forked from prometheus-operator/prometheus-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
prometheus_types.go
1842 lines (1636 loc) · 75.3 KB
/
prometheus_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// Copyright 2018 The prometheus-operator Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package v1
import (
"strings"
appsv1 "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/intstr"
)
const (
PrometheusesKind = "Prometheus"
PrometheusName = "prometheuses"
PrometheusKindKey = "prometheus"
)
// ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.
// Supported values are:
// * `OpenMetricsText0.0.1`
// * `OpenMetricsText1.0.0`
// * `PrometheusProto`
// * `PrometheusText0.0.4`
// +kubebuilder:validation:Enum=PrometheusProto;OpenMetricsText0.0.1;OpenMetricsText1.0.0;PrometheusText0.0.4
type ScrapeProtocol string
// PrometheusInterface is used by Prometheus and PrometheusAgent to share common methods, e.g. config generation.
// +k8s:deepcopy-gen=false
type PrometheusInterface interface {
metav1.ObjectMetaAccessor
schema.ObjectKind
GetCommonPrometheusFields() CommonPrometheusFields
SetCommonPrometheusFields(CommonPrometheusFields)
GetStatus() PrometheusStatus
}
var _ = PrometheusInterface(&Prometheus{})
func (l *Prometheus) GetCommonPrometheusFields() CommonPrometheusFields {
return l.Spec.CommonPrometheusFields
}
func (l *Prometheus) SetCommonPrometheusFields(f CommonPrometheusFields) {
l.Spec.CommonPrometheusFields = f
}
func (l *Prometheus) GetStatus() PrometheusStatus {
return l.Status
}
// +kubebuilder:validation:Enum=OnResource;OnShard
type AdditionalLabelSelectors string
const (
// Automatically add a label selector that will select all pods matching the same Prometheus/PrometheusAgent resource (irrespective of their shards).
ResourceNameLabelSelector AdditionalLabelSelectors = "OnResource"
// Automatically add a label selector that will select all pods matching the same shard.
ShardAndResourceNameLabelSelector AdditionalLabelSelectors = "OnShard"
)
type CoreV1TopologySpreadConstraint v1.TopologySpreadConstraint
type TopologySpreadConstraint struct {
CoreV1TopologySpreadConstraint `json:",inline"`
//+optional
// Defines what Prometheus Operator managed labels should be added to labelSelector on the topologySpreadConstraint.
AdditionalLabelSelectors *AdditionalLabelSelectors `json:"additionalLabelSelectors,omitempty"`
}
// CommonPrometheusFields are the options available to both the Prometheus server and agent.
// +k8s:deepcopy-gen=true
type CommonPrometheusFields struct {
// PodMetadata configures labels and annotations which are propagated to the Prometheus pods.
//
// The following items are reserved and cannot be overridden:
// * "prometheus" label, set to the name of the Prometheus object.
// * "app.kubernetes.io/instance" label, set to the name of the Prometheus object.
// * "app.kubernetes.io/managed-by" label, set to "prometheus-operator".
// * "app.kubernetes.io/name" label, set to "prometheus".
// * "app.kubernetes.io/version" label, set to the Prometheus version.
// * "operator.prometheus.io/name" label, set to the name of the Prometheus object.
// * "operator.prometheus.io/shard" label, set to the shard number of the Prometheus object.
// * "kubectl.kubernetes.io/default-container" annotation, set to "prometheus".
PodMetadata *EmbeddedObjectMetadata `json:"podMetadata,omitempty"`
// ServiceMonitors to be selected for target discovery. An empty label
// selector matches all objects. A null label selector matches no objects.
//
// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
// The Prometheus operator will ensure that the Prometheus configuration's
// Secret exists, but it is the responsibility of the user to provide the raw
// gzipped Prometheus configuration under the `prometheus.yaml.gz` key.
// This behavior is *deprecated* and will be removed in the next major version
// of the custom resource definition. It is recommended to use
// `spec.additionalScrapeConfigs` instead.
ServiceMonitorSelector *metav1.LabelSelector `json:"serviceMonitorSelector,omitempty"`
// Namespaces to match for ServicedMonitors discovery. An empty label selector
// matches all namespaces. A null label selector matches the current
// namespace only.
ServiceMonitorNamespaceSelector *metav1.LabelSelector `json:"serviceMonitorNamespaceSelector,omitempty"`
// PodMonitors to be selected for target discovery. An empty label selector
// matches all objects. A null label selector matches no objects.
//
// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
// The Prometheus operator will ensure that the Prometheus configuration's
// Secret exists, but it is the responsibility of the user to provide the raw
// gzipped Prometheus configuration under the `prometheus.yaml.gz` key.
// This behavior is *deprecated* and will be removed in the next major version
// of the custom resource definition. It is recommended to use
// `spec.additionalScrapeConfigs` instead.
PodMonitorSelector *metav1.LabelSelector `json:"podMonitorSelector,omitempty"`
// Namespaces to match for PodMonitors discovery. An empty label selector
// matches all namespaces. A null label selector matches the current
// namespace only.
