diff --git a/go.mod b/go.mod index 0fde35d03..664b77007 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/openshift/api v0.0.0-20240625084701-0689f006bcde github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87 github.com/operator-framework/api v0.26.0 - github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.75.2 + github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.76.0 github.com/prometheus/client_golang v1.20.2 github.com/regclient/regclient v0.7.1 github.com/sirupsen/logrus v1.9.3 diff --git a/go.sum b/go.sum index f98a3aefa..beb3ffe41 100644 --- a/go.sum +++ b/go.sum @@ -300,8 +300,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY= github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg= -github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.75.2 h1:6UsAv+jAevuGO2yZFU/BukV4o9NKnFMOuoouSA4G0ns= -github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.75.2/go.mod h1:XYrdZw5dW12Cjkt4ndbeNZZTBp4UCHtW0ccR9+sTtPU= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.76.0 h1:tRwEFYFg+To2TGnibGl8dHBCh8Z/BVNKnXj2O5Za/2M= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.76.0/go.mod h1:Rd8YnCqz+2FYsiGmE2DMlaLjQRB4v2jFNnzCt9YY4IM= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/LICENSE b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/LICENSE index e06d20818..74e6ec696 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/LICENSE +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/LICENSE @@ -176,7 +176,7 @@ Apache License END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. - + To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "{}" replaced with your own identifying information. (Don't include @@ -199,4 +199,3 @@ Apache License WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/alertmanager_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/alertmanager_types.go index f99dedf43..5566305fa 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/alertmanager_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/alertmanager_types.go @@ -37,8 +37,15 @@ const ( // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" // +kubebuilder:printcolumn:name="Paused",type="boolean",JSONPath=".status.paused",description="Whether the resource reconciliation is paused or not",priority=1 // +kubebuilder:subresource:status +// +kubebuilder:subresource:scale:specpath=.spec.replicas,statuspath=.status.replicas,selectorpath=.status.selector +// +genclient:method=GetScale,verb=get,subresource=scale,result=k8s.io/api/autoscaling/v1.Scale +// +genclient:method=UpdateScale,verb=update,subresource=scale,input=k8s.io/api/autoscaling/v1.Scale,result=k8s.io/api/autoscaling/v1.Scale -// Alertmanager describes an Alertmanager cluster. +// The `Alertmanager` custom resource definition (CRD) defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more. +// +// For each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode. +// +// The resource defines via label and namespace selectors which `AlertmanagerConfig` objects should be associated to the deployed Alertmanager instances. type Alertmanager struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -222,12 +229,14 @@ type AlertmanagerSpec struct { ForceEnableClusterMode bool `json:"forceEnableClusterMode,omitempty"` // AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. AlertmanagerConfigSelector *metav1.LabelSelector `json:"alertmanagerConfigSelector,omitempty"` - // The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects match the alerts. - // In the future more options may be added. - AlertmanagerConfigMatcherStrategy AlertmanagerConfigMatcherStrategy `json:"alertmanagerConfigMatcherStrategy,omitempty"` // Namespaces to be selected for AlertmanagerConfig discovery. If nil, only // check own namespace. AlertmanagerConfigNamespaceSelector *metav1.LabelSelector `json:"alertmanagerConfigNamespaceSelector,omitempty"` + + // AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects + // process incoming alerts. + AlertmanagerConfigMatcherStrategy AlertmanagerConfigMatcherStrategy `json:"alertmanagerConfigMatcherStrategy,omitempty"` + // Minimum number of seconds for which a newly created pod should be ready // without any of its container crashing for it to be considered available. // Defaults to 0 (pod will be considered available as soon as it is ready) @@ -263,16 +272,31 @@ type AlertmanagerSpec struct { EnableFeatures []string `json:"enableFeatures,omitempty"` } -// AlertmanagerConfigMatcherStrategy defines the strategy used by AlertmanagerConfig objects to match alerts. type AlertmanagerConfigMatcherStrategy struct { - // If set to `OnNamespace`, the operator injects a label