description: Affinity If specified, the pod's scheduling constraints. - type: object - x-kubernetes-preserve-unknown-fields: true arbitraryFSAccessThroughSMs: description: |- ArbitraryFSAccessThroughSMs configures whether configuration @@ -1576,7 +1686,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -1616,7 +1726,7 @@ spec: volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io - prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus + prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState @@ -1636,12 +1746,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the - given PVC.\n\n\nA controller that receives PVC update - with previously unknown resourceName or ClaimResourceStatus\nshould + given PVC.\n\nA controller that receives PVC update with + previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that - change other valid\nresources associated with PVC.\n\n\nThis + change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -1660,7 +1770,7 @@ spec: volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io - prefix are considered\nreserved and hence may not be used.\n\n\nCapacity + prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources @@ -1669,12 +1779,12 @@ spec: capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the - requested capacity.\n\n\nA controller that receives PVC + requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that - change other valid\nresources associated with PVC.\n\n\nThis + change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -1717,10 +1827,15 @@ spec: persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType is - a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status @@ -1734,13 +1849,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -1799,11 +1914,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1814,6 +1927,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1858,6 +1977,21 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + daemonSetMode: + description: |- + DaemonSetMode enables DaemonSet deployment mode instead of Deployment. + Supports only VMPodScrape + (available from v0.55.0). + Cannot be used with statefulMode + type: boolean + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator @@ -1892,9 +2026,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -1912,6 +2049,13 @@ spec: dnsPolicy: description: DNSPolicy sets DNS policy for the pod type: string + enableKubernetesAPISelectors: + description: |- + EnableKubernetesAPISelectors instructs vmagent to use CRD scrape objects spec.selectors for + Kubernetes API list and watch requests. + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#list-and-watch-filtering + It could be useful to reduce Kubernetes API server resource usage for serving less than 100 CRD scrape objects in total. + type: boolean enforcedNamespaceLabel: description: |- EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert @@ -1958,6 +2102,53 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array host_aliases: description: |- HostAliasesUnderScore provides mapping for ip and hostname, @@ -2048,9 +2239,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -2186,6 +2375,9 @@ spec: Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) properties: + forceOffline: + description: Enforce offline verification of the license key. + type: boolean key: description: |- Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). @@ -2206,9 +2398,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -2218,6 +2408,10 @@ spec: - key type: object x-kubernetes-map-type: atomic + reloadInterval: + description: Interval to be used for checking for license key + changes. Note that this is only applicable when using KeyRef. + type: string type: object livenessProbe: description: LivenessProbe that will be added CRD pod @@ -2240,6 +2434,29 @@ spec: - FATAL - PANIC type: string + managedMetadata: + description: |- + ManagedMetadata defines metadata that will be added to the all objects + created by operator for the given CustomResource + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Labels Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + type: object + type: object maxScrapeInterval: description: |- MaxScrapeInterval allows limiting maximum scrape interval for VMServiceScrape, VMPodScrape and other scrapes @@ -2247,7 +2464,7 @@ spec: type: string minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -2918,9 +3135,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key must be @@ -2960,9 +3175,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -2993,9 +3206,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3020,9 +3231,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3124,9 +3333,10 @@ spec: type: object type: array maxDiskUsage: - description: MaxDiskUsage defines the maximum file-based buffer - size in bytes for -remoteWrite.url - type: string + description: |- + MaxDiskUsage defines the maximum file-based buffer size in bytes for the given remoteWrite + It overrides global configuration defined at remoteWriteSettings.maxDiskUsagePerURL + x-kubernetes-preserve-unknown-fields: true oauth2: description: OAuth2 defines auth configuration properties: @@ -3148,9 +3358,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -3174,9 +3382,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3201,9 +3407,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3222,11 +3426,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -3257,9 +3473,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -3283,6 +3497,10 @@ spec: items: type: string type: array + enableWindows: + description: EnableWindows enables aggregating data in separate + windows ( available from v0.54.0). + type: boolean ignoreFirstIntervals: description: IgnoreFirstIntervals instructs to ignore first interval @@ -3304,10 +3522,8 @@ spec: description: |- By is an optional list of labels for grouping input series. - See also Without. - If neither By nor Without are set, then the Outputs are calculated individually per each input time series. items: @@ -3321,11 +3537,14 @@ spec: description: |- DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples. - Labels are dropped before de-duplication and aggregation. items: type: string type: array + enable_windows: + description: EnableWindows enables aggregating data + in separate windows + type: boolean flush_on_shutdown: description: |- FlushOnShutdown defines whether to flush the aggregation state on process termination @@ -3430,7 +3649,6 @@ spec: description: |- Match is a label selector (or list of label selectors) for filtering time series for the given selector. - If the match isn't set, then all the input time series are processed. x-kubernetes-preserve-unknown-fields: true no_align_flush_to_interval: @@ -3520,10 +3738,8 @@ spec: description: |- Outputs is a list of output aggregate functions to produce. - The following names are allowed: - - total - aggregates input counters - increase - counts the increase over input counters - count_series - counts the input series @@ -3538,10 +3754,8 @@ spec: - histogram_bucket - creates VictoriaMetrics histogram for input samples - quantiles(phi1, ..., phiN) - quantiles' estimation for phi in the range [0..1] - The output time series will have the following names: - input_name:aggr__ items: type: string @@ -3555,10 +3769,8 @@ spec: description: |- Without is an optional list of labels, which must be excluded when grouping input series. - See also By. - If neither By nor Without are set, then the Outputs are calculated individually per each input time series. items: @@ -3575,7 +3787,7 @@ spec: write target properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -3592,9 +3804,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -3618,9 +3828,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3653,9 +3861,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -3679,9 +3885,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -3718,9 +3922,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -3751,9 +3953,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key must @@ -3790,8 +3990,7 @@ spec: type: integer maxDiskUsagePerURL: description: The maximum file-based buffer size in bytes at -remoteWrite.tmpDataPath - format: int64 - type: integer + x-kubernetes-preserve-unknown-fields: true queues: description: The number of concurrent queues format: int32 @@ -3826,11 +4025,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -3841,6 +4038,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -4664,7 +4867,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -4705,8 +4908,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -4725,12 +4928,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -4750,21 +4953,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -4807,10 +5010,15 @@ spec: persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status @@ -4824,13 +5032,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -4991,7 +5199,7 @@ spec: type: array staticScrapeSelector: description: |- - StaticScrapeSelector defines PodScrapes to be selected for target discovery. + StaticScrapeSelector defines VMStaticScrape to be selected for target discovery. Works in combination with NamespaceSelector. If both nil - match everything. NamespaceSelector nil - only objects at VMAgent namespace. @@ -5057,9 +5265,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key must @@ -5082,6 +5288,10 @@ spec: items: type: string type: array + enableWindows: + description: EnableWindows enables aggregating data in separate + windows ( available from v0.54.0). + type: boolean ignoreFirstIntervals: description: IgnoreFirstIntervals instructs to ignore first interval type: integer @@ -5102,10 +5312,8 @@ spec: description: |- By is an optional list of labels for grouping input series. - See also Without. - If neither By nor Without are set, then the Outputs are calculated individually per each input time series. items: @@ -5118,11 +5326,14 @@ spec: description: |- DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples. - Labels are dropped before de-duplication and aggregation. items: type: string type: array + enable_windows: + description: EnableWindows enables aggregating data in separate + windows + type: boolean flush_on_shutdown: description: |- FlushOnShutdown defines whether to flush the aggregation state on process termination @@ -5225,7 +5436,6 @@ spec: description: |- Match is a label selector (or list of label selectors) for filtering time series for the given selector. - If the match isn't set, then all the input time series are processed. x-kubernetes-preserve-unknown-fields: true no_align_flush_to_interval: @@ -5315,10 +5525,8 @@ spec: description: |- Outputs is a list of output aggregate functions to produce. - The following names are allowed: - - total - aggregates input counters - increase - counts the increase over input counters - count_series - counts the input series @@ -5333,10 +5541,8 @@ spec: - histogram_bucket - creates VictoriaMetrics histogram for input samples - quantiles(phi1, ..., phiN) - quantiles' estimation for phi in the range [0..1] - The output time series will have the following names: - input_name:aggr__ items: type: string @@ -5350,10 +5556,8 @@ spec: description: |- Without is an optional list of labels, which must be excluded when grouping input series. - See also By. - If neither By nor Without are set, then the Outputs are calculated individually per each input time series. items: @@ -5492,10 +5696,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -5503,11 +5705,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -5546,15 +5746,77 @@ spec: status: description: VMAgentStatus defines the observed state of VMAgent properties: - availableReplicas: + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: description: |- - AvailableReplicas Total number of available pods (ready for at least minReadySeconds) - targeted by this VMAlert cluster. - format: int32 + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 type: integer reason: - description: Reason defines fail reason for update process, effective - only for statefulMode + description: Reason defines human readable error reason type: string replicas: description: ReplicaCount Total number of pods targeted by this VMAgent @@ -5568,21 +5830,9 @@ spec: with uniq scrape targets format: int32 type: integer - unavailableReplicas: - description: UnavailableReplicas Total number of unavailable pods - targeted by this VMAgent cluster. - format: int32 - type: integer updateStatus: - description: UpdateStatus defines a status for update rollout, effective - only for statefulMode + description: UpdateStatus defines a status for update rollout type: string - updatedReplicas: - description: |- - UpdatedReplicas Total number of non-terminated pods targeted by this VMAgent - cluster that have the desired version spec. - format: int32 - type: integer type: object type: object served: true @@ -5598,19 +5848,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmalertmanagerconfigs.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMAlertmanagerConfig @@ -5623,13 +5863,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastErrorParentAlertmanagerName - name: VMAlertmanager Error - type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -5702,6 +5939,17 @@ spec: discord_configs: items: properties: + avatar_url: + description: |- + AvatarURL defines message avatar URL + Available from operator v0.55.0 and alertmanager v0.28.0 + type: string + content: + description: |- + Content defines message content template + Available from operator v0.55.0 and alertmanager v0.28.0 + maxLength: 2000 + type: string http_config: description: HTTP client configuration. properties: @@ -5725,9 +5973,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5764,9 +6010,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5797,9 +6041,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5830,9 +6072,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -5864,9 +6104,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -5892,9 +6130,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -5920,9 +6156,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -5942,12 +6176,24 @@ spec: description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -5963,8 +6209,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Stuct containing the CA cert to use - for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: description: ConfigMap containing data to @@ -5980,9 +6226,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6008,9 +6252,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6043,9 +6285,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6071,9 +6311,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6110,9 +6348,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6138,6 +6374,11 @@ spec: title: description: The message title template type: string + username: + description: |- + Username defines message username + Available from operator v0.55.0 and alertmanager v0.28.0 + type: string webhook_url: description: |- The discord webhook URL @@ -6160,9 +6401,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6197,9 +6436,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6225,9 +6462,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -6279,8 +6514,8 @@ spec: description: TLS configuration properties: ca: - description: Stuct containing the CA cert to use for - the targets. + description: Struct containing the CA cert to use + for the targets. properties: configMap: description: ConfigMap containing data to use @@ -6296,9 +6531,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6323,9 +6556,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6358,9 +6589,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6385,9 +6614,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6424,9 +6651,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -6445,6 +6670,83 @@ spec: type: string type: object type: array + jira_configs: + items: + description: |- + JiraConfig represent alertmanager's jira_config entry + https://prometheus.io/docs/alerting/latest/configuration/#jira_config + available from v0.55.0 operator version + and v0.28.0 alertmanager version + properties: + api_url: + description: |- + The URL to send API requests to. The full API path must be included. + Example: https://company.atlassian.net/rest/api/2/ + type: string + custom_fields: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: |- + Other issue and custom fields. + Jira issue field can have multiple types. + Depends on the field type, the values must be provided differently. + See https://developer.atlassian.com/server/jira/platform/jira-rest-api-examples/#setting-custom-field-data-for-other-field-types for further examples. + type: object + description: + description: Issue description template. + type: string + http_config: + description: |- + The HTTP client's configuration. You must use this configuration to supply the personal access token (PAT) as part of the HTTP `Authorization` header. + For Jira Cloud, use basic_auth with the email address as the username and the PAT as the password. + For Jira Data Center, use the 'authorization' field with 'credentials: '. + x-kubernetes-preserve-unknown-fields: true + issue_type: + description: Type of the issue (e.g. Bug) + type: string + labels: + description: Labels to be added to the issue + items: + type: string + type: array + priority: + description: Priority of the issue + type: string + project: + description: The project key where issues are created + type: string + reopen_duration: + description: |- + If reopen_transition is defined, reopen the issue when it is not older than this value (rounded down to the nearest minute). + The resolutiondate field is used to determine the age of the issue. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + reopen_transition: + description: |- + Name of the workflow transition to resolve an issue. + The target status must have the category "done". + type: string + resolve_transition: + description: |- + Name of the workflow transition to reopen an issue. + The target status should not have the category "done". + type: string + send_resolved: + description: SendResolved controls notify about resolved + alerts. + type: boolean + summary: + description: Issue summary template + type: string + wont_fix_resolution: + description: If reopen_transition is defined, ignore issues + with that resolution. + type: string + required: + - issue_type + - project + type: object + type: array msteams_configs: items: properties: @@ -6471,9 +6773,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6510,9 +6810,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6543,9 +6841,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6576,9 +6872,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -6610,9 +6904,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6638,9 +6930,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6666,9 +6956,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6688,12 +6976,24 @@ spec: description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -6709,8 +7009,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Stuct containing the CA cert to use - for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: description: ConfigMap containing data to @@ -6726,9 +7026,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6754,9 +7052,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6789,9 +7085,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -6817,9 +7111,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -6856,9 +7148,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -6906,9 +7196,61 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + msteamsv2_configs: + items: + description: |- + MSTeamsV2Config sends notifications using the new message format with adaptive cards as required by flows. + https://support.microsoft.com/en-gb/office/create-incoming-webhooks-with-workflows-for-microsoft-teams-8ae491c7-0394-4861-ba59-055e33f75498 + available from v0.55.0 operator version + and v0.28.0 alertmanager version + properties: + http_config: + x-kubernetes-preserve-unknown-fields: true + send_resolved: + description: SendResolved controls notify about resolved + alerts. + type: boolean + text: + description: Message body template. + type: string + title: + description: Message title template. + type: string + webhook_url: + description: |- + The incoming webhook URL + one of `urlSecret` and `url` must be defined. + type: string + webhook_url_secret: + description: |- + URLSecret defines secret name and key at the CRD namespace. + It must contain the webhook URL. + one of `webhook_url` or `webhook_url_secret` must be defined. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key @@ -6954,9 +7296,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7126,9 +7466,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7160,9 +7498,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7240,9 +7576,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7275,9 +7609,129 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + rocketchat_configs: + items: + description: |- + RocketchatConfig configures notifications via Rocketchat. + https://prometheus.io/docs/alerting/latest/configuration/#rocketchat_config + available from v0.55.0 operator version + and v0.28.0 alertmanager version + properties: + actions: + items: + description: |- + RocketchatAttachmentAction defines message attachements + https://github.com/RocketChat/Rocket.Chat.Go.SDK/blob/master/models/message.go + properties: + msg: + type: string + text: + type: string + type: + type: string + url: + type: string + type: object + type: array + api_url: + type: string + channel: + description: 'RocketChat channel override, (like #other-channel + or @username).' + type: string + color: + type: string + emoji: + type: string + fields: + items: + description: |- + RocketchatAttachmentField defines API fields + https://developer.rocket.chat/reference/api/rest-api/endpoints/messaging/chat-endpoints/postmessage#attachment-field-objects + properties: + short: + type: boolean + title: + type: string + value: + type: string + type: object + type: array + http_config: + x-kubernetes-preserve-unknown-fields: true + icon_url: + type: string + image_url: + type: string + link_names: + type: boolean + send_resolved: + description: SendResolved controls notify about resolved + alerts. + type: boolean + short_fields: + type: boolean + text: + type: string + thumb_url: + type: string + title: + type: string + title_link: + type: string + token: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + token_id: + description: |- + The sender token and token_id + See https://docs.rocket.chat/use-rocket.chat/user-guides/user-panel/my-account#personal-access-tokens + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key @@ -7362,9 +7816,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -7477,9 +7929,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7516,9 +7966,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7549,9 +7997,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7582,9 +8028,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -7616,9 +8060,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -7644,9 +8086,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -7672,9 +8112,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7694,12 +8132,24 @@ spec: description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -7715,8 +8165,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Stuct containing the CA cert to use - for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: description: ConfigMap containing data to @@ -7732,9 +8182,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -7760,9 +8208,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -7795,9 +8241,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -7823,9 +8267,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -7862,9 +8304,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -7916,9 +8356,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -7954,9 +8392,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -8007,9 +8443,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8033,6 +8467,10 @@ spec: message: description: Message is templated message type: string + message_thread_id: + description: MessageThreadID defines ID of the message + thread where to send the messages. + type: integer parse_mode: description: |- ParseMode for telegram message, @@ -8072,9 +8510,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -8120,9 +8556,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8159,9 +8593,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8192,9 +8624,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8225,9 +8655,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -8259,9 +8687,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8287,9 +8713,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8315,9 +8739,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8337,12 +8759,24 @@ spec: description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -8358,8 +8792,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Stuct containing the CA cert to use - for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: description: ConfigMap containing data to @@ -8375,9 +8809,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8403,9 +8835,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8438,9 +8868,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8466,9 +8894,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8505,9 +8931,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8577,9 +9001,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8616,9 +9038,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8649,9 +9069,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8682,9 +9100,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -8716,9 +9132,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8744,9 +9158,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8772,9 +9184,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8794,12 +9204,24 @@ spec: description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -8815,8 +9237,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Stuct containing the CA cert to use - for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: description: ConfigMap containing data to @@ -8832,9 +9254,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8860,9 +9280,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8895,9 +9313,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -8923,9 +9339,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -8962,9 +9376,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -8991,6 +9403,8 @@ spec: description: SendResolved controls notify about resolved alerts. type: boolean + required: + - room_id type: object type: array webhook_configs: @@ -9036,9 +9450,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -9076,9 +9488,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -9121,9 +9531,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9160,9 +9568,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9193,9 +9599,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9226,9 +9630,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -9260,9 +9662,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -9288,9 +9688,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -9316,9 +9714,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9338,12 +9734,24 @@ spec: description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -9359,8 +9767,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Stuct containing the CA cert to use - for the targets. + description: Struct containing the CA cert to + use for the targets. properties: configMap: description: ConfigMap containing data to @@ -9376,9 +9784,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -9404,9 +9810,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -9439,9 +9843,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap @@ -9467,9 +9869,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret @@ -9506,9 +9906,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or @@ -9672,6 +10070,7 @@ spec: type: object type: array required: + - name - time_intervals type: object type: array @@ -9683,18 +10082,82 @@ spec: description: VMAlertmanagerConfigStatus defines the observed state of VMAlertmanagerConfig properties: + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map lastErrorParentAlertmanagerName: type: string - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation - type: string - lastSyncErrorTimestamp: - description: LastSyncErrorTimestamp defines time when error occured + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile format: int64 type: integer - status: - description: Status defines CRD processing status + reason: + description: Reason defines human readable error reason + type: string + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object type: object @@ -9707,19 +10170,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmalertmanagers.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMAlertmanager @@ -9731,10 +10184,6 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - description: The version of VMAlertmanager - jsonPath: .spec.image.tag - name: Version - type: string - description: The desired replicas number of Alertmanagers jsonPath: .spec.replicaCount name: ReplicaCount @@ -9998,7 +10447,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -10038,7 +10487,7 @@ spec: volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io - prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus + prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState @@ -10058,12 +10507,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the - given PVC.\n\n\nA controller that receives PVC update - with previously unknown resourceName or ClaimResourceStatus\nshould + given PVC.\n\nA controller that receives PVC update with + previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that - change other valid\nresources associated with PVC.\n\n\nThis + change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -10082,7 +10531,7 @@ spec: volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io - prefix are considered\nreserved and hence may not be used.\n\n\nCapacity + prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources @@ -10091,12 +10540,12 @@ spec: capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the - requested capacity.\n\n\nA controller that receives PVC + requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that - change other valid\nresources associated with PVC.\n\n\nThis + change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -10139,10 +10588,15 @@ spec: persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType is - a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status @@ -10156,13 +10610,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -10290,11 +10744,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -10305,6 +10757,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -10409,6 +10867,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableNamespaceMatcher: description: |- DisableNamespaceMatcher disables top route namespace label matcher for VMAlertmanagerConfig @@ -10452,9 +10918,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -10520,6 +10989,53 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array gossipConfig: description: GossipConfig defines gossip TLS configuration for Alertmanager cluster @@ -10549,9 +11065,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10582,9 +11096,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10620,9 +11132,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10661,9 +11171,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10712,9 +11220,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10752,9 +11258,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -10871,9 +11375,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -10919,9 +11421,32 @@ spec: - WARN - ERROR type: string + managedMetadata: + description: |- + ManagedMetadata defines metadata that will be added to the all objects + created by operator for the given CustomResource + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Labels Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + type: object + type: object minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -11042,11 +11567,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -11057,6 +11580,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -11483,7 +12012,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -11524,8 +12053,8 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nClaimResourceStatus can be in - any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + may not be used.\n\nClaimResourceStatus can be in any + of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -11544,12 +12073,12 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC update + the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -11569,21 +12098,21 @@ spec: use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence - may not be used.\n\n\nCapacity reported here may be - larger than the actual capacity when a volume expansion - operation\nis requested.\nFor storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used.\nIf allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation.\nIf a volume expansion + may not be used.\n\nCapacity reported here may be larger + than the actual capacity when a volume expansion operation\nis + requested.\nFor storage quota, the larger value from + allocatedResources and PVC.spec.resources is used.\nIf + allocatedResources is not set, PVC.spec.resources alone + is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than - the requested capacity.\n\n\nA controller that receives + the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates - that change other valid\nresources associated with PVC.\n\n\nThis + that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object @@ -11626,10 +12155,15 @@ spec: persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status @@ -11643,13 +12177,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -11697,9 +12231,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string required: - key @@ -11819,10 +12351,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -11830,11 +12360,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -11920,9 +12448,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -11971,9 +12497,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12011,9 +12535,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12053,11 +12575,80 @@ spec: Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status properties: + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer reason: - description: Reason has non empty reason for update failure + description: Reason defines human readable error reason type: string updateStatus: - description: Status defines a status of object update + description: UpdateStatus defines a status for update rollout type: string type: object required: @@ -12072,19 +12663,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmalerts.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMAlert @@ -12098,6 +12679,13 @@ spec: jsonPath: .status.updateStatus name: Status type: string + - description: The desired replicas number of Alertmanagers + jsonPath: .spec.replicaCount + name: ReplicaCount + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1beta1 schema: openAPIV3Schema: @@ -12157,11 +12745,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -12172,6 +12758,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -12240,9 +12832,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12273,9 +12863,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12303,9 +12891,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -12343,6 +12929,14 @@ spec: required: - url type: object + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator @@ -12377,9 +12971,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -12447,6 +13044,53 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array host_aliases: description: |- HostAliasesUnderScore provides mapping for ip and hostname, @@ -12531,9 +13175,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -12557,6 +13199,9 @@ spec: Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) properties: + forceOffline: + description: Enforce offline verification of the license key. + type: boolean key: description: |- Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). @@ -12577,9 +13222,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -12589,6 +13232,10 @@ spec: - key type: object x-kubernetes-map-type: atomic + reloadInterval: + description: Interval to be used for checking for license key + changes. Note that this is only applicable when using KeyRef. + type: string type: object livenessProbe: description: LivenessProbe that will be added CRD pod @@ -12611,9 +13258,32 @@ spec: - FATAL - PANIC type: string + managedMetadata: + description: |- + ManagedMetadata defines metadata that will be added to the all objects + created by operator for the given CustomResource + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Labels Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + type: object + type: object minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -12650,9 +13320,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12683,9 +13351,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12713,9 +13379,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -12838,9 +13502,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -12878,9 +13540,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12911,9 +13571,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -12941,9 +13599,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -13170,9 +13826,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -13203,9 +13857,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -13233,9 +13885,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -13306,9 +13956,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -13339,9 +13987,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -13369,9 +14015,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -13442,11 +14086,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -13457,6 +14099,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -13859,10 +14507,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -13870,11 +14516,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -13913,37 +14557,81 @@ spec: status: description: VMAlertStatus defines the observed state of VMAlert properties: - availableReplicas: + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: description: |- - AvailableReplicas Total number of available pods (ready for at least minReadySeconds) - targeted by this VMAlert cluster. - format: int32 + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 type: integer reason: - description: Reason defines fail reason for update process, effective - only for statefulMode + description: Reason defines human readable error reason type: string - replicas: - description: |- - ReplicaCount Total number of non-terminated pods targeted by this VMAlert - cluster (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: UnavailableReplicas Total number of unavailable pods - targeted by this VMAlert cluster. - format: int32 - type: integer updateStatus: - description: UpdateStatus defines a status for update rollout, effective - only for statefulMode + description: UpdateStatus defines a status for update rollout type: string - updatedReplicas: - description: |- - UpdatedReplicas Total number of non-terminated pods targeted by this VMAlert - cluster that have the desired version spec. - format: int32 - type: integer type: object type: object served: true @@ -13955,19 +14643,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmauths.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: system - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMAuth @@ -13981,6 +14659,13 @@ spec: jsonPath: .status.updateStatus name: Status type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The desired replicas number of Alertmanagers + jsonPath: .spec.replicaCount + name: ReplicaCount + type: integer name: v1beta1 schema: openAPIV3Schema: @@ -14039,11 +14724,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -14054,6 +14737,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -14093,6 +14782,7 @@ spec: configuration must be inside secret key: config.yaml. It must be created and managed manually. If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders + Deprecated, use externalConfig.secretRef instead type: string containers: description: |- @@ -14106,23 +14796,20 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array - default_url: + disableAutomountServiceAccountToken: description: |- - DefaultURLs backend url for non-matching paths filter - usually used for default backend with error message - items: - type: string - type: array + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator for the application. Has priority over `VM_DISABLESELFSERVICESCRAPECREATION` operator env variable type: boolean - discover_backend_ips: - description: DiscoverBackendIPs instructs discovering URLPrefix backend - IPs via DNS. - type: boolean dnsConfig: description: |- Specifies the DNS parameters of a pod. @@ -14151,9 +14838,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -14171,11 +14861,42 @@ spec: dnsPolicy: description: DNSPolicy sets DNS policy for the pod type: string - drop_src_path_prefix_parts: + externalConfig: description: |- - DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. - See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. - type: integer + ExternalConfig defines a source of external VMAuth configuration. + If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders + properties: + localPath: + description: |- + LocalPath contains static path to a config, which is managed externally for cases + when using secrets is not applicable, e.g.: Vault sidecar. + type: string + secretRef: + description: SecretRef defines selector for externally managed + secret which contains configuration + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object extraArgs: additionalProperties: type: string @@ -14209,15 +14930,52 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array - headers: + extraEnvsFrom: description: |- - Headers represent additional http headers, that vmauth uses - in form of ["header_key: header_value"] - multiple values for header key: - ["header_key: value1,value2"] - it's available since 1.68.0 version of vmauth + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap items: - type: string + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object type: array host_aliases: description: |- @@ -14303,9 +15061,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -14347,8 +15103,8 @@ spec: these may change in the future.\nIncoming requests are matched against the host before the\nIngressRuleValue. If the host is unspecified, the Ingress routes all\ntraffic - based on the specified IngressRuleValue.\n\n\nhost can - be \"precise\" which is a domain name without the terminating + based on the specified IngressRuleValue.\n\nhost can be + \"precise\" which is a domain name without the terminating dot of\na network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name\nprefixed with a single wildcard label (e.g. \"*.foo.com\").\nThe wildcard character '*' @@ -14436,6 +15192,7 @@ spec: format: int32 type: integer type: object + x-kubernetes-map-type: atomic required: - name type: object @@ -14551,26 +15308,15 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array - ip_filters: - description: |- - IPFilters defines per target src ip filters - supported only with enterprise version of [vmauth](https://docs.victoriametrics.com/vmauth/#ip-filters) - properties: - allow_list: - items: - type: string - type: array - deny_list: - items: - type: string - type: array - type: object license: description: |- License allows to configure license key to be used for enterprise features. Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) properties: + forceOffline: + description: Enforce offline verification of the license key. + type: boolean key: description: |- Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). @@ -14591,9 +15337,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -14603,20 +15347,15 @@ spec: - key type: object x-kubernetes-map-type: atomic + reloadInterval: + description: Interval to be used for checking for license key + changes. Note that this is only applicable when using KeyRef. + type: string type: object livenessProbe: description: LivenessProbe that will be added CRD pod type: object x-kubernetes-preserve-unknown-fields: true - load_balancing_policy: - description: |- - LoadBalancingPolicy defines load balancing policy to use for backend urls. - Supported policies: least_loaded, first_available. - See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default "least_loaded") - enum: - - least_loaded - - first_available - type: string logFormat: description: LogFormat for VMAuth to be configured with. enum: @@ -14633,14 +15372,32 @@ spec: - FATAL - PANIC type: string - max_concurrent_requests: + managedMetadata: description: |- - MaxConcurrentRequests defines max concurrent requests per user - 300 is default value for vmauth - type: integer + ManagedMetadata defines metadata that will be added to the all objects + created by operator for the given CustomResource + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Labels Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + type: object + type: object minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -14756,11 +15513,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -14771,6 +15526,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -14803,23 +15564,6 @@ spec: More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object - response_headers: - description: |- - ResponseHeaders represent additional http headers, that vmauth adds for request response - in form of ["header_key: header_value"] - multiple values for header key: - ["header_key: value1,value2"] - it's available since 1.93.0 version of vmauth - items: - type: string - type: array - retry_status_codes: - description: |- - RetryStatusCodes defines http status codes in numeric format for request retries - e.g. [429,503] - items: - type: integer - type: array revisionHistoryLimitCount: description: |- The number of old ReplicaSets to retain to allow rollback in deployment or @@ -14926,164 +15670,6 @@ spec: termination format: int64 type: integer - tlsConfig: - description: TLSConfig specifies TLSConfig configuration parameters. - properties: - ca: - description: Stuct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to use for the - targets. - type: string - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container for - the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container for - the targets. - type: string - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object tolerations: description: Tolerations If specified, the pod's tolerations. items: @@ -15140,88 +15726,342 @@ spec: x-kubernetes-preserve-unknown-fields: true type: array unauthorizedAccessConfig: - description: UnauthorizedAccessConfig configures access for un authorized - users - items: - properties: - discover_backend_ips: - description: DiscoverBackendIPs instructs discovering URLPrefix - backend IPs via DNS. - type: boolean - drop_src_path_prefix_parts: - description: |- - DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. - See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. - type: integer - headers: - description: |- - RequestHeaders represent additional http headers, that vmauth uses - in form of ["header_key: header_value"] - multiple values for header key: - ["header_key: value1,value2"] - it's available since 1.68.0 version of vmauth - items: - type: string - type: array - load_balancing_policy: - description: |- - LoadBalancingPolicy defines load balancing policy to use for backend urls. - Supported policies: least_loaded, first_available. - See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default "least_loaded") - enum: - - least_loaded - - first_available + description: |- + UnauthorizedAccessConfig configures access for un authorized users + + Deprecated, use unauthorizedUserAccessSpec instead + will be removed at v1.0 release + x-kubernetes-preserve-unknown-fields: true + unauthorizedUserAccessSpec: + description: UnauthorizedUserAccessSpec defines unauthorized_user + config section of vmauth config + properties: + default_url: + description: |- + DefaultURLs backend url for non-matching paths filter + usually used for default backend with error message + items: type: string - response_headers: + type: array + discover_backend_ips: + description: DiscoverBackendIPs instructs discovering URLPrefix + backend IPs via DNS. + type: boolean + drop_src_path_prefix_parts: + description: |- + DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. + See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. + type: integer + dump_request_on_errors: + description: |- + DumpRequestOnErrors instructs vmauth to return detailed request params to the client + if routing rules don't allow to forward request to the backends. + Useful for debugging `src_hosts` and `src_headers` based routing rules + + available since v1.107.0 vmauth version + type: boolean + headers: + description: |- + Headers represent additional http headers, that vmauth uses + in form of ["header_key: header_value"] + multiple values for header key: + ["header_key: value1,value2"] + it's available since 1.68.0 version of vmauth + items: + type: string + type: array + ip_filters: + description: |- + IPFilters defines per target src ip filters + supported only with enterprise version of [vmauth](https://docs.victoriametrics.com/vmauth/#ip-filters) + properties: + allow_list: + items: + type: string + type: array + deny_list: + items: + type: string + type: array + type: object + load_balancing_policy: + description: |- + LoadBalancingPolicy defines load balancing policy to use for backend urls. + Supported policies: least_loaded, first_available. + See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default "least_loaded") + enum: + - least_loaded + - first_available + type: string + max_concurrent_requests: + description: |- + MaxConcurrentRequests defines max concurrent requests per user + 300 is default value for vmauth + type: integer + metric_labels: + additionalProperties: + type: string + description: MetricLabels - additional labels for metrics exported + by vmauth for given user. + type: object + response_headers: + description: |- + ResponseHeaders represent additional http headers, that vmauth adds for request response + in form of ["header_key: header_value"] + multiple values for header key: + ["header_key: value1,value2"] + it's available since 1.93.0 version of vmauth + items: + type: string + type: array + retry_status_codes: + description: |- + RetryStatusCodes defines http status codes in numeric format for request retries + e.g. [429,503] + items: + type: integer + type: array + tlsConfig: + description: TLSConfig defines tls configuration for the backend + connection + properties: + ca: + description: Struct containing the CA cert to use for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: Path to the CA cert in the container to use for + the targets. + type: string + cert: + description: Struct containing the client cert file for the + targets. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: Path to the client cert file in the container + for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the container + for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url_map: + items: description: |- - ResponseHeaders represent additional http headers, that vmauth adds for request response - in form of ["header_key: header_value"] - multiple values for header key: - ["header_key: value1,value2"] - it's available since 1.93.0 version of vmauth - items: - type: string - type: array - retry_status_codes: - description: |- - RetryStatusCodes defines http status codes in numeric format for request retries - Can be defined per target or at VMUser.spec level - e.g. [429,503] - items: - type: integer - type: array - src_headers: - description: SrcHeaders is an optional list of headers, which - must match request headers. - items: - type: string - type: array - src_hosts: - description: SrcHosts is an optional list of regular expressions, - which must match the request hostname. - items: - type: string - type: array - src_paths: - description: SrcPaths is an optional list of regular expressions, - which must match the request path. - items: - type: string - type: array - src_query_args: - description: SrcQueryArgs is an optional list of query args, - which must match request URL query args. - items: - type: string - type: array - url_prefix: - description: UrlPrefix contains backend url prefixes for the - proxied request url. - items: - type: string - type: array - type: object - type: array + UnauthorizedAccessConfigURLMap defines element of url_map routing configuration + For UnauthorizedAccessConfig and VMAuthUnauthorizedUserAccessSpec.URLMap + properties: + discover_backend_ips: + description: DiscoverBackendIPs instructs discovering URLPrefix + backend IPs via DNS. + type: boolean + drop_src_path_prefix_parts: + description: |- + DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. + See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. + type: integer + headers: + description: |- + RequestHeaders represent additional http headers, that vmauth uses + in form of ["header_key: header_value"] + multiple values for header key: + ["header_key: value1,value2"] + it's available since 1.68.0 version of vmauth + items: + type: string + type: array + load_balancing_policy: + description: |- + LoadBalancingPolicy defines load balancing policy to use for backend urls. + Supported policies: least_loaded, first_available. + See [here](https://docs.victoriametrics.com/vmauth#load-balancing) for more details (default "least_loaded") + enum: + - least_loaded + - first_available + type: string + response_headers: + description: |- + ResponseHeaders represent additional http headers, that vmauth adds for request response + in form of ["header_key: header_value"] + multiple values for header key: + ["header_key: value1,value2"] + it's available since 1.93.0 version of vmauth + items: + type: string + type: array + retry_status_codes: + description: |- + RetryStatusCodes defines http status codes in numeric format for request retries + Can be defined per target or at VMUser.spec level + e.g. [429,503] + items: + type: integer + type: array + src_headers: + description: SrcHeaders is an optional list of headers, + which must match request headers. + items: + type: string + type: array + src_hosts: + description: SrcHosts is an optional list of regular expressions, + which must match the request hostname. + items: + type: string + type: array + src_paths: + description: SrcPaths is an optional list of regular expressions, + which must match the request path. + items: + type: string + type: array + src_query_args: + description: SrcQueryArgs is an optional list of query args, + which must match request URL query args. + items: + type: string + type: array + url_prefix: + description: |- + UrlPrefix contains backend url prefixes for the proxied request url. + URLPrefix defines prefix prefix for destination + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + url_prefix: + description: URLPrefix defines prefix prefix for destination + x-kubernetes-preserve-unknown-fields: true + type: object useDefaultResources: description: |- UseDefaultResources controls resource settings @@ -15376,10 +16216,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -15387,11 +16225,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -15425,16 +16261,84 @@ spec: x-kubernetes-preserve-unknown-fields: true type: array type: object + x-kubernetes-preserve-unknown-fields: true status: description: VMAuthStatus defines the observed state of VMAuth properties: + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer reason: - description: Reason defines fail reason for update process, effective - only for statefulMode + description: Reason defines human readable error reason type: string updateStatus: - description: UpdateStatus defines a status for update rollout, effective - only for statefulMode + description: UpdateStatus defines a status for update rollout type: string type: object type: object @@ -15447,19 +16351,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmclusters.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMCluster @@ -15485,7 +16379,7 @@ spec: name: Age type: date - description: Current status of cluster - jsonPath: .status.clusterStatus + jsonPath: .status.updateStatus name: Status type: string name: v1beta1 @@ -15543,9 +16437,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -15556,6 +16448,9 @@ spec: Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) properties: + forceOffline: + description: Enforce offline verification of the license key. + type: boolean key: description: |- Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). @@ -15576,9 +16471,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -15588,6 +16481,33 @@ spec: - key type: object x-kubernetes-map-type: atomic + reloadInterval: + description: Interval to be used for checking for license key + changes. Note that this is only applicable when using KeyRef. + type: string + type: object + managedMetadata: + description: |- + ManagedMetadata defines metadata that will be added to the all objects + created by operator for the given CustomResource + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Labels Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + type: object type: object paused: description: |- @@ -15600,6 +16520,25 @@ spec: distinct storage nodes format: int32 type: integer + requestsLoadBalancer: + description: |- + RequestsLoadBalancer configures load-balancing for vminsert and vmselect requests + it helps to evenly spread load across pods + usually it's not possible with kubernetes TCP based service + properties: + disableInsertBalancing: + type: boolean + disableSelectBalancing: + type: boolean + enabled: + type: boolean + spec: + description: |- + VMAuthLoadBalancerSpec defines configuration spec for VMAuth used as load-balancer + for VMCluster component + type: object + x-kubernetes-preserve-unknown-fields: true + type: object retentionPeriod: description: |- RetentionPeriod for the stored metrics @@ -15651,6 +16590,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator @@ -15685,9 +16632,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -15740,6 +16690,54 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array host_aliases: description: |- HostAliasesUnderScore provides mapping for ip and hostname, @@ -15829,9 +16827,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -15888,7 +16884,7 @@ spec: type: string minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -16005,11 +17001,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -16020,6 +17014,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -16293,10 +17293,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -16304,11 +17302,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -16343,6 +17339,8 @@ spec: type: array type: object vmselect: + description: VMSelect defines configuration section for vmselect components + of the victoria-metrics cluster properties: affinity: description: Affinity If specified, the pod's scheduling constraints. @@ -16572,7 +17570,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -16614,8 +17612,8 @@ spec: as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not - be used.\n\n\nClaimResourceStatus can be in any of - following states:\n\t- ControllerResizeInProgress:\n\t\tState + be used.\n\nClaimResourceStatus can be in any of following + states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -16635,14 +17633,14 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC - update with previously unknown resourceName or ClaimResourceStatus\nshould + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated - with PVC.\n\n\nThis is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature." + with PVC.\n\nThis is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." type: object x-kubernetes-map-type: granular allocatedResources: @@ -16661,8 +17659,8 @@ spec: as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not - be used.\n\n\nCapacity reported here may be larger - than the actual capacity when a volume expansion operation\nis + be used.\n\nCapacity reported here may be larger than + the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources @@ -16670,15 +17668,14 @@ spec: expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis - equal or lower than the requested capacity.\n\n\nA - controller that receives PVC update with previously - unknown resourceName\nshould ignore the update for - the purpose it was designed. For example - a controller - that\nonly is responsible for resizing capacity of - the volume, should ignore PVC updates that change - other valid\nresources associated with PVC.\n\n\nThis - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." + equal or lower than the requested capacity.\n\nA controller + that receives PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. + For example - a controller that\nonly is responsible + for resizing capacity of the volume, should ignore + PVC updates that change other valid\nresources associated + with PVC.\n\nThis is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." type: object capacity: additionalProperties: @@ -16719,10 +17716,15 @@ spec: persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status @@ -16736,13 +17738,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -16798,6 +17800,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator @@ -16832,9 +17842,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -16887,6 +17900,54 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array host_aliases: description: |- HostAliasesUnderScore provides mapping for ip and hostname, @@ -16977,9 +18038,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -17020,7 +18079,7 @@ spec: type: string minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -17179,11 +18238,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -17194,6 +18251,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -17601,7 +18664,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -17643,7 +18706,7 @@ spec: names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\n\nClaimResourceStatus + and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState @@ -17664,14 +18727,14 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress - for the given PVC.\n\n\nA controller that receives + for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with - PVC.\n\n\nThis is an alpha field and requires enabling + PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object x-kubernetes-map-type: granular @@ -17691,7 +18754,7 @@ spec: names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved - and hence may not be used.\n\n\nCapacity reported + and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources @@ -17701,13 +18764,13 @@ spec: request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower - than the requested capacity.\n\n\nA controller that + than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated - with PVC.\n\n\nThis is an alpha field and requires + with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature." type: object capacity: @@ -17750,10 +18813,15 @@ spec: persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status @@ -17767,13 +18835,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -17912,10 +18980,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -17923,11 +18989,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -18186,7 +19250,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -18228,8 +19292,8 @@ spec: as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not - be used.\n\n\nClaimResourceStatus can be in any of - following states:\n\t- ControllerResizeInProgress:\n\t\tState + be used.\n\nClaimResourceStatus can be in any of following + states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with @@ -18249,14 +19313,14 @@ spec: = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for - the given PVC.\n\n\nA controller that receives PVC - update with previously unknown resourceName or ClaimResourceStatus\nshould + the given PVC.\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated - with PVC.\n\n\nThis is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature." + with PVC.\n\nThis is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." type: object x-kubernetes-map-type: granular allocatedResources: @@ -18275,8 +19339,8 @@ spec: as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not - be used.\n\n\nCapacity reported here may be larger - than the actual capacity when a volume expansion operation\nis + be used.\n\nCapacity reported here may be larger than + the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources @@ -18284,15 +19348,14 @@ spec: expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis - equal or lower than the requested capacity.\n\n\nA - controller that receives PVC update with previously - unknown resourceName\nshould ignore the update for - the purpose it was designed. For example - a controller - that\nonly is responsible for resizing capacity of - the volume, should ignore PVC updates that change - other valid\nresources associated with PVC.\n\n\nThis - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." + equal or lower than the requested capacity.\n\nA controller + that receives PVC update with previously unknown resourceName\nshould + ignore the update for the purpose it was designed. + For example - a controller that\nonly is responsible + for resizing capacity of the volume, should ignore + PVC updates that change other valid\nresources associated + with PVC.\n\nThis is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature." type: object capacity: additionalProperties: @@ -18333,10 +19396,15 @@ spec: persistent volume is being resized. type: string status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about type: string required: - status @@ -18350,13 +19418,13 @@ spec: description: |- currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). type: string modifyVolumeStatus: description: |- ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted. - This is an alpha field and requires enabling VolumeAttributesClass feature. + This is a beta field and requires enabling VolumeAttributesClass feature (off by default). properties: status: description: "status is the status of the ControllerModifyVolume @@ -18407,6 +19475,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator @@ -18441,9 +19517,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -18496,6 +19575,54 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array host_aliases: description: |- HostAliasesUnderScore provides mapping for ip and hostname, @@ -18580,9 +19707,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -18640,7 +19765,7 @@ spec: type: array minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -18757,11 +19882,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -18772,6 +19895,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -19047,9 +20176,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -19128,9 +20255,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or @@ -19196,9 +20321,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -19213,6 +20336,56 @@ spec: - name type: object type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array image: description: Image - docker image settings for VMBackuper properties: @@ -19257,11 +20430,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -19272,6 +20443,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -19362,10 +20539,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -19373,11 +20548,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -19439,10 +20612,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -19450,11 +20621,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -19495,18 +20664,84 @@ spec: description: VMClusterStatus defines the observed state of VMCluster properties: clusterStatus: - description: UpdateStatus defines status for application + description: LegacyStatus is deprecated and will be removed at v0.52.0 + version type: string - lastSync: - description: Deprecated. - type: string - reason: - type: string - updateFailCount: - description: Deprecated. + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 type: integer - required: - - updateFailCount + reason: + description: Reason defines human readable error reason + type: string + updateStatus: + description: UpdateStatus defines a status for update rollout + type: string type: object required: - spec @@ -19520,7 +20755,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmnodescrapes.operator.victoriametrics.com spec: group: operator.victoriametrics.com @@ -19535,10 +20770,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -19586,9 +20821,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -19625,9 +20858,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -19658,9 +20889,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -19692,9 +20921,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -19820,9 +21047,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -19846,9 +21071,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -19873,9 +21096,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -19893,11 +21114,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -20009,6 +21242,8 @@ spec: enum: - http - https + - HTTPS + - HTTP type: string scrape_interval: description: |- @@ -20080,7 +21315,7 @@ spec: description: TLSConfig configuration to use when scraping the endpoint properties: ca: - description: Stuct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -20095,9 +21330,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -20121,9 +21354,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20154,9 +21385,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -20180,9 +21409,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20218,9 +21445,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -20245,7 +21470,7 @@ spec: description: |- disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets - could be re-used. + could be reused. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements type: boolean headers: @@ -20285,9 +21510,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -20318,9 +21541,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -20345,9 +21566,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20360,170 +21579,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration parameters. - properties: - ca: - description: Stuct containing the CA cert to use for the - targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to use - for the targets. - type: string - cert: - description: Struct containing the client cert file for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object scrape_align_interval: type: string @@ -20536,12 +21592,80 @@ spec: status: description: ScrapeObjectStatus defines the observed state of ScrapeObjects properties: - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines update status of resource + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object type: object @@ -20554,7 +21678,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmpodscrapes.operator.victoriametrics.com spec: group: operator.victoriametrics.com @@ -20569,10 +21693,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -20664,9 +21788,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20703,9 +21825,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20736,9 +21856,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20770,9 +21888,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20904,9 +22020,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -20930,9 +22044,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -20957,9 +22069,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -20978,11 +22088,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -21004,6 +22126,13 @@ spec: port: description: Name of the port exposed at Pod. type: string + portNumber: + description: PortNumber defines the `Pod` port number which + exposes the endpoint. + format: int32 + maximum: 65535 + minimum: 1 + type: integer proxyURL: description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. @@ -21095,6 +22224,8 @@ spec: enum: - http - https + - HTTPS + - HTTP type: string scrape_interval: description: |- @@ -21115,15 +22246,15 @@ spec: - type: integer - type: string description: |- - TargetPort - Name or number of the pod port this endpoint refers to. Mutually exclusive with port. + TargetPort defines name or number of the pod port this endpoint refers to. + Mutually exclusive with Port and PortNumber. x-kubernetes-int-or-string: true tlsConfig: description: TLSConfig configuration to use when scraping the endpoint properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -21140,9 +22271,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -21166,9 +22295,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -21201,9 +22328,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -21227,9 +22352,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -21266,9 +22389,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -21293,7 +22414,7 @@ spec: description: |- disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets - could be re-used. + could be reused. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements type: boolean headers: @@ -21333,9 +22454,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -21366,9 +22485,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -21393,9 +22510,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -21408,172 +22523,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration - parameters. - properties: - ca: - description: Stuct containing the CA cert to use - for the targets. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container - to use for the targets. - type: string - cert: - description: Struct containing the client cert file - for the targets. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the - container for the targets. - type: string - keySecret: - description: Secret containing the client key file - for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object scrape_align_interval: type: string @@ -21653,12 +22603,80 @@ spec: status: description: ScrapeObjectStatus defines the observed state of ScrapeObjects properties: - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines update status of resource + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object type: object @@ -21671,7 +22689,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmprobes.operator.victoriametrics.com spec: group: operator.victoriametrics.com @@ -21686,10 +22704,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -21737,9 +22755,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -21776,9 +22792,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -21809,9 +22823,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -21843,9 +22855,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -21977,9 +22987,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -22003,9 +23011,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22030,9 +23036,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -22050,11 +23054,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -22087,6 +23103,8 @@ spec: enum: - http - https + - HTTPS + - HTTP type: string scrape_interval: description: |- @@ -22349,7 +23367,7 @@ spec: description: TLSConfig configuration to use when scraping the endpoint properties: ca: - description: Stuct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -22364,9 +23382,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -22390,9 +23406,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22423,9 +23437,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -22449,9 +23461,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22487,9 +23497,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -22514,7 +23522,7 @@ spec: description: |- disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets - could be re-used. + could be reused. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements type: boolean headers: @@ -22554,9 +23562,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -22587,9 +23593,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -22614,9 +23618,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -22629,170 +23631,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration parameters. - properties: - ca: - description: Stuct containing the CA cert to use for the - targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to use - for the targets. - type: string - cert: - description: Struct containing the client cert file for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object scrape_align_interval: type: string @@ -22831,12 +23670,80 @@ spec: status: description: ScrapeObjectStatus defines the observed state of ScrapeObjects properties: - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines update status of resource + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object required: @@ -22851,19 +23758,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmrules.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMRule @@ -22876,10 +23773,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -23050,7 +23947,7 @@ spec: type: description: |- Type defines datasource type for enterprise version of vmalert - possible values - prometheus,graphite + possible values - prometheus,graphite,vlogs type: string required: - name @@ -23063,12 +23960,80 @@ spec: status: description: VMRuleStatus defines the observed state of VMRule properties: - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines CRD processing status + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object required: @@ -23083,7 +24048,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmscrapeconfigs.operator.victoriametrics.com spec: group: operator.victoriametrics.com @@ -23098,10 +24063,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -23147,9 +24112,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -23201,9 +24164,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -23257,9 +24218,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -23290,9 +24249,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -23324,9 +24281,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -23365,9 +24320,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -23403,9 +24356,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -23436,9 +24387,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -23453,6 +24402,11 @@ spec: description: Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter. type: string + filter: + description: |- + Filter defines filter for /v1/catalog/services requests + See https://developer.hashicorp.com/consul/api-docs/features/filtering + type: string followRedirects: description: |- Configure whether HTTP requests follow HTTP 3xx redirects. @@ -23489,9 +24443,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -23515,9 +24467,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -23542,9 +24492,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -23563,11 +24511,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -23604,9 +24564,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -23637,9 +24595,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -23664,9 +24620,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -23679,171 +24633,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration - parameters. - properties: - ca: - description: Stuct containing the CA cert to use for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to - use for the targets. - type: string - cert: - description: Struct containing the client cert file - for the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object proxyURL: description: ProxyURL eg http://proxyserver:2195 Directs scrapes @@ -23883,7 +24673,7 @@ spec: description: TLS configuration to use on every scrape request properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -23900,9 +24690,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -23926,9 +24714,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -23961,9 +24747,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -23987,9 +24771,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -24026,9 +24808,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24057,9 +24837,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24099,9 +24877,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24143,9 +24919,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -24169,9 +24943,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -24196,9 +24968,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24217,11 +24987,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -24258,9 +25040,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -24291,9 +25071,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -24318,9 +25096,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24333,171 +25109,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration - parameters. - properties: - ca: - description: Stuct containing the CA cert to use for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to - use for the targets. - type: string - cert: - description: Struct containing the client cert file - for the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object proxyURL: description: ProxyURL eg http://proxyserver:2195 Directs scrapes @@ -24507,7 +25119,7 @@ spec: description: TLS configuration to use on every scrape request properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -24524,9 +25136,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -24550,9 +25160,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -24585,9 +25193,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -24611,9 +25217,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -24650,9 +25254,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24723,9 +25325,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24781,9 +25381,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24826,7 +25424,6 @@ spec: the public IP address with relabeling. See [here](https://docs.victoriametrics.com/sd_configs#gce_sd_configs) - The GCE service discovery will load the Google Cloud credentials from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform @@ -24853,8 +25450,7 @@ spec: zone: description: The zone of the scrape targets. If you need multiple zones use multiple GCESDConfigs. - minLength: 1 - type: string + x-kubernetes-preserve-unknown-fields: true required: - project - zone @@ -24893,9 +25489,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24931,9 +25525,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -24964,9 +25556,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25002,9 +25592,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25035,9 +25623,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25062,9 +25648,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25077,171 +25661,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration - parameters. - properties: - ca: - description: Stuct containing the CA cert to use for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to - use for the targets. - type: string - cert: - description: Struct containing the client cert file - for the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object proxyURL: description: ProxyURL eg http://proxyserver:2195 Directs scrapes @@ -25251,7 +25671,7 @@ spec: description: TLS configuration to use on every scrape request properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -25268,9 +25688,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -25294,9 +25712,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25329,9 +25745,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -25355,9 +25769,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25394,9 +25806,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25465,9 +25875,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25503,9 +25911,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25536,9 +25942,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25590,9 +25994,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -25616,9 +26018,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25643,9 +26043,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25664,11 +26062,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -25702,9 +26112,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25735,9 +26143,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -25762,9 +26168,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -25777,171 +26181,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration - parameters. - properties: - ca: - description: Stuct containing the CA cert to use for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to - use for the targets. - type: string - cert: - description: Struct containing the client cert file - for the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object proxyURL: description: ProxyURL eg http://proxyserver:2195 Directs scrapes @@ -25973,7 +26213,7 @@ spec: description: TLS configuration to use on every scrape request properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -25990,9 +26230,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -26016,9 +26254,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -26051,9 +26287,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -26077,9 +26311,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -26116,9 +26348,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -26236,9 +26466,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -26262,9 +26490,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -26289,9 +26515,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -26309,11 +26533,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -26361,9 +26597,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -26412,9 +26646,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -26455,7 +26687,7 @@ spec: description: TLS configuration to use on every scrape request properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -26472,9 +26704,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -26498,9 +26728,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -26533,9 +26761,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -26559,9 +26785,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -26598,9 +26822,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -26729,6 +26951,8 @@ spec: enum: - http - https + - HTTPS + - HTTP type: string scrape_interval: description: |- @@ -26770,7 +26994,7 @@ spec: description: TLSConfig configuration to use when scraping the endpoint properties: ca: - description: Stuct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -26785,9 +27009,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -26811,9 +27033,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -26844,9 +27064,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -26870,9 +27088,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -26908,9 +27124,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -26935,7 +27149,7 @@ spec: description: |- disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets - could be re-used. + could be reused. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements type: boolean headers: @@ -26975,9 +27189,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -27008,9 +27220,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -27035,9 +27245,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27050,170 +27258,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration parameters. - properties: - ca: - description: Stuct containing the CA cert to use for the - targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container to use - for the targets. - type: string - cert: - description: Struct containing the client cert file for - the targets. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the container - for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the container - for the targets. - type: string - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object scrape_align_interval: type: string @@ -27226,12 +27271,80 @@ spec: status: description: ScrapeObjectStatus defines the observed state of ScrapeObjects properties: - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines update status of resource + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object type: object @@ -27244,7 +27357,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmservicescrapes.operator.victoriametrics.com spec: group: operator.victoriametrics.com @@ -27259,10 +27372,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -27348,9 +27461,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27387,9 +27498,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27420,9 +27529,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27454,9 +27561,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27582,9 +27687,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -27608,9 +27711,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -27635,9 +27736,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27656,11 +27755,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -27773,6 +27884,8 @@ spec: enum: - http - https + - HTTPS + - HTTP type: string scrape_interval: description: |- @@ -27801,7 +27914,7 @@ spec: endpoint properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -27818,9 +27931,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -27844,9 +27955,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -27879,9 +27988,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -27905,9 +28012,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -27944,9 +28049,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -27971,7 +28074,7 @@ spec: description: |- disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets - could be re-used. + could be reused. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements type: boolean headers: @@ -28011,9 +28114,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -28044,9 +28145,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -28071,9 +28170,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -28086,172 +28183,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration - parameters. - properties: - ca: - description: Stuct containing the CA cert to use - for the targets. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container - to use for the targets. - type: string - cert: - description: Struct containing the client cert file - for the targets. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the - container for the targets. - type: string - keySecret: - description: Secret containing the client key file - for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object scrape_align_interval: type: string @@ -28356,12 +28288,80 @@ spec: status: description: ScrapeObjectStatus defines the observed state of ScrapeObjects properties: - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines update status of resource + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object required: @@ -28376,19 +28376,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmsingles.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMSingle @@ -28399,9 +28389,12 @@ spec: versions: - additionalPrinterColumns: - description: Current status of single node update process - jsonPath: .status.singleStatus + jsonPath: .status.updateStatus name: Status type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1beta1 schema: openAPIV3Schema: @@ -28451,6 +28444,14 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + disableAutomountServiceAccountToken: + description: |- + DisableAutomountServiceAccountToken whether to disable serviceAccount auto mount by Kubernetes (available from v0.54.0). + Operator will conditionally create volumes and volumeMounts for containers if it requires k8s API access. + For example, vmagent and vm-config-reloader requires k8s API access. + Operator creates volumes with name: "kube-api-access", which can be used as volumeMount for extraContainers if needed. + And also adds VolumeMounts at /var/run/secrets/kubernetes.io/serviceaccount. + type: boolean disableSelfServiceScrape: description: |- DisableSelfServiceScrape controls creation of VMServiceScrape by operator @@ -28485,9 +28486,12 @@ spec: of a pod. properties: name: - description: Required. + description: |- + Name is this DNS resolver option's name. + Required. type: string value: + description: Value is this DNS resolver option's value. type: string type: object type: array @@ -28538,6 +28542,53 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array host_aliases: description: |- HostAliasesUnderScore provides mapping for ip and hostname, @@ -28622,9 +28673,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -28664,6 +28713,9 @@ spec: Using license key is supported starting from VictoriaMetrics v1.94.0. See [here](https://docs.victoriametrics.com/enterprise) properties: + forceOffline: + description: Enforce offline verification of the license key. + type: boolean key: description: |- Enterprise license key. This flag is available only in [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise). @@ -28684,9 +28736,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -28696,6 +28746,10 @@ spec: - key type: object x-kubernetes-map-type: atomic + reloadInterval: + description: Interval to be used for checking for license key + changes. Note that this is only applicable when using KeyRef. + type: string type: object livenessProbe: description: LivenessProbe that will be added CRD pod @@ -28717,9 +28771,32 @@ spec: - FATAL - PANIC type: string + managedMetadata: + description: |- + ManagedMetadata defines metadata that will be added to the all objects + created by operator for the given CustomResource + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Labels Map of string keys and values that can be used to organize and categorize + (scope and select) objects. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + type: object + type: object minReadySeconds: description: |- - MinReadySeconds defines a minim number os seconds to wait before starting update next pod + MinReadySeconds defines a minimum number of seconds to wait before starting update next pod if previous in healthy state Has no effect for VLogs and VMSingle format: int32 @@ -28810,11 +28887,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -28825,6 +28900,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -28962,6 +29043,7 @@ spec: description: |- Storage is the definition of how storage will be used by the VMSingle by default it`s empty dir + this option is ignored if storageDataPath is set properties: accessModes: description: |- @@ -29145,7 +29227,7 @@ spec: set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). type: string volumeMode: description: |- @@ -29161,6 +29243,7 @@ spec: description: |- StorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary --storageDataPath, its users responsibility to mount proper device into given path. + It requires to provide spec.volumes and spec.volumeMounts with at least 1 value type: string storageMetadata: description: StorageMeta defines annotations and labels attached to @@ -29211,9 +29294,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key must @@ -29236,6 +29317,10 @@ spec: items: type: string type: array + enableWindows: + description: EnableWindows enables aggregating data in separate + windows ( available from v0.54.0). + type: boolean ignoreFirstIntervals: description: IgnoreFirstIntervals instructs to ignore first interval type: integer @@ -29256,10 +29341,8 @@ spec: description: |- By is an optional list of labels for grouping input series. - See also Without. - If neither By nor Without are set, then the Outputs are calculated individually per each input time series. items: @@ -29272,11 +29355,14 @@ spec: description: |- DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples. - Labels are dropped before de-duplication and aggregation. items: type: string type: array + enable_windows: + description: EnableWindows enables aggregating data in separate + windows + type: boolean flush_on_shutdown: description: |- FlushOnShutdown defines whether to flush the aggregation state on process termination @@ -29379,7 +29465,6 @@ spec: description: |- Match is a label selector (or list of label selectors) for filtering time series for the given selector. - If the match isn't set, then all the input time series are processed. x-kubernetes-preserve-unknown-fields: true no_align_flush_to_interval: @@ -29469,10 +29554,8 @@ spec: description: |- Outputs is a list of output aggregate functions to produce. - The following names are allowed: - - total - aggregates input counters - increase - counts the increase over input counters - count_series - counts the input series @@ -29487,10 +29570,8 @@ spec: - histogram_bucket - creates VictoriaMetrics histogram for input samples - quantiles(phi1, ..., phiN) - quantiles' estimation for phi in the range [0..1] - The output time series will have the following names: - input_name:aggr__ items: type: string @@ -29504,10 +29585,8 @@ spec: description: |- Without is an optional list of labels, which must be excluded when grouping input series. - See also By. - If neither By nor Without are set, then the Outputs are calculated individually per each input time series. items: @@ -29621,9 +29700,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -29701,9 +29778,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -29769,9 +29844,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -29786,6 +29859,54 @@ spec: - name type: object type: array + extraEnvsFrom: + description: |- + ExtraEnvsFrom defines source of env variables for the application container + could either be secret or configmap + items: + description: EnvFromSource represents the source of a set of + ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key + in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array image: description: Image - docker image settings for VMBackuper properties: @@ -29830,11 +29951,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -29845,6 +29964,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -29933,10 +30058,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -29944,11 +30067,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -30004,10 +30125,8 @@ spec: RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -30015,11 +30134,9 @@ spec: supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled. type: string subPath: @@ -30058,32 +30175,85 @@ spec: status: description: VMSingleStatus defines the observed state of VMSingle properties: - availableReplicas: - description: AvailableReplicas Total number of available pods (ready - for at least minReadySeconds) targeted by this VMSingle. - format: int32 + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 type: integer reason: - description: Reason defines a reason in case of update failure + description: Reason defines human readable error reason type: string - replicas: - description: ReplicaCount Total number of non-terminated pods targeted - by this VMSingle. - format: int32 - type: integer singleStatus: - description: UpdateStatus defines a status of single node rollout + description: LegacyStatus is deprecated and will be removed at v0.52.0 + version + type: string + updateStatus: + description: UpdateStatus defines a status for update rollout type: string - unavailableReplicas: - description: UnavailableReplicas Total number of unavailable pods - targeted by this VMSingle. - format: int32 - type: integer - updatedReplicas: - description: UpdatedReplicas Total number of non-terminated pods targeted - by this VMSingle. - format: int32 - type: integer type: object type: object served: true @@ -30095,7 +30265,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmstaticscrapes.operator.victoriametrics.com spec: group: operator.victoriametrics.com @@ -30110,10 +30280,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -30177,9 +30347,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -30216,9 +30384,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -30249,9 +30415,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -30283,9 +30447,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -30416,9 +30578,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -30442,9 +30602,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -30469,9 +30627,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -30490,11 +30646,23 @@ spec: type: string description: Parameters to append to the token URL type: object + proxy_url: + description: |- + The proxy URL for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + type: string scopes: description: OAuth2 scopes used for the token request items: type: string type: array + tls_config: + description: |- + TLSConfig for token_url connection + ( available from v0.55.0). + Is only supported by Scrape objects family + x-kubernetes-preserve-unknown-fields: true token_url: description: The URL to fetch the token from minLength: 1 @@ -30604,6 +30772,8 @@ spec: enum: - http - https + - HTTPS + - HTTP type: string scrape_interval: description: |- @@ -30630,7 +30800,7 @@ spec: endpoint properties: ca: - description: Stuct containing the CA cert to use for the + description: Struct containing the CA cert to use for the targets. properties: configMap: @@ -30647,9 +30817,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -30673,9 +30841,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -30708,9 +30874,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its @@ -30734,9 +30898,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -30773,9 +30935,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -30800,7 +30960,7 @@ spec: description: |- disable_keepalive allows disabling HTTP keep-alive when scraping targets. By default, HTTP keep-alive is enabled, so TCP connections to scrape targets - could be re-used. + could be reused. See https://docs.victoriametrics.com/vmagent#scrape_config-enhancements type: boolean headers: @@ -30840,9 +31000,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -30873,9 +31031,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its @@ -30900,9 +31056,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key @@ -30915,172 +31069,7 @@ spec: bearer_token_file: type: string tls_config: - description: TLSConfig specifies TLSConfig configuration - parameters. - properties: - ca: - description: Stuct containing the CA cert to use - for the targets. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the container - to use for the targets. - type: string - cert: - description: Struct containing the client cert file - for the targets. - properties: - configMap: - description: ConfigMap containing data to use - for the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for - the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the - container for the targets. - type: string - keySecret: - description: Secret containing the client key file - for the targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object + x-kubernetes-preserve-unknown-fields: true type: object scrape_align_interval: type: string @@ -31099,12 +31088,80 @@ spec: status: description: ScrapeObjectStatus defines the observed state of ScrapeObjects properties: - lastSyncError: - description: LastSyncError contains error message for unsuccessful - config generation + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines update status of resource + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object type: object @@ -31117,19 +31174,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.17.2 name: vmusers.operator.victoriametrics.com spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook-service - namespace: vm - path: /convert - conversionReviewVersions: - - v1 group: operator.victoriametrics.com names: kind: VMUser @@ -31142,10 +31189,10 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.status + - jsonPath: .status.updateStatus name: Status type: string - - jsonPath: .status.lastSyncError + - jsonPath: .status.reason name: Sync Error type: string name: v1beta1 @@ -31197,6 +31244,14 @@ spec: DropSrcPathPrefixParts is the number of `/`-delimited request path prefix parts to drop before proxying the request to backend. See [here](https://docs.victoriametrics.com/vmauth#dropping-request-path-prefix) for more details. type: integer + dump_request_on_errors: + description: |- + DumpRequestOnErrors instructs vmauth to return detailed request params to the client + if routing rules don't allow to forward request to the backends. + Useful for debugging `src_hosts` and `src_headers` based routing rules + + available since v1.107.0 vmauth version + type: boolean generatePassword: description: |- GeneratePassword instructs operator to generate password for user @@ -31268,9 +31323,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -31318,6 +31371,7 @@ spec: - VMAgent - VMAlert - VMSingle + - VLogs - VMAlertManager - VMAlertmanager - VMCluster/vmselect @@ -31444,9 +31498,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -31473,9 +31525,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -31492,10 +31542,10 @@ spec: type: object type: array tlsConfig: - description: TLSConfig specifies TLSConfig configuration parameters. + description: TLSConfig defines tls configuration for the backend connection properties: ca: - description: Stuct containing the CA cert to use for the targets. + description: Struct containing the CA cert to use for the targets. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -31510,9 +31560,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -31536,9 +31584,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -31569,9 +31615,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the ConfigMap or its key @@ -31595,9 +31639,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must @@ -31633,9 +31675,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be @@ -31664,9 +31704,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string optional: description: Specify whether the Secret or its key must be defined @@ -31686,13 +31724,80 @@ spec: status: description: VMUserStatus defines the observed state of VMUser properties: - lastSyncError: + conditions: + description: 'Known .status.conditions.type are: "Available", "Progressing", + and "Degraded"' + items: + description: Condition defines status condition of the resource + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: |- + LastUpdateTime is the last time of given type update. + This value is used for status TTL update and removal + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition in CamelCase or in name.namespace.resource.victoriametrics.com/CamelCase. + maxLength: 316 + type: string + required: + - lastTransitionTime + - lastUpdateTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: description: |- - LastSyncError contains error message for unsuccessful config generation - for given user + ObservedGeneration defines current generation picked by operator for the + reconcile + format: int64 + type: integer + reason: + description: Reason defines human readable error reason type: string - status: - description: Status defines update status of resource + updateStatus: + description: UpdateStatus defines a status for update rollout type: string type: object type: object diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/NOTES.txt b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/NOTES.txt index 52573ba9..7fb3fbd9 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/NOTES.txt +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/NOTES.txt @@ -1,4 +1,4 @@ -{{ $.Chart.Name }} has been installed. Check its status by running: +{{ include "vm.name" . }} has been installed. Check its status by running: kubectl --namespace {{ include "vm.namespace" . }} get pods -l "app.kubernetes.io/instance={{ $.Release.Name }}" Get more information on https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-operator. diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/_helpers.tpl b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/_helpers.tpl index ec6da770..d1215342 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/_helpers.tpl +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/_helpers.tpl @@ -1,82 +1,9 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "vm-operator.name" -}} -{{- $Chart :=(.helm).Chart | default .Chart -}} -{{- $Values :=(.helm).Values | default .Values -}} -{{- default $Chart.Name $Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - {{- define "vm-operator.cleanup.annotations" -}} "helm.sh/hook": pre-delete "helm.sh/hook-weight": "{{ .hookWeight }}" "helm.sh/hook-delete-policy": before-hook-creation {{- end }} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "vm-operator.fullname" -}} - {{- $Values :=(.helm).Values | default .Values -}} - {{- $Release :=(.helm).Release | default .Release -}} - {{- $Chart := (.helm).Chart | default .Chart -}} - {{- if $Values.fullnameOverride -}} - {{- $Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- $name := default $Chart.Name $Values.nameOverride -}} - {{- if contains $name $Release.Name -}} - {{- $Release.Name | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s-%s" $Release.Name $name | trunc 63 | trimSuffix "-" -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "vm-operator.chart" -}} - {{- $Chart := (.helm).Chart | default .Chart -}} - {{- printf "%s-%s" $Chart.Name $Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account -*/}} -{{- define "vm-operator.serviceAccountName" -}} - {{- $Values := (.helm).Values | default .Values }} - {{- if $Values.serviceAccount.create -}} - {{ default (include "vm-operator.fullname" .) $Values.serviceAccount.name }} - {{- else -}} - {{ default "default" $Values.serviceAccount.name }} - {{- end -}} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "vm-operator.selectorLabels" -}} -{{- $Release := (.helm).Release | default .Release -}} -app.kubernetes.io/name: {{ include "vm-operator.name" . }} -app.kubernetes.io/instance: {{ $Release.Name | trunc 63 | trimSuffix "-" }} -{{- with .extraLabels }} -{{ toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Create unified labels for vm-operator components -*/}} -{{- define "vm-operator.labels" -}} -{{- include "vm-operator.selectorLabels" . }} -{{- $Release := (.helm).Release | default .Release }} -helm.sh/chart: {{ include "vm-operator.chart" . }} -app.kubernetes.io/managed-by: {{ $Release.Service | trunc 63 | trimSuffix "-" }} -{{- end -}} - {{/* Create unified annotations for vm-operator components */}} @@ -87,13 +14,6 @@ meta.helm.sh/release-namespace: {{ include "vm.namespace" . }} meta.helm.sh/release-name: {{ $Release.Name }} {{- end -}} -{{/* -Create the name of service account and clusterRole for cleanup-hook -*/}} -{{- define "vm-operator.cleanupHookName" -}} - {{- include "vm-operator.fullname" . }}-cleanup-hook -{{- end }} - {{/* Generate certificates for webhook */}} @@ -102,8 +22,8 @@ Generate certificates for webhook {{- $Release := (.helm).Release | default .Release }} {{- $webhook := $Values.admissionWebhooks -}} {{- $tls := $webhook.tls -}} -{{- $serviceName := (include "vm-operator.fullname" .) -}} -{{- $secretName := (printf "%s-validation" $serviceName) -}} +{{- $fullname := (include "vm.plain.fullname" .) -}} +{{- $secretName := (printf "%s-validation" $fullname) -}} {{- $secret := lookup "v1" "Secret" (include "vm.namespace" .) $secretName -}} {{- if (and $tls.caCert $tls.cert $tls.key) -}} caCert: {{ $tls.caCert | b64enc }} @@ -115,12 +35,12 @@ clientCert: {{ index $secret.data "tls.crt" }} clientKey: {{ index $secret.data "tls.key" }} {{- else -}} {{- $altNames := default list -}} -{{- $namePrefix := (printf "%s.