PodMonitorNamespaceSelector *metav1.LabelSelector `json:"podMonitorNamespaceSelector,omitempty"`
// Probes to be selected for target discovery. An empty label selector
// matches all objects. A null label selector matches no objects.
//
// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
// The Prometheus operator will ensure that the Prometheus configuration's
// Secret exists, but it is the responsibility of the user to provide the raw
// gzipped Prometheus configuration under the `prometheus.yaml.gz` key.
// This behavior is *deprecated* and will be removed in the next major version
// of the custom resource definition. It is recommended to use
// `spec.additionalScrapeConfigs` instead.
ProbeSelector *metav1.LabelSelector `json:"probeSelector,omitempty"`
// Namespaces to match for Probe discovery. An empty label
// selector matches all namespaces. A null label selector matches the
// current namespace only.
ProbeNamespaceSelector *metav1.LabelSelector `json:"probeNamespaceSelector,omitempty"`
// ScrapeConfigs to be selected for target discovery. An empty label
// selector matches all objects. A null label selector matches no objects.
//
// If `spec.serviceMonitorSelector`, `spec.podMonitorSelector`, `spec.probeSelector`
// and `spec.scrapeConfigSelector` are null, the Prometheus configuration is unmanaged.
// The Prometheus operator will ensure that the Prometheus configuration's
// Secret exists, but it is the responsibility of the user to provide the raw
// gzipped Prometheus configuration under the `prometheus.yaml.gz` key.
// This behavior is *deprecated* and will be removed in the next major version
// of the custom resource definition. It is recommended to use
// `spec.additionalScrapeConfigs` instead.
//
// Note that the ScrapeConfig custom resource definition is currently at Alpha level.
//
// +optional
ScrapeConfigSelector *metav1.LabelSelector `json:"scrapeConfigSelector,omitempty"`
// Namespaces to match for ScrapeConfig discovery. An empty label selector
// matches all namespaces. A null label selector matches the current
// namespace only.
//
// Note that the ScrapeConfig custom resource definition is currently at Alpha level.
//
// +optional
ScrapeConfigNamespaceSelector *metav1.LabelSelector `json:"scrapeConfigNamespaceSelector,omitempty"`
// Version of Prometheus being deployed. The operator uses this information
// to generate the Prometheus StatefulSet + configuration files.
//
// If not specified, the operator assumes the latest upstream version of
// Prometheus available at the time when the version of the operator was
// released.
Version string `json:"version,omitempty"`
// When a Prometheus deployment is paused, no actions except for deletion
// will be performed on the underlying objects.
Paused bool `json:"paused,omitempty"`
// Container image name for Prometheus. If specified, it takes precedence
// over the `spec.baseImage`, `spec.tag` and `spec.sha` fields.
//
// Specifying `spec.version` is still necessary to ensure the Prometheus
// Operator knows which version of Prometheus is being configured.
//
// If neither `spec.image` nor `spec.baseImage` are defined, the operator
// will use the latest upstream version of Prometheus available at the time
// when the operator was released.
//
// +optional
Image *string `json:"image,omitempty"`
// Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers.
// See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.
// +kubebuilder:validation:Enum="";Always;Never;IfNotPresent
ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"`
// An optional list of references to Secrets in the same namespace
// to use for pulling images from registries.
// See http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
// Number of replicas of each shard to deploy for a Prometheus deployment.
// `spec.replicas` multiplied by `spec.shards` is the total number of Pods
// created.
//
// Default: 1
// +optional
Replicas *int32 `json:"replicas,omitempty"`
// Number of shards to distribute targets onto. `spec.replicas`
// multiplied by `spec.shards` is the total number of Pods created.
//
// Note that scaling down shards will not reshard data onto remaining
// instances, it must be manually moved. Increasing shards will not reshard
// data either but it will continue to be available from the same
// instances. To query globally, use Thanos sidecar and Thanos querier or
// remote write data to a central location.
//
// Sharding is performed on the content of the `__address__` target meta-label
// for PodMonitors and ServiceMonitors and `__param_target__` for Probes.
//
// Default: 1
// +optional
Shards *int32 `json:"shards,omitempty"`
// Name of Prometheus external label used to denote the replica name.
// The external label will _not_ be added when the field is set to the
// empty string (`""`).
//
// Default: "prometheus_replica"
// +optional
ReplicaExternalLabelName *string `json:"replicaExternalLabelName,omitempty"`
// Name of Prometheus external label used to denote the Prometheus instance
// name. The external label will _not_ be added when the field is set to
// the empty string (`""`).
//
// Default: "prometheus"
// +optional
PrometheusExternalLabelName *string `json:"prometheusExternalLabelName,omitempty"`
// Log level for Prometheus and the config-reloader sidecar.
// +kubebuilder:validation:Enum="";debug;info;warn;error
LogLevel string `json:"logLevel,omitempty"`
// Log format for Log level for Prometheus and the config-reloader sidecar.