matcher matching the namespace of the AlertmanagerConfig object for all its routes and inhibition rules. - // `None` will not add any additional matchers other than the ones specified in the AlertmanagerConfig. - // Default is `OnNamespace`. + // AlertmanagerConfigMatcherStrategyType defines the strategy used by + // AlertmanagerConfig objects to match alerts in the routes and inhibition + // rules. + // + // The default value is `OnNamespace`. + // // +kubebuilder:validation:Enum="OnNamespace";"None" // +kubebuilder:default:="OnNamespace" - Type string `json:"type,omitempty"` + Type AlertmanagerConfigMatcherStrategyType `json:"type,omitempty"` } +type AlertmanagerConfigMatcherStrategyType string + +const ( + // With `OnNamespace`, the route and inhibition rules of an + // AlertmanagerConfig object only process alerts that have a `namespace` + // label equal to the namespace of the object. + OnNamespaceConfigMatcherStrategyType AlertmanagerConfigMatcherStrategyType = "OnNamespace" + + // With `None`, the route and inhbition rules of an AlertmanagerConfig + // object process all incoming alerts. + NoneConfigMatcherStrategyType AlertmanagerConfigMatcherStrategyType = "None" +) + // AlertmanagerConfiguration defines the Alertmanager configuration. // +k8s:openapi-gen=true type AlertmanagerConfiguration struct { @@ -336,6 +360,8 @@ type AlertmanagerStatus struct { AvailableReplicas int32 `json:"availableReplicas"` // Total number of unavailable pods targeted by this Alertmanager object. UnavailableReplicas int32 `json:"unavailableReplicas"` + // The selector used to match the pods targeted by this Alertmanager object. + Selector string `json:"selector,omitempty"` // The current state of the Alertmanager object. // +listType=map // +listMapKey=type diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go index aa0217501..5a3ced2f9 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go @@ -31,7 +31,14 @@ const ( // +k8s:openapi-gen=true // +kubebuilder:resource:categories="prometheus-operator",shortName="pmon" -// PodMonitor defines monitoring for a set of pods. +// The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods. +// Among other things, it allows to specify: +// * The pods to scrape via label selectors. +// * The container ports to scrape. +// * Authentication credentials to use. +// * Target and metric relabeling. +// +// `Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors. type PodMonitor struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -64,15 +71,15 @@ type PodMonitorSpec struct { // PodTargetLabels []string `json:"podTargetLabels,omitempty"` - // List of endpoints part of this PodMonitor. + // Defines how to scrape metrics from the selected pods. // // +optional PodMetricsEndpoints []PodMetricsEndpoint `json:"podMetricsEndpoints"` - // Label selector to select the Kubernetes `Pod` objects. + // Label selector to select the Kubernetes `Pod` objects to scrape metrics from. Selector metav1.LabelSelector `json:"selector"` - // Selector to select which namespaces the Kubernetes `Pods` objects - // are discovered from. + // `namespaceSelector` defines in which namespace(s) Prometheus should discover the pods. + // By default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces. NamespaceSelector NamespaceSelector `json:"namespaceSelector,omitempty"` // `sampleLimit` defines a per-scrape limit on the number of scraped samples @@ -127,7 +134,7 @@ type PodMonitorSpec struct { // `attachMetadata` defines additional metadata which is added to the // discovered targets. // - // It requires Prometheus >= v2.37.0. + // It requires Prometheus >= v2.35.0. // // +optional AttachMetadata *AttachMetadata `json:"attachMetadata,omitempty"` diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go index 4e8427c6c..203f72075 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go @@ -30,7 +30,13 @@ const ( // +k8s:openapi-gen=true // +kubebuilder:resource:categories="prometheus-operator",shortName="prb" -// Probe defines monitoring for a set of static targets or ingresses. +// The `Probe` custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the [blackbox exporter](https://github.com/prometheus/blackbox_exporter). +// +// The `Probe` resource needs 2 pieces of information: +// * The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects. +// * The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, ...) as Prometheus metrics. +// +// `Prometheus` and `PrometheusAgent` objects select `Probe` objects using label and namespace selectors. type Probe struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go index e22d785fb..b3baf2482 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go @@ -368,6 +368,7 @@ type CommonPrometheusFields struct { // object, which shall be mounted into the Prometheus Pods. // Each Secret is added to the StatefulSet definition as a volume named `secret-`. // The Secrets are mounted into /etc/prometheus/secrets/ in the 'prometheus' container. + // +listType:=set Secrets []string `json:"secrets,omitempty"` // ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus // object, which shall be mounted into the Prometheus Pods. @@ -771,6 +772,15 @@ type CommonPrometheusFields struct { // +listType=map // +listMapKey=name ScrapeClasses []ScrapeClass `json:"scrapeClasses,omitempty"` + + // Defines the service discovery role used to discover targets from + // `ServiceMonitor` objects and Alertmanager endpoints. + // + // If set, the value should be either "Endpoints" or "EndpointSlice". + // If unset, the operator assumes the "Endpoints" role. + // + // +optional + ServiceDiscoveryRole *ServiceDiscoveryRole `json:"serviceDiscoveryRole,omitempty"` } // +kubebuilder:validation:Enum=HTTP;ProcessSignal @@ -784,6 +794,14 @@ const ( ProcessSignalReloadStrategyType ReloadStrategyType = "ProcessSignal" ) +// +kubebuilder:validation:Enum=Endpoints;EndpointSlice +type ServiceDiscoveryRole string + +const ( + EndpointsRole ServiceDiscoveryRole = "Endpoints" + EndpointSliceRole ServiceDiscoveryRole = "EndpointSlice" +) + func (cpf *CommonPrometheusFields) PrometheusURIScheme() string { if cpf.Web != nil && cpf.Web.TLSConfig != nil { return "https" @@ -815,7 +833,13 @@ func (cpf *CommonPrometheusFields) WebRoutePrefix() string { // +genclient:method=GetScale,verb=get,subresource=scale,result=k8s.io/api/autoscaling/v1.Scale // +genclient:method=UpdateScale,verb=update,subresource=scale,input=k8s.io/api/autoscaling/v1.Scale,result=k8s.io/api/autoscaling/v1.Scale -// Prometheus defines a Prometheus deployment. +// The `Prometheus` custom resource definition (CRD) defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more. +// +// For each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default. +// +// The resource defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor`, `Probe` and `PrometheusRule` objects should be associated to the deployed Prometheus instances. +// +// The Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed. type Prometheus struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -1060,7 +1084,7 @@ type PrometheusStatus struct { // AlertingSpec defines parameters for alerting configuration of Prometheus servers. // +k8s:openapi-gen=true type AlertingSpec struct { - // AlertmanagerEndpoints Prometheus should fire alerts against. + // Alertmanager endpoints where Prometheus should send alerts to. Alertmanagers []AlertmanagerEndpoints `json:"alertmanagers"` } @@ -1705,8 +1729,18 @@ type APIServerConfig struct { // +k8s:openapi-gen=true type AlertmanagerEndpoints struct { // Namespace of the Endpoints object. - Namespace string `json:"namespace"` + // + // If not set, the object will be discovered in the namespace of the + // Prometheus object. + // + // +kubebuilder:validation:MinLength:=1 + // +optional + Namespace *string `json:"namespace,omitempty"` + // Name of the Endpoints object in the namespace. + // + // +kubebuilder:validation:MinLength:=1 + // +required Name string `json:"name"` // Port on which the Alertmanager API is exposed. @@ -1969,4 +2003,11 @@ type ScrapeClass struct { // // +optional MetricRelabelings []RelabelConfig `json:"metricRelabelings,omitempty"` + + // AttachMetadata configures additional metadata to the discovered targets. + // When the scrape object defines its own configuration, it takes + // precedence over the scrape class configuration. + // + // +optional + AttachMetadata *AttachMetadata `json:"attachMetadata,omitempty"` } diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheusrule_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheusrule_types.go index 8c9a4afe6..f0a1cf4b1 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheusrule_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheusrule_types.go @@ -30,7 +30,9 @@ const ( // +k8s:openapi-gen=true // +kubebuilder:resource:categories="prometheus-operator",shortName="promrule" -// PrometheusRule defines recording and alerting rules for a Prometheus instance +// The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects. +// +// `Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors. type PrometheusRule struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/servicemonitor_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/servicemonitor_types.go index 8002a1328..2b977a33e 