%s" $serviceName (include "vm.namespace" .)) -}} +{{- $namePrefix := (printf "%s.%s" $fullname (include "vm.namespace" .)) -}} {{- $altNames = append $altNames $namePrefix -}} {{- $altNames = append $altNames (printf "%s.svc" $namePrefix) -}} {{- $altNames = append $altNames (printf "%s.svc.%s" $namePrefix $Values.global.cluster.dnsDomain) -}} {{- $ca := genCA "vm-operator-ca" 3650 -}} -{{- $cert := genSignedCert $serviceName nil $altNames 3650 $ca -}} +{{- $cert := genSignedCert $fullname nil $altNames 3650 $ca -}} caCert: {{ $ca.Cert | b64enc }} clientCert: {{ $cert.Cert | b64enc }} clientKey: {{ $cert.Key | b64enc }} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/cleanup.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/cleanup.yaml index 4c6f8acf..d6f4c58f 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/cleanup.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/cleanup.yaml @@ -1,4 +1,4 @@ -{{- if .Values.crds.cleanup.enabled }} +{{- if and .Values.crds.enabled .Values.crds.cleanup.enabled }} {{- $app := .Values.crds.cleanup }} {{- if empty ($app.image).tag }} {{- $tag := (printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor) | replace "+" "" -}} @@ -6,27 +6,31 @@ {{- else if not (kindIs "string" ($app.image).tag) }} {{- fail "`crd.cleanup.image.tag` is not string, most probably you need to enquote provided value" -}} {{- end }} +{{- $ctx := dict "helm" . "noEnterprise" true }} +{{- $fullname := include "vm.plain.fullname" $ctx }} +{{- $ns := include "vm.namespace" $ctx }} --- apiVersion: batch/v1 kind: Job metadata: - name: {{ include "vm-operator.fullname" . }}-cleanup-hook - namespace: {{ include "vm.namespace" . }} - labels: {{ include "vm-operator.labels" . | nindent 4 }} + name: {{ $fullname }}-cleanup-hook + namespace: {{ $ns }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} annotations: {{ include "vm-operator.cleanup.annotations" (dict "hookWeight" "-3") | nindent 4 }} spec: template: metadata: - name: {{ .Release.Name }} - labels: {{ include "vm-operator.labels" . | nindent 8 }} + name: {{ $fullname }} + labels: {{ include "vm.labels" $ctx | nindent 8 }} spec: - serviceAccountName: {{ include "vm-operator.fullname" . }}-cleanup-hook - {{- with .Values.imagePullSecrets }} + serviceAccountName: {{ $fullname }}-cleanup-hook + {{- with (.Values.imagePullSecrets | default .Values.global.imagePullSecrets) }} imagePullSecrets: {{ toYaml . | nindent 8 }} {{- end }} containers: - name: kubectl - image: {{ include "vm.image" (dict "helm" . "app" $app) }} + {{- $_ := set $ctx "appKey" (list "crds" "cleanup") }} + image: {{ include "vm.image" $ctx }} imagePullPolicy: {{ $app.image.pullPolicy }} resources: {{ toYaml $app.resources | nindent 12 }} args: diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/crb.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/crb.yaml index a42cf757..78327074 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/crb.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/crb.yaml @@ -1,37 +1,41 @@ +{{- $ctx := dict "helm" . }} +{{- $fullname := include "vm.plain.fullname" $ctx }} +{{- $ns := include "vm.namespace" $ctx }} {{- if .Values.rbac.create }} kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ include "vm-operator.fullname" . }} - {{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }} - labels: {{ include "vm-operator.labels" $ctx | nindent 4 }} + name: {{ $fullname }} + {{- $_ := set $ctx "extraLabels" .Values.extraLabels }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} + {{- $_ := unset $ctx "extraLabels" }} {{- with .Values.annotations }} annotations: {{ toYaml . | nindent 4 }} {{- end }} subjects: - kind: ServiceAccount - name: {{ include "vm-operator.serviceAccountName" . }} - namespace: {{ include "vm.namespace" . }} + name: {{ (.Values.serviceAccount).name | default $fullname }} + namespace: {{ $ns }} roleRef: kind: ClusterRole - name: {{ include "vm-operator.fullname" . }} + name: {{ $fullname }} apiGroup: rbac.authorization.k8s.io {{- end -}} -{{- if .Values.crds.cleanup.enabled }} +{{- if and .Values.crds.enabled .Values.crds.cleanup.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "vm-operator.fullname" . }}-cleanup-hook - namespace: {{ include "vm.namespace" . }} - labels: {{ include "vm-operator.labels" . | nindent 4 }} + name: {{ $fullname }}-cleanup-hook + namespace: {{ $ns }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} annotations: {{ include "vm-operator.cleanup.annotations" (dict "hookWeight" "-4") | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ include "vm-operator.fullname" . }}-cleanup-hook + name: {{ $fullname }}-cleanup-hook subjects: - kind: ServiceAccount - name: {{ include "vm-operator.fullname" . }}-cleanup-hook - namespace: {{ include "vm.namespace" . }} + name: {{ $fullname }}-cleanup-hook + namespace: {{ $ns }} {{- end }} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/crd.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/crd.yaml index 9d14beec..d5bf4b77 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/crd.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/crd.yaml @@ -1,15 +1,22 @@ {{- /* do not update crds here, please update in /victoria-metrics-operator/crd.yaml */ -}} {{- /* this is used to add "helm.sh/resource-policy: keep" annotation for each crd */ -}} {{- /* see this pull request https://github.com/VictoriaMetrics/helm-charts/pull/771 for details */ -}} -{{- if not .Values.crds.plain }} +{{- $ctx := dict "helm" . }} +{{- if and .Values.crds.plain (not .Values.crds.enabled) }} + {{- fail "When CRDs are disabled (`crds.enabled: false`) you need to disable plain CRD rendering (`crds.plain: false`)" -}} +{{- end -}} +{{- if and (not .Values.crds.plain) .Values.crds.enabled }} {{- $files := .Files }} {{- $crds := $files.Get "crd.yaml" | splitList "---" }} - {{- $labels := (include "vm-operator.labels" .) | fromYaml -}} - {{- $annotations := (include "vm-operator.crds.annotations" .) | fromYaml -}} + {{- $labels := (include "vm.labels" $ctx) | fromYaml -}} + {{- $annotations := mergeOverwrite ((include "vm-operator.crds.annotations" .) | fromYaml) .Values.crds.annotations -}} {{- $extra := dict "metadata" (dict "annotations" $annotations "labels" $labels) -}} {{- range $crds }} - {{- $crd := . | fromYaml }} - {{- toYaml (merge $crd $extra) }} + {{- $crd := merge (fromYaml .) $extra }} + {{- range $attrKey, $attrValue := $crd }} + {{- $attrKey }}: {{ toJson $attrValue }} + {{- printf "\n" -}} + {{ end }} {{- print "\n---\n" }} {{- end }} {{- end }} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/deployment.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/deployment.yaml index 961e79f9..b247f393 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/deployment.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/deployment.yaml @@ -1,39 +1,47 @@ +{{- $ctx := dict "helm" . "noEnterprise" true }} +{{- $fullname := include "vm.plain.fullname" $ctx }} +{{- $ns := include "vm.namespace" $ctx }} --- -{{- if hasKey .Values "watchNamespace" }} - {{- fail "`watchNamespace` is deprecated Please use `watchNamespaces` slice instead" -}} -{{- end }} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "vm-operator.fullname" . }} - namespace: {{ include "vm.namespace" . }} - {{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }} - labels: {{ include "vm-operator.labels" $ctx | nindent 4 }} + name: {{ $fullname }} + namespace: {{ $ns }} + {{- $_ := set $ctx "extraLabels" .Values.extraLabels }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} + {{- $_ := unset $ctx "extraLabels" }} {{- with .Values.annotations }} annotations: {{ toYaml . | nindent 4 }} {{- end }} spec: - replicas: {{.Values.replicaCount}} + replicas: {{.Values.replicaCount }} selector: - matchLabels: {{ include "vm-operator.selectorLabels" . | nindent 6 }} + matchLabels: {{ include "vm.selectorLabels" $ctx | nindent 6 }} template: metadata: {{- with .Values.annotations }} annotations: {{ toYaml . | nindent 8 }} {{- end }} {{- $_ := set $ctx "extraLabels" .Values.podLabels }} - labels: {{ include "vm-operator.selectorLabels" $ctx | nindent 8}} + labels: {{ include "vm.podLabels" $ctx | nindent 8 }} + {{- $_ := unset $ctx "extraLabels" }} spec: + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- if .Values.podSecurityContext.enabled }} securityContext: {{ include "vm.securityContext" (dict "securityContext" .Values.podSecurityContext "helm" .) | nindent 8 }} {{- end }} - serviceAccountName: {{ include "vm-operator.serviceAccountName" . }} + {{- if .Values.hostNetwork }} + hostNetwork: true + {{- end }} + {{- if or (.Values.serviceAccount).name (.Values.serviceAccount).create }} + serviceAccountName: {{ (.Values.serviceAccount).name | default $fullname }} + {{- end }} {{- with (.Values.imagePullSecrets | default .Values.global.imagePullSecrets) }} imagePullSecrets: {{ toYaml . | nindent 8 }} {{- end }} containers: - name: operator - image: {{ include "vm.image" (dict "helm" . "app" .Values ) }} + image: {{ include "vm.image" $ctx }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.envFrom }} envFrom: {{ toYaml . | nindent 12 }} @@ -128,6 +136,9 @@ spec: {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- with .Values.lifecycle }} lifecycle: {{ toYaml . | nindent 8 }} @@ -141,7 +152,7 @@ spec: - {{ toYaml $constraint | nindent 10 | trim }} {{- if not $constraint.labelSelector }} labelSelector: - matchLabels: {{ include "vm-operator.selectorLabels" $ | nindent 14 }} + matchLabels: {{ include "vm.selectorLabels" $ctx | nindent 14 }} {{- end }} {{- end }} {{- end }} @@ -153,7 +164,7 @@ spec: - name: cert secret: defaultMode: 420 - secretName: {{ include "vm-operator.fullname" . }}-validation + secretName: {{ $fullname }}-validation {{- end }} {{- with .Values.extraVolumes }} {{- toYaml .| nindent 8 }} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/extra-objects.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/extra-objects.yaml index a9bb3b6b..f44224d9 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/extra-objects.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/extra-objects.yaml @@ -1,4 +1,4 @@ {{ range .Values.extraObjects }} --- -{{ tpl (toYaml .) $ }} +{{ tpl (ternary . (toYaml .) (typeIs "string" .)) $ }} {{ end }} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/monitor.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/monitor.yaml new file mode 100644 index 00000000..0abcdedc --- /dev/null +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/monitor.yaml @@ -0,0 +1,48 @@ +{{- $monitor := .Values.serviceMonitor }} +{{- if $monitor.enabled -}} +{{- $annotations := mustMerge $monitor.annotations .Values.annotations -}} +{{- $labels := mustMerge $monitor.extraLabels .Values.extraLabels -}} +{{- $ctx := dict "helm" . }} +{{- $fullname := include "vm.plain.fullname" $ctx }} +{{- $ns := include "vm.namespace" $ctx }} +apiVersion: {{ ternary "operator.victoriametrics.com/v1beta1" "monitoring.coreos.com/v1" $monitor.vm }} +kind: {{ ternary "VMServiceScrape" "ServiceMonitor" $monitor.vm }} +metadata: + name: {{ $fullname }} + namespace: {{ $ns }} + {{- $_ := set $ctx "extraLabels" $labels }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} + {{- $_ := unset $ctx "extraLabels" }} + {{- with $annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: {{ include "vm.selectorLabels" $ctx | nindent 6 }} + endpoints: + - port: http + {{- with $monitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with $monitor.interval }} + interval: {{ . }} + {{- end }} + {{- with $monitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + {{- with $monitor.tlsConfig }} + tlsConfig: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with $monitor.relabelings }} + {{ ternary "relabelConfigs" "relabelings" $monitor.vm }}: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with $monitor.basicAuth }} + basicAuth: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with $monitor.proxyURL }} + {{ ternary "proxyURL" "proxyUrl" $monitor.vm }}: {{ . }} + {{- end }} + namespaceSelector: + matchNames: + - {{ $ns }} +{{- end }} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/pdb.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/pdb.yaml index cf76e831..8abd9dea 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/pdb.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/pdb.yaml @@ -1,18 +1,23 @@ -{{- if .Values.podDisruptionBudget.enabled }} +{{- $pdb := .Values.podDisruptionBudget }} +{{- if $pdb.enabled }} +{{- $ctx := dict "helm" . }} +{{- $fullname := include "vm.plain.fullname" $ctx }} +{{- $ns := include "vm.namespace" $ctx }} apiVersion: policy/v1 kind: PodDisruptionBudget metadata: - name: {{ include "vm-operator.fullname" . }} - namespace: {{ include "vm.namespace" . }} - {{- $ctx := dict "helm" . "extraLabels" .Values.podDisruptionBudget.labels }} - labels: {{ include "vm-operator.labels" $ctx | nindent 4 }} + name: {{ $fullname }} + namespace: {{ $ns }} + {{- $_ := set $ctx "extraLabels" $pdb.labels }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} + {{- $_ := unset $ctx "extraLabels" }} spec: - {{- with .Values.podDisruptionBudget.minAvailable }} + {{- with $pdb.minAvailable }} minAvailable: {{ . }} {{- end }} - {{- with .Values.podDisruptionBudget.maxUnavailable }} + {{- with $pdb.maxUnavailable }} maxUnavailable: {{ . }} {{- end }} selector: - matchLabels: {{ include "vm-operator.selectorLabels" . | nindent 6 }} + matchLabels: {{ include "vm.selectorLabels" $ctx | nindent 6 }} {{- end }} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/rb.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/rb.yaml index 7eae7946..d31ecae2 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/rb.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/rb.yaml @@ -1,20 +1,24 @@ {{- if .Values.rbac.create -}} +{{- $ctx := dict "helm" . }} +{{- $fullname := include "vm.plain.fullname" $ctx }} +{{- $ns := include "vm.namespace" $ctx }} kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ include "vm-operator.fullname" . }} - namespace: {{ include "vm.namespace" . }} - {{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }} - labels: {{ include "vm-operator.labels" $ctx | nindent 4 }} + name: {{ $fullname }} + namespace: {{ $ns }} + {{- $_ := set $ctx "extraLabels" .Values.extraLabels }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} + {{- $_ := unset $ctx "extraLabels" }} {{- with .Values.annotations }} annotations: {{ toYaml . | nindent 4 }} {{- end }} subjects: - kind: ServiceAccount - name: {{ include "vm-operator.serviceAccountName" . }} - namespace: {{ include "vm.namespace" . }} + name: {{ (.Values.serviceAccount).name | default $fullname }} + namespace: {{ $ns }} roleRef: kind: Role - name: {{ include "vm-operator.fullname" . }} + name: {{ $fullname }} apiGroup: rbac.authorization.k8s.io {{- end -}} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/role.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/role.yaml index 996f53b9..cb658970 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/role.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/role.yaml @@ -20,18 +20,20 @@ {{- end -}} {{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }} +{{- $fullname := include "vm.plain.fullname" $ctx }} +{{- $ns := include "vm.namespace" $ctx }} {{- if .Values.rbac.create }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ include "vm-operator.fullname" . }} - labels: {{ include "vm-operator.labels" $ctx | nindent 4 }} + name: {{ $fullname }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} {{- with .Values.annotations }} annotations: {{ toYaml . | nindent 4 }} {{- end }} - namespace: {{ include "vm.namespace" . }} + namespace: {{ $ns }} rules: - apiGroups: - coordination.k8s.io @@ -43,22 +45,20 @@ rules: - leases {{- $watchNamespaces := (fromYaml (tpl (toYaml (dict "ns" .Values.watchNamespaces)) .)).ns }} -{{- $selfNamespace := (include "vm.namespace" .) }} +{{- $selfNamespace := $ns }} {{- $watchSelfNamespace := (and (eq (len $watchNamespaces) 1) (eq (first $watchNamespaces) $selfNamespace)) }} {{- if not $watchSelfNamespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "vm-operator.fullname" . }} - labels: {{ include "vm-operator.labels" $ctx | nindent 4 }} + name: {{ $fullname }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} {{- with .Values.annotations }} annotations: {{ toYaml . | nindent 4 }} {{- end }} rules: -- nonResourceURLs: - - /metrics - - /metrics/resources +- nonResourceURLs: {{ toYaml .Values.allowedMetricsEndpoints | nindent 2 }} verbs: - get - watch @@ -97,6 +97,8 @@ rules: - apiGroups: - apps resources: + - daemonsets + - daemonsets/finalizers - deployments - deployments/finalizers - replicasets @@ -177,14 +179,14 @@ rules: {{ toYaml . }} {{- end }} {{- end }} -{{- if .Values.crds.cleanup.enabled }} +{{- if and .Values.crds.enabled .Values.crds.cleanup.