// +kubebuilder:validation:Enum="";logfmt;json
LogFormat string `json:"logFormat,omitempty"`
// Interval between consecutive scrapes.
//
// Default: "30s"
// +kubebuilder:default:="30s"
ScrapeInterval Duration `json:"scrapeInterval,omitempty"`
// Number of seconds to wait until a scrape request times out.
ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"`
// The protocols to negotiate during a scrape. It tells clients the
// protocols supported by Prometheus in order of preference (from most to least preferred).
//
// If unset, Prometheus uses its default value.
//
// It requires Prometheus >= v2.49.0.
//
// +listType=set
// +optional
ScrapeProtocols []ScrapeProtocol `json:"scrapeProtocols,omitempty"`
// The labels to add to any time series or alerts when communicating with
// external systems (federation, remote storage, Alertmanager).
// Labels defined by `spec.replicaExternalLabelName` and
// `spec.prometheusExternalLabelName` take precedence over this list.
ExternalLabels map[string]string `json:"externalLabels,omitempty"`
// Enable Prometheus to be used as a receiver for the Prometheus remote
// write protocol.
//
// WARNING: This is not considered an efficient way of ingesting samples.
// Use it with caution for specific low-volume use cases.
// It is not suitable for replacing the ingestion via scraping and turning
// Prometheus into a push-based metrics collection system.
// For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver
//
// It requires Prometheus >= v2.33.0.
EnableRemoteWriteReceiver bool `json:"enableRemoteWriteReceiver,omitempty"`
// Enable access to Prometheus feature flags. By default, no features are enabled.
//
// Enabling features which are disabled by default is entirely outside the
// scope of what the maintainers will support and by doing so, you accept
// that this behaviour may break at any time without notice.
//
// For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/
EnableFeatures []string `json:"enableFeatures,omitempty"`
// The external URL under which the Prometheus service is externally
// available. This is necessary to generate correct URLs (for instance if
// Prometheus is accessible behind an Ingress resource).
ExternalURL string `json:"externalUrl,omitempty"`
// The route prefix Prometheus registers HTTP handlers for.
//
// This is useful when using `spec.externalURL`, and a proxy is rewriting
// HTTP routes of a request, and the actual ExternalURL is still true, but
// the server serves requests under a different route prefix. For example
// for use with `kubectl proxy`.
RoutePrefix string `json:"routePrefix,omitempty"`
// Storage defines the storage used by Prometheus.
Storage *StorageSpec `json:"storage,omitempty"`
// Volumes allows the configuration of additional volumes on the output
// StatefulSet definition. Volumes specified will be appended to other
// volumes that are generated as a result of StorageSpec objects.
Volumes []v1.Volume `json:"volumes,omitempty"`
// VolumeMounts allows the configuration of additional VolumeMounts.
//
// VolumeMounts will be appended to other VolumeMounts in the 'prometheus'
// container, that are generated as a result of StorageSpec objects.
VolumeMounts []v1.VolumeMount `json:"volumeMounts,omitempty"`
// The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet.
// The default behavior is all PVCs are retained.
// This is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26.
// It requires enabling the StatefulSetAutoDeletePVC feature gate.
//
// +optional
PersistentVolumeClaimRetentionPolicy *appsv1.StatefulSetPersistentVolumeClaimRetentionPolicy `json:"persistentVolumeClaimRetentionPolicy,omitempty"`
// Defines the configuration of the Prometheus web server.
Web *PrometheusWebSpec `json:"web,omitempty"`
// Defines the resources requests and limits of the 'prometheus' container.
Resources v1.ResourceRequirements `json:"resources,omitempty"`
// Defines on which Nodes the Pods are scheduled.
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// ServiceAccountName is the name of the ServiceAccount to use to run the
// Prometheus Pods.
ServiceAccountName string `json:"serviceAccountName,omitempty"`
// Secrets is a list of Secrets in the same namespace as the Prometheus
// object, which shall be mounted into the Prometheus Pods.
// Each Secret is added to the StatefulSet definition as a volume named `secret-<secret-name>`.
// The Secrets are mounted into /etc/prometheus/secrets/<secret-name> in the 'prometheus' container.
Secrets []string `json:"secrets,omitempty"`
// ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus
// object, which shall be mounted into the Prometheus Pods.
// Each ConfigMap is added to the StatefulSet definition as a volume named `configmap-<configmap-name>`.
// The ConfigMaps are mounted into /etc/prometheus/configmaps/<configmap-name> in the 'prometheus' container.
ConfigMaps []string `json:"configMaps,omitempty"`
// Defines the Pods' affinity scheduling rules if specified.
// +optional
Affinity *v1.Affinity `json:"affinity,omitempty"`
// Defines the Pods' tolerations if specified.
// +optional
Tolerations []v1.Toleration `json:"tolerations,omitempty"`
// Defines the pod's topology spread constraints if specified.
//+optional
TopologySpreadConstraints []TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
// Defines the list of remote write configurations.
// +optional
RemoteWrite []RemoteWriteSpec `json:"remoteWrite,omitempty"`
// SecurityContext holds pod-level security attributes and common container settings.