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/servicemonitor_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/servicemonitor_types.go @@ -29,7 +29,14 @@ const ( // +k8s:openapi-gen=true // +kubebuilder:resource:categories="prometheus-operator",shortName="smon" -// ServiceMonitor defines monitoring for a set of services. +// The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of services. +// Among other things, it allows to specify: +// * The services to scrape via label selectors. +// * The container ports to scrape. +// * Authentication credentials to use. +// * Target and metric relabeling. +// +// `Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label and namespace selectors. type ServiceMonitor struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -70,14 +77,14 @@ type ServiceMonitorSpec struct { PodTargetLabels []string `json:"podTargetLabels,omitempty"` // List of endpoints part of this ServiceMonitor. - // - // +optional + // Defines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects. + // In most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels. Endpoints []Endpoint `json:"endpoints"` - // Label selector to select the Kubernetes `Endpoints` objects. + // Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from. Selector metav1.LabelSelector `json:"selector"` - // Selector to select which namespaces the Kubernetes `Endpoints` objects - // are discovered from. + // `namespaceSelector` defines in which namespace(s) Prometheus should discover the services. + // By default, the services are discovered in the same namespace as the `ServiceMonitor` object but it is possible to select pods across different/all namespaces. NamespaceSelector NamespaceSelector `json:"namespaceSelector,omitempty"` // `sampleLimit` defines a per-scrape limit on the number of scraped samples diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/thanos_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/thanos_types.go index 82c569ee1..14908da1a 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/thanos_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/thanos_types.go @@ -38,7 +38,11 @@ const ( // +kubebuilder:printcolumn:name="Paused",type="boolean",JSONPath=".status.paused",description="Whether the resource reconciliation is paused or not",priority=1 // +kubebuilder:subresource:status -// ThanosRuler defines a ThanosRuler deployment. +// The `ThanosRuler` custom resource definition (CRD) defines a desired [Thanos Ruler](https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md) setup to run in a Kubernetes cluster. +// +// A `ThanosRuler` instance requires at least one compatible Prometheus API endpoint (either Thanos Querier or Prometheus services). +// +// The resource defines via label and namespace selectors which `PrometheusRule` objects should be associated to the deployed Thanos Ruler instances. type ThanosRuler struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/types.go index 5676566fa..21229f248 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/types.go @@ -17,6 +17,7 @@ package v1 import ( "errors" "fmt" + "strings" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -531,8 +532,11 @@ type Endpoint struct { } type AttachMetadata struct { - // When set to true, Prometheus must have the `get` permission on the - // `Nodes` objects. + // When set to true, Prometheus attaches node metadata to the discovered + // targets. + // + // The Prometheus service account must have the `list` and `watch` + // permissions on the `Nodes` objects. // // +optional Node *bool `json:"node,omitempty"` @@ -565,6 +569,19 @@ type OAuth2 struct { // // +optional EndpointParams map[string]string `json:"endpointParams,omitempty"` + + // TLS configuration to use when connecting to the OAuth2 server. + // It requires Prometheus >= v2.43.0. + // + // +optional + TLSConfig *SafeTLSConfig `json:"tlsConfig,omitempty"` + + // Proxy configuration to use when connecting to the OAuth2 server. + // It requires Prometheus >= v2.43.0. + // It is not supported yet for Alertmanager. + // + // +optional + ProxyConfig `json:",inline"` } type OAuth2ValidationError struct { @@ -590,6 +607,12 @@ func (o *OAuth2) Validate() error { } } + if err := o.TLSConfig.Validate(); err != nil { + return &OAuth2ValidationError{ + err: fmt.Sprintf("invalid OAuth2 tlsConfig: %s", err.Error()), + } + } + return nil } @@ -642,6 +665,16 @@ func (c *SecretOrConfigMap) String() string { return "" } +// +kubebuilder:validation:Enum=TLS10;TLS11;TLS12;TLS13 +type TLSVersion string + +const ( + TLSVersion10 TLSVersion = "TLS10" + TLSVersion11 TLSVersion = "TLS11" + TLSVersion12 TLSVersion = "TLS12" + TLSVersion13 TLSVersion = "TLS13" +) + // SafeTLSConfig