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ include "vm-operator.fullname" . }}-cleanup-hook - namespace: {{ include "vm.namespace" . }} - labels: {{ include "vm-operator.labels" . | nindent 4 }} + name: {{ $fullname }}-cleanup-hook + namespace: {{ $ns }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} annotations: {{ include "vm-operator.cleanup.annotations" (dict "hookWeight" "-5") | nindent 4 }} rules: {{ toYaml $rules.admin | nindent 2 }} {{- end }} @@ -195,22 +197,22 @@ rules: {{ toYaml $rules.admin | nindent 2 }} {{- /* kubernetes clusterrole aggregation feature to include these */ -}} {{- /* cluster roles into the default view and admin roles */ -}} {{- /* See https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles */}} ---- +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: victoriametrics:admin + name: {{ $fullname }}-victoriametrics-admin labels: - {{- include "vm-operator.labels" . | nindent 4 }} + {{- include "vm.labels" $ctx | nindent 4 }} {{- .Values.rbac.aggregatedClusterRoles.labels.admin | toYaml | nindent 4 }} -rules: {{ toYaml $rules.admin | nindent 2 }} +rules: {{ toYaml ($rules.admin | default list) | nindent 2 }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: victoriametrics:view + name: {{ $fullname }}-victoriametrics-view labels: - {{- include "vm-operator.labels" . | nindent 4 }} + {{- include "vm.labels" $ctx | nindent 4 }} {{- .Values.rbac.aggregatedClusterRoles.labels.view | toYaml | nindent 4 }} -rules: {{ toYaml $rules.view | nindent 2 }} +rules: {{ toYaml ($rules.view | default list) | nindent 2 }} {{- end }} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/service.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/service.yaml index 759245e4..842d444f 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/service.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/service.yaml @@ -1,45 +1,50 @@ +{{- $service := .Values.service }} +{{- $ctx := dict "helm" . }} +{{- $fullname := include "vm.plain.fullname" $ctx }} +{{- $ns := include "vm.namespace" $ctx }} apiVersion: v1 kind: Service metadata: - namespace: {{ include "vm.namespace" . }} - {{- with .Values.service.annotations }} + namespace: {{ $ns }} + {{- with $service.annotations }} annotations: {{ toYaml . | nindent 4 }} {{- end }} - {{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }} - labels: {{ include "vm-operator.labels" $ctx | nindent 4 }} - name: {{ include "vm-operator.fullname" . }} + {{- $_ := set $ctx "extraLabels" .Values.extraLabels }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} + {{- $_ := unset $ctx "extraLabels" }} + name: {{ $fullname }} spec: - {{- with .Values.service.clusterIP }} + {{- with $service.clusterIP }} clusterIP: {{ . }} {{- end }} - {{- with .Values.service.externalIPs }} + {{- with $service.externalIPs }} externalIPs: {{ toYaml . | nindent 4 }} {{- end }} - {{- with .Values.service.loadBalancerIP }} + {{- with $service.loadBalancerIP }} loadBalancerIP: {{ . }} {{- end }} - {{- with .Values.service.loadBalancerSourceRanges }} + {{- with $service.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ toYaml . | nindent 4 }} {{- end }} - type: {{ .Values.service.type }} - {{- with .Values.service.healthCheckNodePort }} + type: {{ $service.type }} + {{- with $service.healthCheckNodePort }} healthCheckNodePort: {{ . }} {{- end }} - {{- with .Values.service.externalTrafficPolicy }} + {{- with $service.externalTrafficPolicy }} externalTrafficPolicy: {{ . }} {{- end }} - {{- with .Values.service.ipFamilyPolicy }} + {{- with $service.ipFamilyPolicy }} ipFamilyPolicy: {{ . }} {{- end }} - {{- with .Values.service.ipFamilies }} + {{- with $service.ipFamilies }} ipFamilies: {{ toYaml . | nindent 4 }} {{- end }} ports: - name: http - port: {{ .Values.service.servicePort }} + port: {{ $service.servicePort }} targetPort: http protocol: TCP - name: webhook - port: {{ .Values.service.webhookPort }} + port: {{ $service.webhookPort }} targetPort: webhook - selector: {{ include "vm-operator.selectorLabels" . | nindent 4 }} + selector: {{ include "vm.selectorLabels" $ctx | nindent 4 }} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/service_account.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/service_account.yaml index 624552dd..59d26fba 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/service_account.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/service_account.yaml @@ -1,22 +1,27 @@ -{{- if .Values.serviceAccount.create -}} +{{- $ctx := dict "helm" . }} +{{- $fullname := include "vm.plain.fullname" $ctx }} +{{- $ns := include "vm.namespace" $ctx }} +{{- $sa := .Values.serviceAccount }} +{{- if $sa.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "vm-operator.serviceAccountName" . }} - namespace: {{ include "vm.namespace" . }} - {{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }} - labels: {{ include "vm-operator.labels" $ctx | nindent 4 }} + name: {{ $sa.name | default $fullname }} + namespace: {{ $ns }} + {{- $_ := set $ctx "extraLabels" .Values.extraLabels }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} {{- with .Values.annotations }} annotations: {{ toYaml . | nindent 4 }} {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} {{- end }} -{{- if .Values.crds.cleanup.enabled }} +{{- if and .Values.crds.enabled .Values.crds.cleanup.enabled }} --- apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "vm-operator.fullname" . }}-cleanup-hook - namespace: {{ include "vm.namespace" . }} - labels: {{ include "vm-operator.labels" . | nindent 4 }} + name: {{ $fullname }}-cleanup-hook + namespace: {{ $ns }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} annotations: {{ include "vm-operator.cleanup.annotations" (dict "hookWeight" "-5") | nindent 4 }} {{- end }} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/service_scrape.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/service_scrape.yaml deleted file mode 100644 index a82fe05d..00000000 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/service_scrape.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- $serviceMonitor := .Values.serviceMonitor }} -{{- if $serviceMonitor.enabled -}} -{{- $mergedVMServiceScrapeAnnotations := mustMerge $serviceMonitor.annotations .Values.annotations -}} -{{- $mergedVMServiceScrapeLabels := mustMerge $serviceMonitor.extraLabels .Values.extraLabels -}} -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMServiceScrape -metadata: - name: {{ include "vm-operator.fullname" . }} - namespace: {{ include "vm.namespace" . }} - {{- $ctx := dict "helm" . "extraLabels" $mergedVMServiceScrapeLabels }} - labels: {{ include "vm-operator.labels" $ctx | nindent 4 }} - {{- with $mergedVMServiceScrapeAnnotations }} - annotations: {{ toYaml . | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{ include "vm-operator.selectorLabels" . | nindent 6 }} - endpoints: - - port: http - {{- with $serviceMonitor.scheme }} - scheme: {{ . }} - {{- end }} - {{- with $serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with $serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - {{- with $serviceMonitor.tlsConfig }} - tlsConfig: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with $serviceMonitor.relabelings }} - relabelConfigs: {{ toYaml . | nindent 8 }} - {{- end }} - {{- with $serviceMonitor.basicAuth }} - basicAuth: {{ toYaml . | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "vm.namespace" . }} -{{- end }} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/webhook.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/webhook.yaml index edf87f42..2e027ab4 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/webhook.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/templates/webhook.yaml @@ -1,27 +1,31 @@ {{- if .Values.admissionWebhooks.enabled }} -{{- $tls := fromYaml (include "vm-operator.certs" .) }} +{{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }} +{{- $tls := fromYaml (include "vm-operator.certs" $ctx) }} +{{- $fullname := include "vm.plain.fullname" $ctx }} +{{- $domain := ((.Values.global).cluster).dnsDomain }} +{{- $ns := include "vm.namespace" $ctx }} +{{- $certManager := .Values.admissionWebhooks.certManager }} --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - name: {{ include "vm-operator.fullname" . }}-admission - {{- if .Values.admissionWebhooks.certManager.enabled }} + name: {{ $fullname }}-admission + {{- if $certManager.enabled }} annotations: - certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-validation" (include "vm.namespace" .) ( include "vm-operator.fullname" .) | quote }} - cert-manager.io/inject-ca-from: {{ printf "%s/%s-validation" (include "vm.namespace" .) (include "vm-operator.fullname" .) | quote }} + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-validation" $ns $fullname | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-validation" $ns $fullname | quote }} {{- end }} - {{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }} - labels: {{ include "vm-operator.labels" $ctx | nindent 4 }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} webhooks: {{- range $name, $enabled := .Values.admissionWebhooks.enabledCRDValidation }} {{- if $enabled }} - clientConfig: service: - namespace: {{ include "vm.namespace" $ }} - name: {{ include "vm-operator.fullname" $ }} + namespace: {{ $ns }} + name: {{ $fullname }} path: /validate-operator-victoriametrics-com-v1beta1-{{ $name }} port: {{ $.Values.service.webhookPort }} - {{- if not $.Values.admissionWebhooks.certManager.enabled }} + {{- if not $certManager.enabled }} caBundle: {{ $tls.caCert }} {{- end }} failurePolicy: {{ $.Values.admissionWebhooks.policy }} @@ -32,7 +36,7 @@ webhooks: matchExpressions: - key: app.kubernetes.io/name operator: NotIn - values: [{{ include "vm-operator.name" $ }}] + values: [{{ include "vm.name" $ }}] rules: - apiGroups: - operator.victoriametrics.com @@ -45,69 +49,84 @@ webhooks: - {{ $name }}{{ ternary "" "s" (hasSuffix "s" $name) }} {{- end }} {{- end }} -{{- if .Values.admissionWebhooks.certManager.enabled }} -{{- if not .Values.admissionWebhooks.certManager.issuer }} +{{- if $certManager.enabled }} +{{- if not $certManager.issuer }} --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: - name: {{ include "vm-operator.fullname" . }}-root - namespace: {{ include "vm.namespace" . }} + name: {{ $fullname }}-root + namespace: {{ $ns }} spec: selfSigned: {} --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: {{ include "vm-operator.fullname" . }}-root-ca - namespace: {{ include "vm.namespace" . }} + name: {{ $fullname }}-root-ca + namespace: {{ $ns }} spec: - secretName: {{ include "vm-operator.fullname" . }}-root-ca - duration: 63800h0m0s + secretName: {{ $fullname }}-root-ca + duration: {{ $certManager.ca.duration }} + {{- with $certManager.ca.secretTemplate }} + secretTemplate: {{ toYaml . | nindent 4 }} + {{- end }} + {{- with $certManager.ca.subject }} + subject: {{ toYaml . | nindent 4 }} + {{- end }} issuerRef: - name: {{ include "vm-operator.fullname" . }}-root - commonName: "ca.validation.victoriametrics" + name: {{ $fullname }}-root + commonName: {{ $certManager.ca.commonName }} isCA: true --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: - name: {{ include "vm-operator.fullname" . }}-issuer - namespace: {{ include "vm.namespace" . }} + name: {{ $fullname }}-issuer + namespace: {{ $ns }} spec: ca: - secretName: {{ include "vm-operator.fullname" . }}-root-ca + secretName: {{ $fullname }}-root-ca {{- end }} --- # actual cert part for operator apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: {{ include "vm-operator.fullname" . }}-validation - namespace: {{ include "vm.namespace" . }} + name: {{ $fullname }}-validation + namespace: {{ $ns }} spec: - secretName: {{ include "vm-operator.fullname" . }}-validation - duration: 45800h0m0s - issuerRef: - {{- if .Values.admissionWebhooks.certManager.issuer }} - {{- range $k, $v := .Values.admissionWebhooks.certManager.issuer }} - {{ $k}}: {{ $v}} - {{- end }} - {{- else }} - name: {{ include "vm-operator.fullname" . }}-issuer + secretName: {{ $fullname }}-validation + duration: {{ $certManager.cert.duration }} + {{- with $certManager.cert.secretTemplate }} + secretTemplate: {{ toYaml . | nindent 4 }} {{- end }} + {{- with $certManager.cert.commonName }} + commonName: {{ . }} + {{- end }} + {{- with $certManager.cert.subject }} + subject: {{ toYaml . | nindent 4 }} + {{- end }} + {{- $issuerRef := $certManager.issuer | default dict }} + {{- if empty $issuerRef }} + {{- $_ := set $issuerRef "name" (printf "%s-issuer" $fullname) }} + {{- end }} + issuerRef: {{ toYaml $issuerRef | nindent 4 }} dnsNames: - - {{ include "vm-operator.fullname" . }} - - {{ include "vm-operator.fullname" . }}.{{ include "vm.namespace" . }} - - {{ include "vm-operator.fullname" . }}.{{ include "vm.namespace" . }}.svc + - {{ $fullname }} + - {{ $fullname }}.{{ $ns }} + - {{ $fullname }}.{{ $ns }}.svc + {{- with $domain }} + - {{ $fullname }}.{{ $ns }}.svc.{{ . }} + {{- end }} {{- else }} --- apiVersion: v1 kind: Secret metadata: - name: {{ include "vm-operator.fullname" . }}-validation - namespace: {{ include "vm.namespace" . }} - labels: {{ include "vm-operator.labels" . | nindent 4 }} + name: {{ $fullname }}-validation + namespace: {{ $ns }} + labels: {{ include "vm.labels" $ctx | nindent 4 }} type: kubernetes.io/tls data: ca.crt: {{ $tls.caCert }} diff --git a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/values.yaml b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/values.yaml index 017a69f8..64eddbf2 100644 --- a/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/values.yaml +++ b/packages/system/victoria-metrics-operator/charts/victoria-metrics-operator/values.yaml @@ -9,7 +9,8 @@ global: openshift: adaptSecurityContext: "auto" cluster: - dnsDomain: cluster.local + # -- K8s cluster domain suffix, uses for building storage pods' FQDN. Details are [here](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/) + dnsDomain: cluster.local. # Default values for victoria-metrics. # This is a YAML-formatted file. # Declare variables to be passed into your templates. @@ -29,10 +30,14 @@ image: pullPolicy: IfNotPresent crds: + # -- manages CRD creation. Disables CRD creation only in combination with `crds.plain: false` due to helm dependency conditions limitation + enabled: true # -- check if plain or templated CRDs should be created. # with this option set to `false`, all CRDs will be rendered from templates. # with this option set to `true`, all CRDs are immutable and require manual upgrade. plain: false + # -- additional CRD annotations, when `.Values.crds.plain: false` + annotations: {} cleanup: # -- Tells helm to clean up all the vm resources under this release's namespace when uninstalling enabled: false @@ -57,15 +62,19 @@ replicaCount: 1 # -- Secret to pull images imagePullSecrets: [] -# -- VM operatror deployment name override +# -- Override chart name nameOverride: "" -# -- Overrides the full name of server component +# -- Overrides the full name of server component resources fullnameOverride: "" # -- VM operator log level. Possible values: info and error. logLevel: "info" +allowedMetricsEndpoints: + - /metrics + - /metrics/resources + rbac: # -- Specifies whether the RBAC resources should be created create: true @@ -89,10 +98,18 @@ annotations: {} # -- Pod's security context. Details are [here](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) podSecurityContext: enabled: true + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 # -- Security context to be added to server pods securityContext: enabled: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true operator: # -- By default, operator converts prometheus-operator objects. @@ -117,6 +134,9 @@ serviceAccount: # -- The name of the service account to use. If not set and create is true, a name is generated using the fullname template name: "" + # -- Whether to automount the service account token. Note that token needs to be mounted manually if this is disabled. + automountServiceAccountToken: true + service: # -- Service annotations annotations: {} @@ -126,7 +146,7 @@ service: clusterIP: "" # -- Service external IPs. Check [here](https://kubernetes.io/docs/user-guide/services/#external-ips) for details externalIPs: "" - # -- Service load balacner IP + # -- Service load balancer IP loadBalancerIP: "" # -- Load balancer source range loadBalancerSourceRanges: [] @@ -171,6 +191,9 @@ resources: # -- Pod's node selector. Details are [here](https://kubernetes.io/docs/user-guide/node-selection/) nodeSelector: {} +# -- Name of Priority Class +priorityClassName: "" + # -- Array of tolerations object. Spec is [here](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) tolerations: [] @@ -223,6 +246,9 @@ extraContainers: # - name: config-reloader # image: reloader-image +# -- Enable hostNetwork on operator deployment +hostNetwork: false + # -- Configures resource validation admissionWebhooks: # -- Enables validation webhook. @@ -246,6 +272,18 @@ admissionWebhooks: enabled: false # --If needed, provide own issuer. Operator will create self-signed if empty. issuer: {} + # -- Certificate Authority parameters + ca: + secretTemplate: {} + subject: {} + duration: 63800h0m0s + commonName: ca.validation.victoriametrics + # -- Certificate parameters + cert: + secretTemplate: {} + subject: {} + duration: 45800h0m0s + commonName: "" keepTLSSecret: true # tls specifies TLS cert/key for the webhook tls: @@ -253,9 +291,11 @@ admissionWebhooks: cert: key: -# -- Configures monitoring with serviceScrape. VMServiceScrape must be pre-installed +# -- Configures monitoring with serviceScrape using either `VMServiceScrape` or `ServiceMonitor`. For latter [Prometheus Operator CRDs](https://artifacthub.io/packages/helm/prometheus-community/prometheus-operator-crds) should be preinstalled serviceMonitor: enabled: false + # -- Creates `VMServiceScrape` if `true` and `ServiceMonitor` otherwise. Make sure [Prometheus Operator CRDs](https://artifacthub.io/packages/helm/prometheus-community/prometheus-operator-crds) are installed if it's set to `false` + vm: true extraLabels: {} annotations: {} relabelings: []