// This defaults to the default PodSecurityContext.
// +optional
SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"`
// When true, the Prometheus server listens on the loopback address
// instead of the Pod IP's address.
ListenLocal bool `json:"listenLocal,omitempty"`
// Containers allows injecting additional containers or modifying operator
// generated containers. This can be used to allow adding an authentication
// proxy to the Pods or to change the behavior of an operator generated
// container. Containers described here modify an operator generated
// container if they share the same name and modifications are done via a
// strategic merge patch.
//
// The names of containers managed by the operator are:
// * `prometheus`
// * `config-reloader`
// * `thanos-sidecar`
//
// Overriding containers is entirely outside the scope of what the
// maintainers will support and by doing so, you accept that this behaviour
// may break at any time without notice.
// +optional
Containers []v1.Container `json:"containers,omitempty"`
// InitContainers allows injecting initContainers to the Pod definition. Those
// can be used to e.g. fetch secrets for injection into the Prometheus
// configuration from external sources. Any errors during the execution of
// an initContainer will lead to a restart of the Pod. More info:
// https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
// InitContainers described here modify an operator generated init
// containers if they share the same name and modifications are done via a
// strategic merge patch.
//
// The names of init container name managed by the operator are:
// * `init-config-reloader`.
//
// Overriding init containers is entirely outside the scope of what the
// maintainers will support and by doing so, you accept that this behaviour
// may break at any time without notice.
// +optional
InitContainers []v1.Container `json:"initContainers,omitempty"`
// AdditionalScrapeConfigs allows specifying a key of a Secret containing
// additional Prometheus scrape configurations. Scrape configurations
// specified are appended to the configurations generated by the Prometheus
// Operator. Job configurations specified must have the form as specified
// in the official Prometheus documentation:
// https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config.
// As scrape configs are appended, the user is responsible to make sure it
// is valid. Note that using this feature may expose the possibility to
// break upgrades of Prometheus. It is advised to review Prometheus release
// notes to ensure that no incompatible scrape configs are going to break
// Prometheus after the upgrade.
// +optional
AdditionalScrapeConfigs *v1.SecretKeySelector `json:"additionalScrapeConfigs,omitempty"`
// APIServerConfig allows specifying a host and auth methods to access the
// Kuberntees API server.
// If null, Prometheus is assumed to run inside of the cluster: it will
// discover the API servers automatically and use the Pod's CA certificate
// and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
// +optional
APIServerConfig *APIServerConfig `json:"apiserverConfig,omitempty"`
// Priority class assigned to the Pods.
PriorityClassName string `json:"priorityClassName,omitempty"`
// Port name used for the pods and governing service.
// Default: "web"
// +kubebuilder:default:="web"
PortName string `json:"portName,omitempty"`
// When true, ServiceMonitor, PodMonitor and Probe object are forbidden to
// reference arbitrary files on the file system of the 'prometheus'
// container.
// When a ServiceMonitor's endpoint specifies a `bearerTokenFile` value
// (e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a
// malicious target can get access to the Prometheus service account's
// token in the Prometheus' scrape request. Setting
// `spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack.
// Users should instead provide the credentials using the
// `spec.bearerTokenSecret` field.
ArbitraryFSAccessThroughSMs ArbitraryFSAccessThroughSMsConfig `json:"arbitraryFSAccessThroughSMs,omitempty"`
// When true, Prometheus resolves label conflicts by renaming the labels in
// the scraped data to "exported_<label value>" for all targets created
// from service and pod monitors.
// Otherwise the HonorLabels field of the service or pod monitor applies.
OverrideHonorLabels bool `json:"overrideHonorLabels,omitempty"`
// When true, Prometheus ignores the timestamps for all the targets created
// from service and pod monitors.
// Otherwise the HonorTimestamps field of the service or pod monitor applies.
OverrideHonorTimestamps bool `json:"overrideHonorTimestamps,omitempty"`
// When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor
// and Probe objects will be ignored. They will only discover targets
// within the namespace of the PodMonitor, ServiceMonitor and Probe
// object.
IgnoreNamespaceSelectors bool `json:"ignoreNamespaceSelectors,omitempty"`
// When not empty, a label will be added to
//
// 1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.
// 2. All metrics generated from recording rules defined in `PrometheusRule` objects.
// 3. All alerts generated from alerting rules defined in `PrometheusRule` objects.
// 4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.
//
// The label will not added for objects referenced in `spec.excludedFromEnforcement`.
//
// The label's name is this field's value.
// The label's value is the namespace of the `ServiceMonitor`,
// `PodMonitor`, `Probe` or `PrometheusRule` object.
EnforcedNamespaceLabel string `json:"enforcedNamespaceLabel,omitempty"`
// When defined, enforcedSampleLimit specifies a global limit on the number
// of scraped samples that will be accepted. This overrides any
// `spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects
// unless `spec.sampleLimit` is greater than zero and less than
// `spec.enforcedSampleLimit`.