specifies safe TLS configuration parameters. // +k8s:openapi-gen=true type SafeTLSConfig struct { @@ -655,12 +688,24 @@ type SafeTLSConfig struct { KeySecret *v1.SecretKeySelector `json:"keySecret,omitempty"` // Used to verify the hostname for the targets. - //+optional + // +optional ServerName *string `json:"serverName,omitempty"` // Disable target certificate validation. - //+optional + // +optional InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"` + + // Minimum acceptable TLS version. + // + // It requires Prometheus >= v2.35.0. + // +optional + MinVersion *TLSVersion `json:"minVersion,omitempty"` + + // Maximum acceptable TLS version. + // + // It requires Prometheus >= v2.41.0. + // +optional + MaxVersion *TLSVersion `json:"maxVersion,omitempty"` } // Validate semantically validates the given SafeTLSConfig. @@ -685,6 +730,10 @@ func (c *SafeTLSConfig) Validate() error { return fmt.Errorf("client key specified without client cert") } + if c.MaxVersion != nil && c.MinVersion != nil && strings.Compare(string(*c.MaxVersion), string(*c.MinVersion)) == -1 { + return fmt.Errorf("maxVersion must more than or equal to minVersion") + } + return nil } @@ -735,6 +784,10 @@ func (c *TLSConfig) Validate() error { return fmt.Errorf("cannot specify client key without client cert") } + if c.MaxVersion != nil && c.MinVersion != nil && strings.Compare(string(*c.MaxVersion), string(*c.MinVersion)) == -1 { + return fmt.Errorf("maxVersion must more than or equal to minVersion") + } + return nil } diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/zz_generated.deepcopy.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/zz_generated.deepcopy.go index 51c19b2b5..bf72f1451 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/zz_generated.deepcopy.go @@ -141,6 +141,11 @@ func (in *AlertmanagerConfiguration) DeepCopy() *AlertmanagerConfiguration { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AlertmanagerEndpoints) DeepCopyInto(out *AlertmanagerEndpoints) { *out = *in + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(string) + **out = **in + } out.Port = in.Port if in.TLSConfig != nil { in, out := &in.TLSConfig, &out.TLSConfig @@ -380,12 +385,12 @@ func (in *AlertmanagerSpec) DeepCopyInto(out *AlertmanagerSpec) { *out = new(metav1.LabelSelector) (*in).DeepCopyInto(*out) } - out.AlertmanagerConfigMatcherStrategy = in.AlertmanagerConfigMatcherStrategy if in.AlertmanagerConfigNamespaceSelector != nil { in, out := &in.AlertmanagerConfigNamespaceSelector, &out.AlertmanagerConfigNamespaceSelector *out = new(metav1.LabelSelector) (*in).DeepCopyInto(*out) } + out.AlertmanagerConfigMatcherStrategy = in.AlertmanagerConfigMatcherStrategy if in.MinReadySeconds != nil { in, out := &in.MinReadySeconds, &out.MinReadySeconds *out = new(uint32) @@ -969,6 +974,11 @@ func (in *CommonPrometheusFields) DeepCopyInto(out *CommonPrometheusFields) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ServiceDiscoveryRole != nil { + in, out := &in.ServiceDiscoveryRole, &out.ServiceDiscoveryRole + *out = new(ServiceDiscoveryRole) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonPrometheusFields. @@ -1412,6 +1422,12 @@ func (in *OAuth2) DeepCopyInto(out *OAuth2) { (*out)[key] = val } } + if in.TLSConfig != nil { + in, out := &in.TLSConfig, &out.TLSConfig + *out = new(SafeTLSConfig) + (*in).DeepCopyInto(*out) + } + in.ProxyConfig.DeepCopyInto(&out.ProxyConfig) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2. @@ -2670,6 +2686,16 @@ func (in *SafeTLSConfig) DeepCopyInto(out *SafeTLSConfig) { *out = new(bool) **out = **in } + if in.MinVersion != nil { + in, out := &in.MinVersion, &out.MinVersion + *out = new(TLSVersion) + **out = **in + } + if in.MaxVersion != nil { + in, out := &in.MaxVersion, &out.MaxVersion + *out = new(TLSVersion) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SafeTLSConfig. @@ -2709,6 +2735,11 @@ func (in *ScrapeClass) DeepCopyInto(out *ScrapeClass) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.AttachMetadata != nil { + in, out := &in.AttachMetadata, &out.AttachMetadata + *out = new(AttachMetadata) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScrapeClass. diff --git a/vendor/modules.txt b/vendor/modules.txt index b7ca4f0ad..b5f064c4d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -445,7 +445,7 @@ github.com/pkg/errors # github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 ## explicit github.com/pmezard/go-difflib/difflib -# github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.75.2 +# github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.76.0 ## explicit; go 1.22.0 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1