//
// It is meant to be used by admins to keep the overall number of
// samples/series under a desired limit.
//
// +optional
EnforcedSampleLimit *uint64 `json:"enforcedSampleLimit,omitempty"`
// When defined, enforcedTargetLimit specifies a global limit on the number
// of scraped targets. The value overrides any `spec.targetLimit` set by
// ServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is
// greater than zero and less than `spec.enforcedTargetLimit`.
//
// It is meant to be used by admins to to keep the overall number of
// targets under a desired limit.
//
// +optional
EnforcedTargetLimit *uint64 `json:"enforcedTargetLimit,omitempty"`
// When defined, enforcedLabelLimit specifies a global limit on the number
// of labels per sample. The value overrides any `spec.labelLimit` set by
// ServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is
// greater than zero and less than `spec.enforcedLabelLimit`.
//
// It requires Prometheus >= v2.27.0.
//
// +optional
EnforcedLabelLimit *uint64 `json:"enforcedLabelLimit,omitempty"`
// When defined, enforcedLabelNameLengthLimit specifies a global limit on the length
// of labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by
// ServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is
// greater than zero and less than `spec.enforcedLabelNameLengthLimit`.
//
// It requires Prometheus >= v2.27.0.
//
// +optional
EnforcedLabelNameLengthLimit *uint64 `json:"enforcedLabelNameLengthLimit,omitempty"`
// When not null, enforcedLabelValueLengthLimit defines a global limit on the length
// of labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by
// ServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is
// greater than zero and less than `spec.enforcedLabelValueLengthLimit`.
//
// It requires Prometheus >= v2.27.0.
//
// +optional
EnforcedLabelValueLengthLimit *uint64 `json:"enforcedLabelValueLengthLimit,omitempty"`
// When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets
// dropped by relabeling that will be kept in memory. The value overrides
// any `spec.keepDroppedTargets` set by
// ServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is
// greater than zero and less than `spec.enforcedKeepDroppedTargets`.
//
// It requires Prometheus >= v2.47.0.
//
// +optional
EnforcedKeepDroppedTargets *uint64 `json:"enforcedKeepDroppedTargets,omitempty"`
// When defined, enforcedBodySizeLimit specifies a global limit on the size
// of uncompressed response body that will be accepted by Prometheus.
// Targets responding with a body larger than this many bytes will cause
// the scrape to fail.
//
// It requires Prometheus >= v2.28.0.
EnforcedBodySizeLimit ByteSize `json:"enforcedBodySizeLimit,omitempty"`
// Minimum number of seconds for which a newly created Pod should be ready
// without any of its container crashing for it to be considered available.
// Defaults to 0 (pod will be considered available as soon as it is ready)
//
// This is an alpha field from kubernetes 1.22 until 1.24 which requires
// enabling the StatefulSetMinReadySeconds feature gate.
//
// +optional
MinReadySeconds *uint32 `json:"minReadySeconds,omitempty"`
// Optional list of hosts and IPs that will be injected into the Pod's
// hosts file if specified.
//
// +listType=map
// +listMapKey=ip
// +optional
HostAliases []HostAlias `json:"hostAliases,omitempty"`
// AdditionalArgs allows setting additional arguments for the 'prometheus' container.
//
// It is intended for e.g. activating hidden flags which are not supported by
// the dedicated configuration options yet. The arguments are passed as-is to the
// Prometheus container which may cause issues if they are invalid or not supported
// by the given Prometheus version.
//
// In case of an argument conflict (e.g. an argument which is already set by the
// operator itself) or when providing an invalid argument, the reconciliation will
// fail and an error will be logged.
//
// +optional
AdditionalArgs []Argument `json:"additionalArgs,omitempty"`
// Configures compression of the write-ahead log (WAL) using Snappy.
//
// WAL compression is enabled by default for Prometheus >= 2.20.0
//
// Requires Prometheus v2.11.0 and above.
//
// +optional
WALCompression *bool `json:"walCompression,omitempty"`
// List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects
// to be excluded from enforcing a namespace label of origin.
//
// It is only applicable if `spec.enforcedNamespaceLabel` set to true.
//
// +optional
ExcludedFromEnforcement []ObjectReference `json:"excludedFromEnforcement,omitempty"`
// Use the host's network namespace if true.
//
// Make sure to understand the security implications if you want to enable
// it (https://kubernetes.io/docs/concepts/configuration/overview/).
//
// When hostNetwork is enabled, this will set the DNS policy to
// `ClusterFirstWithHostNet` automatically.
HostNetwork bool `json:"hostNetwork,omitempty"`
// PodTargetLabels are appended to the `spec.podTargetLabels` field of all
// PodMonitor and ServiceMonitor objects.
//
// +optional
PodTargetLabels []string `json:"podTargetLabels,omitempty"`
// TracingConfig configures tracing in Prometheus.
//
// This is an *experimental feature*, it may change in any upcoming release
// in a breaking way.
//
// +optional
TracingConfig *PrometheusTracingConfig `json:"tracingConfig,omitempty"`
// BodySizeLimit defines per-scrape on response body size.
// Only valid in Prometheus versions 2.45.0 and newer.
//
// +optional
BodySizeLimit *ByteSize `json:"bodySizeLimit,omitempty"`
// SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
// Only valid in Prometheus versions 2.45.0 and newer.
//
// +optional
SampleLimit *uint64 `json:"sampleLimit,omitempty"`
// TargetLimit defines a limit on the number of scraped targets that will be accepted.
// Only valid in Prometheus versions 2.45.0 and newer.
//
// +optional
TargetLimit *uint64 `json:"targetLimit,omitempty"`
// Per-scrape limit on number of labels that will be accepted for a sample.
// Only valid in Prometheus versions 2.45.0 and newer.
//
// +optional
LabelLimit *uint64 `json:"labelLimit,omitempty"`
// Per-scrape limit on length of labels name that will be accepted for a sample.
// Only valid in Prometheus versions 2.45.0 and newer.
//
// +optional
LabelNameLengthLimit *uint64 `json:"labelNameLengthLimit,omitempty"`
// Per-scrape limit on length of labels value that will be accepted for a sample.
// Only valid in Prometheus versions 2.45.0 and newer.
//
// +optional
LabelValueLengthLimit *uint64 `json:"labelValueLengthLimit,omitempty"`
// Per-scrape limit on the number of targets dropped by relabeling
// that will be kept in memory. 0 means no limit.
//
// It requires Prometheus >= v2.47.0.
//
// +optional
KeepDroppedTargets *uint64 `json:"keepDroppedTargets,omitempty"`
// Defines the strategy used to reload the Prometheus configuration.
// If not specified, the configuration is reloaded using the /-/reload HTTP endpoint.
// +optional
ReloadStrategy *ReloadStrategyType `json:"reloadStrategy,omitempty"`
// Defines the maximum time that the `prometheus` container's startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete.
// If set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes).
// +optional
// +kubebuilder:validation:Minimum=60
MaximumStartupDurationSeconds *int32 `json:"maximumStartupDurationSeconds,omitempty"`
// List of scrape classes to expose to scraping objects such as
// PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.
//
// This is an *experimental feature*, it may change in any upcoming release
// in a breaking way.
//
// +listType=map
// +listMapKey=name
ScrapeClasses []ScrapeClass `json:"scrapeClasses,omitempty"`
// Optional duration in seconds the pod needs to terminate gracefully. May be
// decreased in delete request. Value must be non-negative integer. The value
// zero indicates stop immediately via the kill signal (no opportunity to
// shutdown). If this value is nil, the default grace period will be used
// instead.
// The grace period is the duration in seconds after the processes running in
// the pod are sent a termination signal and the time when the processes are
// forcibly halted with a kill signal. Set this value longer than the
// expected cleanup time for your process.
// Default value is set to 10 minutes because Prometheus may take quite long
// time to checkpoint existing data before shutdown.
// +optional
// +kubebuilder:default:=600
PodTerminationGracePeriodSeconds *uint64 `json:"podTerminationGracePeriodSeconds,omitempty"`
}
// +kubebuilder:validation:Enum=HTTP;ProcessSignal
type ReloadStrategyType string
const (
// HTTPReloadStrategyType reloads the configuration using the /-/reload HTTP endpoint.
HTTPReloadStrategyType ReloadStrategyType = "HTTP"
// ProcessSignalReloadStrategyType reloads the configuration by sending a SIGHUP signal to the process.
ProcessSignalReloadStrategyType ReloadStrategyType = "ProcessSignal"
)
func (cpf *CommonPrometheusFields) PrometheusURIScheme() string {
if cpf.Web != nil && cpf.Web.TLSConfig != nil {
return "https"
}
return "http"
}
func (cpf *CommonPrometheusFields) WebRoutePrefix() string {
if cpf.RoutePrefix != "" {
return cpf.RoutePrefix
}
return "/"
}
// +genclient
// +k8s:openapi-gen=true
// +kubebuilder:resource:categories="prometheus-operator",shortName="prom"
// +kubebuilder:printcolumn:name="Version",type="string",JSONPath=".spec.version",description="The version of Prometheus"
// +kubebuilder:printcolumn:name="Desired",type="integer",JSONPath=".spec.replicas",description="The number of desired replicas"
// +kubebuilder:printcolumn:name="Ready",type="integer",JSONPath=".status.availableReplicas",description="The number of ready replicas"
// +kubebuilder:printcolumn:name="Reconciled",type="string",JSONPath=".status.conditions[?(@.type == 'Reconciled')].status"
// +kubebuilder:printcolumn:name="Available",type="string",JSONPath=".status.conditions[?(@.type == 'Available')].status"
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:printcolumn:name="Paused",type="boolean",JSONPath=".status.paused",description="Whether the resource reconciliation is paused or not",priority=1
// +kubebuilder:subresource:status
// +kubebuilder:subresource:scale:specpath=.spec.shards,statuspath=.status.shards,selectorpath=.status.selector
// +genclient:method=GetScale,verb=get,subresource=scale,result=k8s.io/api/autoscaling/v1.Scale
// +genclient:method=UpdateScale,verb=update,subresource=scale,input=k8s.io/api/autoscaling/v1.Scale,result=k8s.io/api/autoscaling/v1.Scale
// Prometheus defines a Prometheus deployment.
type Prometheus struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Specification of the desired behavior of the Prometheus cluster. More info:
// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Spec PrometheusSpec `json:"spec"`
// Most recent observed status of the Prometheus cluster. Read-only.
// More info:
// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
Status PrometheusStatus `json:"status,omitempty"`
}
// DeepCopyObject implements the runtime.Object interface.
func (l *Prometheus) DeepCopyObject() runtime.Object {
return l.DeepCopy()
}
// PrometheusList is a list of Prometheuses.
// +k8s:openapi-gen=true
type PrometheusList struct {
metav1.TypeMeta `json:",inline"`
// Standard list metadata
// More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata,omitempty"`
// List of Prometheuses
Items []*Prometheus `json:"items"`
}
// DeepCopyObject implements the runtime.Object interface.
func (l *PrometheusList) DeepCopyObject() runtime.Object {
return l.DeepCopy()
}
// PrometheusSpec is a specification of the desired behavior of the Prometheus cluster. More info:
// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +k8s:openapi-gen=true
type PrometheusSpec struct {
CommonPrometheusFields `json:",inline"`
// Deprecated: use 'spec.image' instead.
BaseImage string `json:"baseImage,omitempty"`
// Deprecated: use 'spec.image' instead. The image's tag can be specified as part of the image name.
Tag string `json:"tag,omitempty"`
// Deprecated: use 'spec.image' instead. The image's digest can be specified as part of the image name.
SHA string `json:"sha,omitempty"`
// How long to retain the Prometheus data.
//
// Default: "24h" if `spec.retention` and `spec.retentionSize` are empty.
Retention Duration `json:"retention,omitempty"`
// Maximum number of bytes used by the Prometheus data.
RetentionSize ByteSize `json:"retentionSize,omitempty"`
// When true, the Prometheus compaction is disabled.
DisableCompaction bool `json:"disableCompaction,omitempty"`
// Defines the configuration of the Prometheus rules' engine.
Rules Rules `json:"rules,omitempty"`
// Defines the list of PrometheusRule objects to which the namespace label
// enforcement doesn't apply.
// This is only relevant when `spec.enforcedNamespaceLabel` is set to true.
// +optional
// Deprecated: use `spec.excludedFromEnforcement` instead.
PrometheusRulesExcludedFromEnforce []PrometheusRuleExcludeConfig `json:"prometheusRulesExcludedFromEnforce,omitempty"`
// PrometheusRule objects to be selected for rule evaluation. An empty
// label selector matches all objects. A null label selector matches no
// objects.
// +optional
RuleSelector *metav1.LabelSelector `json:"ruleSelector,omitempty"`
// Namespaces to match for PrometheusRule discovery. An empty label selector
// matches all namespaces. A null label selector matches the current
// namespace only.
// +optional
RuleNamespaceSelector *metav1.LabelSelector `json:"ruleNamespaceSelector,omitempty"`
// QuerySpec defines the configuration of the Promethus query service.
// +optional
Query *QuerySpec `json:"query,omitempty"`
// Defines the settings related to Alertmanager.
// +optional
Alerting *AlertingSpec `json:"alerting,omitempty"`
// AdditionalAlertRelabelConfigs specifies a key of a Secret containing
// additional Prometheus alert relabel configurations. The alert relabel
// configurations are appended to the configuration generated by the
// Prometheus Operator. They must be formatted according to the official
// Prometheus documentation:
//
// https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs
//
// The user is responsible for making sure that the configurations are valid
//
// Note that using this feature may expose the possibility to break
// upgrades of Prometheus. It is advised to review Prometheus release notes
// to ensure that no incompatible alert relabel configs are going to break
// Prometheus after the upgrade.
// +optional
AdditionalAlertRelabelConfigs *v1.SecretKeySelector `json:"additionalAlertRelabelConfigs,omitempty"`
// AdditionalAlertManagerConfigs specifies a key of a Secret containing
// additional Prometheus Alertmanager configurations. The Alertmanager
// configurations are appended to the configuration generated by the
// Prometheus Operator. They must be formatted according to the official
// Prometheus documentation:
//
// https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
//
// The user is responsible for making sure that the configurations are valid
//
// Note that using this feature may expose the possibility to break
// upgrades of Prometheus. It is advised to review Prometheus release notes
// to ensure that no incompatible AlertManager configs are going to break
// Prometheus after the upgrade.
// +optional
AdditionalAlertManagerConfigs *v1.SecretKeySelector `json:"additionalAlertManagerConfigs,omitempty"`
// Defines the list of remote read configurations.
// +optional
RemoteRead []RemoteReadSpec `json:"remoteRead,omitempty"`
// Defines the configuration of the optional Thanos sidecar.
//
// +optional
Thanos *ThanosSpec `json:"thanos,omitempty"`
// queryLogFile specifies where the file to which PromQL queries are logged.
//
// If the filename has an empty path, e.g. 'query.log', The Prometheus Pods
// will mount the file into an emptyDir volume at `/var/log/prometheus`.
// If a full path is provided, e.g. '/var/log/prometheus/query.log', you
// must mount a volume in the specified directory and it must be writable.
// This is because the prometheus container runs with a read-only root
// filesystem for security reasons.
// Alternatively, the location can be set to a standard I/O stream, e.g.
// `/dev/stdout`, to log query information to the default Prometheus log
// stream.
QueryLogFile string `json:"queryLogFile,omitempty"`
// AllowOverlappingBlocks enables vertical compaction and vertical query
// merge in Prometheus.
//
// Deprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.
AllowOverlappingBlocks bool `json:"allowOverlappingBlocks,omitempty"`
// Exemplars related settings that are runtime reloadable.
// It requires to enable the `exemplar-storage` feature flag to be effective.
// +optional
Exemplars *Exemplars `json:"exemplars,omitempty"`
// Interval between rule evaluations.
// Default: "30s"
// +kubebuilder:default:="30s"
EvaluationInterval Duration `json:"evaluationInterval,omitempty"`
// Enables access to the Prometheus web admin API.
//
// WARNING: Enabling the admin APIs enables mutating endpoints, to delete data,
// shutdown Prometheus, and more. Enabling this should be done with care and the
// user is advised to add additional authentication authorization via a proxy to
// ensure only clients authorized to perform these actions can do so.
//
// For more information:
// https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis
EnableAdminAPI bool `json:"enableAdminAPI,omitempty"`
// Defines the runtime reloadable configuration of the timeseries database
// (TSDB).
TSDB TSDBSpec `json:"tsdb,omitempty"`
}
type PrometheusTracingConfig struct {
// Client used to export the traces. Supported values are `http` or `grpc`.
// +kubebuilder:validation:Enum=http;grpc
// +optional
ClientType *string `json:"clientType"`
// Endpoint to send the traces to. Should be provided in format <host>:<port>.
// +kubebuilder:validation:MinLength:=1
// +required
Endpoint string `json:"endpoint"`
// Sets the probability a given trace will be sampled. Must be a float from 0 through 1.
// +optional
SamplingFraction *resource.Quantity `json:"samplingFraction"`
// If disabled, the client will use a secure connection.
// +optional
Insecure *bool `json:"insecure"`
// Key-value pairs to be used as headers associated with gRPC or HTTP requests.
// +optional
Headers map[string]string `json:"headers"`
// Compression key for supported compression types. The only supported value is `gzip`.
// +kubebuilder:validation:Enum=gzip
// +optional
Compression *string `json:"compression"`
// Maximum time the exporter will wait for each batch export.
// +optional
Timeout *Duration `json:"timeout"`
// TLS Config to use when sending traces.
// +optional
TLSConfig *TLSConfig `json:"tlsConfig"`
}
// PrometheusStatus is the most recent observed status of the Prometheus cluster.
// More info:
// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
// +k8s:openapi-gen=true
type PrometheusStatus struct {
// Represents whether any actions on the underlying managed objects are
// being performed. Only delete actions will be performed.
Paused bool `json:"paused"`
// Total number of non-terminated pods targeted by this Prometheus deployment
// (their labels match the selector).
Replicas int32 `json:"replicas"`
// Total number of non-terminated pods targeted by this Prometheus deployment
// that have the desired version spec.
UpdatedReplicas int32 `json:"updatedReplicas"`
// Total number of available pods (ready for at least minReadySeconds)
// targeted by this Prometheus deployment.
AvailableReplicas int32 `json:"availableReplicas"`
// Total number of unavailable pods targeted by this Prometheus deployment.
UnavailableReplicas int32 `json:"unavailableReplicas"`
// The current state of the Prometheus deployment.
// +listType=map
// +listMapKey=type
// +optional
Conditions []Condition `json:"conditions,omitempty"`
// The list has one entry per shard. Each entry provides a summary of the shard status.
// +listType=map
// +listMapKey=shardID
// +optional
ShardStatuses []ShardStatus `json:"shardStatuses,omitempty"`
// Shards is the most recently observed number of shards.
Shards int32 `json:"shards,omitempty"`
// The selector used to match the pods targeted by this Prometheus resource.
Selector string `json:"selector,omitempty"`
}
// AlertingSpec defines parameters for alerting configuration of Prometheus servers.
// +k8s:openapi-gen=true
type AlertingSpec struct {
// AlertmanagerEndpoints Prometheus should fire alerts against.
Alertmanagers []AlertmanagerEndpoints `json:"alertmanagers"`
}
// StorageSpec defines the configured storage for a group Prometheus servers.
// If no storage option is specified, then by default an [EmptyDir](https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) will be used.
//
// If multiple storage options are specified, priority will be given as follows: