diff --git a/Makefile b/Makefile index 5c9538f32..ebe5489ee 100644 --- a/Makefile +++ b/Makefile @@ -94,4 +94,4 @@ clean: ## Clean the project .PHONY: pre-commit-hook pre-commit-hook: ## Install pre-commit hook in .git/hooks - /usr/bin/cp -fa .githooks/pre-commit .git/hooks/pre-commit \ No newline at end of file + /usr/bin/cp -fa .githooks/pre-commit .git/hooks/pre-commit diff --git a/class/appcat.yml b/class/appcat.yml index 877139679..1e65f8bd7 100644 --- a/class/appcat.yml +++ b/class/appcat.yml @@ -71,6 +71,7 @@ parameters: - ${_base_directory}/component/vshn_appcat_services.jsonnet - ${_base_directory}/component/billing.jsonnet - ${_base_directory}/component/rbac_testing.jsonnet + - ${_base_directory}/component/vshn_nextcloud.jsonnet input_type: jsonnet output_path: appcat/ diff --git a/class/defaults.yml b/class/defaults.yml index b821cec21..dbc45fefc 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -55,7 +55,7 @@ parameters: appcat: registry: ghcr.io repository: vshn/appcat - tag: v4.102.1 + tag: v4.104.0 functionAppcat: registry: ${appcat:images:appcat:registry} repository: ${appcat:images:appcat:repository} @@ -85,6 +85,10 @@ parameters: registry: docker.io image: proxysql/proxysql version: '2.7.1' + collabora: + registry: docker.io + image: collabora/code + tag: "24.04.9.2.1" =_crd_version: ${appcat:images:appcat:tag} namespace: syn-appcat @@ -866,10 +870,13 @@ parameters: restoreSA: nextcloudserviceaccount restoreRoleRules: ${appcat:defaultRestoreRoleRules} additionalInputs: + collabora_image: ${appcat:images:collabora:registry}/${appcat:images:collabora:image}:${appcat:images:collabora:tag} + collaboraCPULimit: "1" + collaboraCPURequests: 250m + collaboraMemoryLimit: 1Gi + collaboraMemoryRequests: 256Mi ingress_annotations: | cert-manager.io/cluster-issuer: letsencrypt-production - haproxy.router.openshift.io/timeout: 120s - haproxy.router.openshift.io/hsts_header: max-age=31536000;preload openshiftTemplate: serviceName: nextcloudbyvshn description: "Nextcloud is an open source suite of client-server software for creating and using file hosting services." diff --git a/component/provider.jsonnet b/component/provider.jsonnet index 938beb38d..cf7ed9457 100644 --- a/component/provider.jsonnet +++ b/component/provider.jsonnet @@ -54,7 +54,7 @@ local providerRBAC = { }, { apiGroups: [ '' ], - resources: [ 'namespaces', 'serviceaccounts', 'secrets', 'pods', 'pods/log', 'pods/portforward', 'pods/status', 'services' ], + resources: [ 'namespaces', 'serviceaccounts', 'secrets', 'pods', 'pods/log', 'pods/portforward', 'pods/status', 'pods/attach', 'pods/exec', 'services' ], verbs: [ 'get', 'list', 'watch', 'create', 'watch', 'patch', 'update', 'delete' ], }, { @@ -65,7 +65,7 @@ local providerRBAC = { { apiGroups: [ 'apps' ], resources: [ 'statefulsets', 'deployments' ], - verbs: [ 'get', 'delete', 'watch', 'list', 'patch' ], + verbs: [ 'get', 'delete', 'watch', 'list', 'patch', 'update', 'create' ], }, { apiGroups: [ 'rbac.authorization.k8s.io' ], @@ -164,10 +164,20 @@ local providerRBAC = { verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ], }, { - apiGroups: [ 'apps' ], - resources: [ 'statefulsets' ], + apiGroups: [ 'networking.k8s.io' ], + resources: [ 'ingresses' ], + verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ], + }, + { + apiGroups: [ '' ], + resources: [ 'persistentvolumeclaims' ], verbs: [ 'get', 'list', 'watch', 'create', 'watch', 'patch', 'update', 'delete' ], }, + { + apiGroups: [ 'security.openshift.io' ], + resources: [ 'securitycontextconstraints' ], + verbs: [ 'use' ], + }, ], }, helm: { diff --git a/component/vshn_nextcloud.jsonnet b/component/vshn_nextcloud.jsonnet new file mode 100644 index 000000000..5d0c983bb --- /dev/null +++ b/component/vshn_nextcloud.jsonnet @@ -0,0 +1,50 @@ +local com = import 'lib/commodore.libjsonnet'; +local kap = import 'lib/kapitan.libjsonnet'; +local kube = import 'lib/kube.libjsonnet'; + +local common = import 'common.libsonnet'; + +local inv = kap.inventory(); +local params = inv.parameters.appcat; +local nextcloudParams = params.services.vshn.nextcloud; +local isOpenshift = std.startsWith(inv.parameters.facts.distribution, 'openshift') || inv.parameters.facts.distribution == 'oke'; + + +local scc = + { + allowHostDirVolumePlugin: true, + allowHostIPC: true, + allowHostNetwork: true, + allowHostPID: true, + allowHostPorts: true, + allowPrivilegeEscalation: false, + allowPrivilegedContainer: true, + allowedCapabilities: [ + 'MKNOD', + 'CHOWN', + 'SYS_CHROOT', + 'FOWNER', + ], + apiVersion: 'security.openshift.io/v1', + defaultAddCapabilities: [ + 'MKNOD', + 'CHOWN', + 'SYS_CHROOT', + 'FOWNER', + ], + kind: 'SecurityContextConstraints', + metadata: { + name: 'appcat-collabora', + }, + readOnlyRootFilesystem: false, + runAsUser: { + type: 'MustRunAsNonRoot', + }, + seLinuxContext: { + type: 'MustRunAs', + }, + }; + +if params.services.vshn.enabled then { + [if params.services.vshn.nextcloud.enabled && isOpenshift then '22_scc_appcat']: scc, +} else {} diff --git a/tests/golden/apiserver/appcat/appcat/10_function_appcat.yaml b/tests/golden/apiserver/appcat/appcat/10_function_appcat.yaml index a3fc26309..92b56c878 100644 --- a/tests/golden/apiserver/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/apiserver/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.102.1-func + package: ghcr.io/vshn/appcat:v4.104.0-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/apiserver/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/apiserver/appcat/appcat/apiserver/30_deployment.yaml index ba8231d36..0c94c0788 100644 --- a/tests/golden/apiserver/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/apiserver/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/billing/appcat/appcat/10_function_appcat.yaml b/tests/golden/billing/appcat/appcat/10_function_appcat.yaml index a3fc26309..92b56c878 100644 --- a/tests/golden/billing/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/billing/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.102.1-func + package: ghcr.io/vshn/appcat:v4.104.0-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/billing/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/billing/appcat/appcat/apiserver/30_deployment.yaml index 8c9fbb791..fbd31cd77 100644 --- a/tests/golden/billing/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/billing/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/billing/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/billing/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index d807d752f..452239552 100644 --- a/tests/golden/billing/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/billing/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml b/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml index a3fc26309..92b56c878 100644 --- a/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.102.1-func + package: ghcr.io/vshn/appcat:v4.104.0-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml index 8c9fbb791..fbd31cd77 100644 --- a/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index d807d752f..452239552 100644 --- a/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/cloudscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml b/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml index a3fc26309..92b56c878 100644 --- a/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.102.1-func + package: ghcr.io/vshn/appcat:v4.104.0-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml index 8c9fbb791..fbd31cd77 100644 --- a/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index d807d752f..452239552 100644 --- a/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/cloudscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/cloudscale/appcat/appcat/10_function_appcat.yaml b/tests/golden/cloudscale/appcat/appcat/10_function_appcat.yaml index a3fc26309..92b56c878 100644 --- a/tests/golden/cloudscale/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/cloudscale/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.102.1-func + package: ghcr.io/vshn/appcat:v4.104.0-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/cloudscale/appcat/appcat/10_provider_kubernetes.yaml b/tests/golden/cloudscale/appcat/appcat/10_provider_kubernetes.yaml index 53f7a4f13..8a2c98bb1 100644 --- a/tests/golden/cloudscale/appcat/appcat/10_provider_kubernetes.yaml +++ b/tests/golden/cloudscale/appcat/appcat/10_provider_kubernetes.yaml @@ -102,6 +102,8 @@ rules: - pods/log - pods/portforward - pods/status + - pods/attach + - pods/exec - services verbs: - get @@ -130,6 +132,8 @@ rules: - watch - list - patch + - update + - create - apiGroups: - rbac.authorization.k8s.io resourceNames: @@ -352,9 +356,21 @@ rules: - create - delete - apiGroups: - - apps + - networking.k8s.io resources: - - statefulsets + - ingresses + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - '' + resources: + - persistentvolumeclaims verbs: - get - list @@ -364,6 +380,12 @@ rules: - patch - update - delete + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - use --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/tests/golden/cloudscale/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/cloudscale/appcat/appcat/apiserver/30_deployment.yaml index 8c9fbb791..fbd31cd77 100644 --- a/tests/golden/cloudscale/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/cloudscale/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/controllers/appcat/appcat/10_function_appcat.yaml b/tests/golden/controllers/appcat/appcat/10_function_appcat.yaml index a3fc26309..92b56c878 100644 --- a/tests/golden/controllers/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/controllers/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.102.1-func + package: ghcr.io/vshn/appcat:v4.104.0-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/controllers/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/controllers/appcat/appcat/apiserver/30_deployment.yaml index 8c9fbb791..fbd31cd77 100644 --- a/tests/golden/controllers/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/controllers/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/controllers/appcat/appcat/controllers/appcat/30_deployment.yaml b/tests/golden/controllers/appcat/appcat/controllers/appcat/30_deployment.yaml index 77782c47a..5eb1c1c05 100644 --- a/tests/golden/controllers/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/tests/golden/controllers/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -23,7 +23,7 @@ spec: env: - name: PLANS_NAMESPACE value: syn-appcat - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml b/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml index a3fc26309..92b56c878 100644 --- a/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.102.1-func + package: ghcr.io/vshn/appcat:v4.104.0-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/defaults/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/defaults/appcat/appcat/apiserver/30_deployment.yaml index 8c9fbb791..fbd31cd77 100644 --- a/tests/golden/defaults/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/defaults/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index d807d752f..452239552 100644 --- a/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml b/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml index a3fc26309..92b56c878 100644 --- a/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.102.1-func + package: ghcr.io/vshn/appcat:v4.104.0-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml index 8c9fbb791..fbd31cd77 100644 --- a/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index d807d752f..452239552 100644 --- a/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/exoscale-metrics-collector-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml b/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml index a3fc26309..92b56c878 100644 --- a/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.102.1-func + package: ghcr.io/vshn/appcat:v4.104.0-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml index 8c9fbb791..fbd31cd77 100644 --- a/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index d807d752f..452239552 100644 --- a/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/exoscale-metrics-collector-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/exoscale/appcat/appcat/10_function_appcat.yaml b/tests/golden/exoscale/appcat/appcat/10_function_appcat.yaml index a3fc26309..92b56c878 100644 --- a/tests/golden/exoscale/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/exoscale/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.102.1-func + package: ghcr.io/vshn/appcat:v4.104.0-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/exoscale/appcat/appcat/10_provider_kubernetes.yaml b/tests/golden/exoscale/appcat/appcat/10_provider_kubernetes.yaml index 53f7a4f13..8a2c98bb1 100644 --- a/tests/golden/exoscale/appcat/appcat/10_provider_kubernetes.yaml +++ b/tests/golden/exoscale/appcat/appcat/10_provider_kubernetes.yaml @@ -102,6 +102,8 @@ rules: - pods/log - pods/portforward - pods/status + - pods/attach + - pods/exec - services verbs: - get @@ -130,6 +132,8 @@ rules: - watch - list - patch + - update + - create - apiGroups: - rbac.authorization.k8s.io resourceNames: @@ -352,9 +356,21 @@ rules: - create - delete - apiGroups: - - apps + - networking.k8s.io resources: - - statefulsets + - ingresses + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - '' + resources: + - persistentvolumeclaims verbs: - get - list @@ -364,6 +380,12 @@ rules: - patch - update - delete + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - use --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/tests/golden/exoscale/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/exoscale/appcat/appcat/apiserver/30_deployment.yaml index 8c9fbb791..fbd31cd77 100644 --- a/tests/golden/exoscale/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/exoscale/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/minio/appcat/appcat/10_function_appcat.yaml b/tests/golden/minio/appcat/appcat/10_function_appcat.yaml index a3fc26309..92b56c878 100644 --- a/tests/golden/minio/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/minio/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.102.1-func + package: ghcr.io/vshn/appcat:v4.104.0-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/minio/appcat/appcat/10_provider_kubernetes.yaml b/tests/golden/minio/appcat/appcat/10_provider_kubernetes.yaml index 53f7a4f13..8a2c98bb1 100644 --- a/tests/golden/minio/appcat/appcat/10_provider_kubernetes.yaml +++ b/tests/golden/minio/appcat/appcat/10_provider_kubernetes.yaml @@ -102,6 +102,8 @@ rules: - pods/log - pods/portforward - pods/status + - pods/attach + - pods/exec - services verbs: - get @@ -130,6 +132,8 @@ rules: - watch - list - patch + - update + - create - apiGroups: - rbac.authorization.k8s.io resourceNames: @@ -352,9 +356,21 @@ rules: - create - delete - apiGroups: - - apps + - networking.k8s.io resources: - - statefulsets + - ingresses + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - '' + resources: + - persistentvolumeclaims verbs: - get - list @@ -364,6 +380,12 @@ rules: - patch - update - delete + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - use --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/tests/golden/minio/appcat/appcat/21_composition_vshn_minio.yaml b/tests/golden/minio/appcat/appcat/21_composition_vshn_minio.yaml index ecd70c7d5..689971e8e 100644 --- a/tests/golden/minio/appcat/appcat/21_composition_vshn_minio.yaml +++ b/tests/golden/minio/appcat/appcat/21_composition_vshn_minio.yaml @@ -39,7 +39,7 @@ spec: emailAlertingSmtpFromAddress: appcat@appuio.cloud emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: appcat@appuio.cloud - imageTag: v4.102.1 + imageTag: v4.104.0 isOpenshift: 'false' maintenanceSA: helm-based-service-maintenance minioChartRepository: https://charts.min.io diff --git a/tests/golden/minio/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/minio/appcat/appcat/apiserver/30_deployment.yaml index ba8231d36..0c94c0788 100644 --- a/tests/golden/minio/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/minio/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/minio/appcat/appcat/controllers/appcat/30_deployment.yaml b/tests/golden/minio/appcat/appcat/controllers/appcat/30_deployment.yaml index 77782c47a..5eb1c1c05 100644 --- a/tests/golden/minio/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/tests/golden/minio/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -23,7 +23,7 @@ spec: env: - name: PLANS_NAMESPACE value: syn-appcat - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/minio/appcat/appcat/sla_reporter/01_cronjob.yaml b/tests/golden/minio/appcat/appcat/sla_reporter/01_cronjob.yaml index 6a4762f5b..49833c03a 100644 --- a/tests/golden/minio/appcat/appcat/sla_reporter/01_cronjob.yaml +++ b/tests/golden/minio/appcat/appcat/sla_reporter/01_cronjob.yaml @@ -30,7 +30,7 @@ spec: envFrom: - secretRef: name: appcat-sla-reports-creds - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 name: sla-reporter resources: limits: diff --git a/tests/golden/minio/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/minio/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index ab53fd0c2..61470dc6f 100644 --- a/tests/golden/minio/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/minio/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/openshift/appcat/appcat/10_appcat_backup_monitoring.yaml b/tests/golden/openshift/appcat/appcat/10_appcat_backup_monitoring.yaml index bb691b236..fd885bd1b 100644 --- a/tests/golden/openshift/appcat/appcat/10_appcat_backup_monitoring.yaml +++ b/tests/golden/openshift/appcat/appcat/10_appcat_backup_monitoring.yaml @@ -13,7 +13,7 @@ spec: }} has failed. runbook_url: https://kb.vshn.ch/app-catalog/how-tos/appcat/AppCatBackupJobError.html summary: AppCat service backup failed. - expr: kube_job_failed{job_name=~".*backup.*", namespace=~"vshn-(postgresql|redis)-.*"} + expr: kube_job_failed{job_name=~".*backup.*", namespace=~"vshn-(nextcloud|postgresql|redis)-.*"} > 0 for: 1m labels: diff --git a/tests/golden/openshift/appcat/appcat/10_appcat_ha_monitoring.yaml b/tests/golden/openshift/appcat/appcat/10_appcat_ha_monitoring.yaml index dea3bfc16..d64a40096 100644 --- a/tests/golden/openshift/appcat/appcat/10_appcat_ha_monitoring.yaml +++ b/tests/golden/openshift/appcat/appcat/10_appcat_ha_monitoring.yaml @@ -13,9 +13,9 @@ spec: }} has less replicas than expected. runbook_url: https://kb.vshn.ch/app-catalog/how-tos/appcat/vshn/AppCatHighAvailableDeploymentWarning.html summary: AppCat service instance has unavailable pods. - expr: kube_deployment_status_replicas{namespace=~"vshn-(postgresql|redis)-.*"} - > 1 AND kube_deployment_status_replicas{namespace=~"vshn-(postgresql|redis)-.*"} - - kube_deployment_status_replicas_ready{namespace=~"vshn-(postgresql|redis)-.*"} + expr: kube_deployment_status_replicas{namespace=~"vshn-(nextcloud|postgresql|redis)-.*"} + > 1 AND kube_deployment_status_replicas{namespace=~"vshn-(nextcloud|postgresql|redis)-.*"} + - kube_deployment_status_replicas_ready{namespace=~"vshn-(nextcloud|postgresql|redis)-.*"} > 0 for: 1m labels: @@ -27,9 +27,9 @@ spec: $labels.namespace }} has less replicas than expected. runbook_url: https://kb.vshn.ch/app-catalog/how-tos/appcat/vshn/AppCatHighAvailableStatefulsetWarning.html summary: AppCat service instance has unavailable pods. - expr: kube_statefulset_status_replicas{namespace=~"vshn-(postgresql|redis)-.*"} - > 1 AND kube_statefulset_status_replicas{namespace=~"vshn-(postgresql|redis)-.*"} - - kube_statefulset_status_replicas_ready{namespace=~"vshn-(postgresql|redis)-.*"} + expr: kube_statefulset_status_replicas{namespace=~"vshn-(nextcloud|postgresql|redis)-.*"} + > 1 AND kube_statefulset_status_replicas{namespace=~"vshn-(nextcloud|postgresql|redis)-.*"} + - kube_statefulset_status_replicas_ready{namespace=~"vshn-(nextcloud|postgresql|redis)-.*"} > 0 for: 1m labels: diff --git a/tests/golden/openshift/appcat/appcat/10_function_appcat.yaml b/tests/golden/openshift/appcat/appcat/10_function_appcat.yaml index a3fc26309..92b56c878 100644 --- a/tests/golden/openshift/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/openshift/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.102.1-func + package: ghcr.io/vshn/appcat:v4.104.0-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/openshift/appcat/appcat/10_provider_kubernetes.yaml b/tests/golden/openshift/appcat/appcat/10_provider_kubernetes.yaml index 53f7a4f13..8a2c98bb1 100644 --- a/tests/golden/openshift/appcat/appcat/10_provider_kubernetes.yaml +++ b/tests/golden/openshift/appcat/appcat/10_provider_kubernetes.yaml @@ -102,6 +102,8 @@ rules: - pods/log - pods/portforward - pods/status + - pods/attach + - pods/exec - services verbs: - get @@ -130,6 +132,8 @@ rules: - watch - list - patch + - update + - create - apiGroups: - rbac.authorization.k8s.io resourceNames: @@ -352,9 +356,21 @@ rules: - create - delete - apiGroups: - - apps + - networking.k8s.io resources: - - statefulsets + - ingresses + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - '' + resources: + - persistentvolumeclaims verbs: - get - list @@ -364,6 +380,12 @@ rules: - patch - update - delete + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - use --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/tests/golden/openshift/appcat/appcat/20_plans_vshn_nextcloud.yaml b/tests/golden/openshift/appcat/appcat/20_plans_vshn_nextcloud.yaml new file mode 100644 index 000000000..e7f1fc1f6 --- /dev/null +++ b/tests/golden/openshift/appcat/appcat/20_plans_vshn_nextcloud.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + plans: '{"standard-2": {"size": {"cpu": "500m", "disk": "16Gi", "enabled": true, + "memory": "2Gi"}}, "standard-4": {"size": {"cpu": "1", "disk": "16Gi", "enabled": + true, "memory": "4Gi"}}, "standard-8": {"size": {"cpu": "2", "disk": "16Gi", "enabled": + true, "memory": "8Gi"}}}' +kind: ConfigMap +metadata: + annotations: {} + labels: + name: vshnnextcloudplans + name: vshnnextcloudplans + namespace: syn-appcat diff --git a/tests/golden/openshift/appcat/appcat/20_rbac_vshn_nextcloud.yaml b/tests/golden/openshift/appcat/appcat/20_rbac_vshn_nextcloud.yaml new file mode 100644 index 000000000..8b4ce6b60 --- /dev/null +++ b/tests/golden/openshift/appcat/appcat/20_rbac_vshn_nextcloud.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + rbac.authorization.k8s.io/aggregate-to-view: 'true' + name: appcat:composite:xvshnnextclouds.vshn.appcat.vshn.io:claim-view +rules: + - apiGroups: + - vshn.appcat.vshn.io + resources: + - vshnnextclouds + - vshnnextclouds/status + - vshnnextclouds/finalizers + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + rbac.authorization.k8s.io/aggregate-to-admin: 'true' + rbac.authorization.k8s.io/aggregate-to-edit: 'true' + name: appcat:composite:xvshnnextclouds.vshn.appcat.vshn.io:claim-edit +rules: + - apiGroups: + - vshn.appcat.vshn.io + resources: + - vshnnextclouds + - vshnnextclouds/status + - vshnnextclouds/finalizers + verbs: + - '*' diff --git a/tests/golden/openshift/appcat/appcat/20_role_vshn_nextcloud_restore.yaml b/tests/golden/openshift/appcat/appcat/20_role_vshn_nextcloud_restore.yaml new file mode 100644 index 000000000..aab8fb8b9 --- /dev/null +++ b/tests/golden/openshift/appcat/appcat/20_role_vshn_nextcloud_restore.yaml @@ -0,0 +1,80 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + name: crossplane-appcat-job-nextcloud-restorejob + name: crossplane:appcat:job:nextcloud:restorejob +rules: + - apiGroups: + - vshn.appcat.vshn.io + resources: + - '*' + verbs: + - get + - apiGroups: + - k8up.io + resources: + - snapshots + verbs: + - get + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - create + - delete + - apiGroups: + - apps + resources: + - statefulsets/scale + verbs: + - update + - patch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - apiGroups: + - '' + resources: + - events + verbs: + - get + - create + - patch +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + name: nextcloudserviceaccount + name: nextcloudserviceaccount + namespace: syn-appcat-control +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: {} + labels: + name: appcat-job-nextcloud-restorejob + name: appcat:job:nextcloud:restorejob +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: crossplane:appcat:job:nextcloud:restorejob +subjects: + - kind: ServiceAccount + name: nextcloudserviceaccount + namespace: syn-appcat-control diff --git a/tests/golden/openshift/appcat/appcat/20_xrd_vshn_nextcloud.yaml b/tests/golden/openshift/appcat/appcat/20_xrd_vshn_nextcloud.yaml new file mode 100644 index 000000000..301e32f80 --- /dev/null +++ b/tests/golden/openshift/appcat/appcat/20_xrd_vshn_nextcloud.yaml @@ -0,0 +1,11994 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: '10' + labels: + name: xvshnnextclouds.vshn.appcat.vshn.io + name: xvshnnextclouds.vshn.appcat.vshn.io +spec: + claimNames: + kind: VSHNNextcloud + plural: vshnnextclouds + connectionSecretKeys: + - NEXTCLOUD_HOST + - NEXTCLOUD_PASSWORD + - NEXTCLOUD_URL + - NEXTCLOUD_USERNAME + - ca.crt + defaultCompositionRef: + name: vshnnextcloud.vshn.appcat.vshn.io + group: vshn.appcat.vshn.io + names: + kind: XVSHNNextcloud + plural: xvshnnextclouds + versions: + - name: v1 + referenceable: true + schema: + openAPIV3Schema: + description: VSHNNextcloud is the API for creating nextcloud instances. + properties: + spec: + description: Spec defines the desired state of a VSHNNextcloud. + properties: + parameters: + default: {} + description: Parameters are the configurable fields of a VSHNNextcloud. + properties: + backup: + default: {} + description: Backup contains settings to control how the instance + should get backed up. + properties: + retention: + description: K8upRetentionPolicy describes the retention + configuration for a K8up backup. + properties: + keepDaily: + default: 6 + type: integer + keepHourly: + type: integer + keepLast: + type: integer + keepMonthly: + type: integer + keepWeekly: + type: integer + keepYearly: + type: integer + type: object + schedule: + pattern: ^(\*|([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])|\*\/([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])) + (\*|([0-9]|1[0-9]|2[0-3])|\*\/([0-9]|1[0-9]|2[0-3])) (\*|([1-9]|1[0-9]|2[0-9]|3[0-1])|\*\/([1-9]|1[0-9]|2[0-9]|3[0-1])) + (\*|([1-9]|1[0-2])|\*\/([1-9]|1[0-2])) (\*|([0-6])|\*\/([0-6]))$ + type: string + type: object + instances: + default: 1 + description: |- + Instances configures the number of Nextcloud instances for the cluster. + Each instance contains one Nextcloud server. + maximum: 3 + minimum: 1 + type: integer + maintenance: + description: Maintenance contains settings to control the maintenance + of an instance. + properties: + dayOfWeek: + description: |- + DayOfWeek specifies at which weekday the maintenance is held place. + Allowed values are [monday, tuesday, wednesday, thursday, friday, saturday, sunday] + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + timeOfDay: + description: |- + TimeOfDay for installing updates in UTC. + Format: "hh:mm:ss". + pattern: ^([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$ + type: string + type: object + monitoring: + description: Monitoring contains settings to control monitoring. + properties: + alertmanagerConfigRef: + description: |- + AlertmanagerConfigRef contains the name of the AlertmanagerConfig that should be copied over to the + namespace of the instance. + type: string + alertmanagerConfigSecretRef: + description: |- + AlertmanagerConfigSecretRef contains the name of the secret that is used + in the referenced AlertmanagerConfig + type: string + alertmanagerConfigTemplate: + description: |- + AlertmanagerConfigSpecTemplate takes an AlertmanagerConfigSpec object. + This takes precedence over the AlertmanagerConfigRef. + properties: + inhibitRules: + description: |- + List of inhibition rules. The rules will only apply to alerts matching + the resource's namespace. + items: + description: |- + InhibitRule defines an inhibition rule that allows to mute alerts when other + alerts are already firing. + See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule + properties: + equal: + description: |- + Labels that must have an equal value in the source and target alert for + the inhibition to take effect. + items: + type: string + type: array + sourceMatch: + description: |- + Matchers for which one or more alerts have to exist for the inhibition + to take effect. The operator enforces that the alert matches the + resource's namespace. + items: + description: Matcher defines how to match on + alert's labels. + properties: + matchType: + description: |- + Match operation available with AlertManager >= v0.22.0 and + takes precedence over Regex (deprecated) if non-empty. + enum: + - '!=' + - '=' + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: |- + Whether to match on equality (false) or regular-expression (true). + Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + targetMatch: + description: |- + Matchers that have to be fulfilled in the alerts to be muted. The + operator enforces that the alert matches the resource's namespace. + items: + description: Matcher defines how to match on + alert's labels. + properties: + matchType: + description: |- + Match operation available with AlertManager >= v0.22.0 and + takes precedence over Regex (deprecated) if non-empty. + enum: + - '!=' + - '=' + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: |- + Whether to match on equality (false) or regular-expression (true). + Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + type: object + type: array + muteTimeIntervals: + description: List of MuteTimeInterval specifying when + the routes should be muted. + items: + description: MuteTimeInterval specifies the periods + in time when notifications will be muted + properties: + name: + description: Name of the time interval + type: string + timeIntervals: + description: TimeIntervals is a list of TimeInterval + items: + description: TimeInterval describes intervals + of time + properties: + daysOfMonth: + description: DaysOfMonth is a list of DayOfMonthRange + items: + description: DayOfMonthRange is an inclusive + range of days of the month beginning + at 1 + properties: + end: + description: End of the inclusive + range + maximum: 31 + minimum: -31 + type: integer + start: + description: Start of the inclusive + range + maximum: 31 + minimum: -31 + type: integer + type: object + type: array + months: + description: Months is a list of MonthRange + items: + description: |- + MonthRange is an inclusive range of months of the year beginning in January + Months can be specified by name (e.g 'January') by numerical month (e.g '1') or as an inclusive range (e.g 'January:March', '1:3', '1:March') + pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12]))$)|$) + type: string + type: array + times: + description: Times is a list of TimeRange + items: + description: TimeRange defines a start + and end time in 24hr format + properties: + endTime: + description: EndTime is the end time + in 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + startTime: + description: StartTime is the start + time in 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + type: object + type: array + weekdays: + description: Weekdays is a list of WeekdayRange + items: + description: |- + WeekdayRange is an inclusive range of days of the week beginning on Sunday + Days can be specified by name (e.g 'Sunday') or as an inclusive range (e.g 'Monday:Friday') + pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$) + type: string + type: array + years: + description: Years is a list of YearRange + items: + description: YearRange is an inclusive + range of years + pattern: ^2\d{3}(?::2\d{3}|$) + type: string + type: array + type: object + type: array + type: object + type: array + receivers: + description: List of receivers. + items: + description: Receiver defines one or more notification + integrations. + properties: + emailConfigs: + description: List of Email configurations. + items: + description: EmailConfig configures notifications + via Email. + properties: + authIdentity: + description: The identity to use for authentication. + type: string + authPassword: + description: |- + The secret's key that contains the password to use for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authSecret: + description: |- + The secret's key that contains the CRAM-MD5 secret. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authUsername: + description: The username to use for authentication. + type: string + from: + description: The sender address. + type: string + headers: + description: |- + Further headers email header key/value pairs. Overrides any headers + previously set by the notification implementation. + items: + description: KeyValue defines a (key, + value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + hello: + description: The hostname to identify to + the SMTP server. + type: string + html: + description: The HTML body of the email + notification. + type: string + requireTLS: + description: |- + The SMTP TLS requirement. + Note that Go does not support unencrypted connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + smarthost: + description: The SMTP host and port through + which emails are sent. E.g. example.com:25 + type: string + text: + description: The text body of the email + notification. + type: string + tlsConfig: + description: TLS configuration + properties: + ca: + description: Certificate authority used + when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data + to use for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data + to use for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname + for the targets. + type: string + type: object + to: + description: The email address to send notifications + to. + type: string + type: object + type: array + name: + description: Name of the receiver. Must be unique + across all items from the list. + minLength: 1 + type: string + opsgenieConfigs: + description: List of OpsGenie configurations. + items: + description: |- + OpsGenieConfig configures notifications via OpsGenie. + See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + actions: + description: Comma separated list of actions + that will be available for the alert. + type: string + apiKey: + description: |- + The secret's key that contains the OpsGenie API key. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: The URL to send OpsGenie API + requests to. + type: string + description: + description: Description of the incident. + type: string + details: + description: A set of arbitrary key/value + pairs that provide further detail about + the incident. + items: + description: KeyValue defines a (key, + value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entity: + description: Optional field that can be + used to specify which domain alert is + related to. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: Alert text limited to 130 characters. + type: string + note: + description: Additional alert note. + type: string + priority: + description: Priority level of alert. Possible + values are P1, P2, P3, P4, and P5. + type: string + responders: + description: List of responders responsible + for notifications. + items: + description: |- + OpsGenieConfigResponder defines a responder to an incident. + One of `id`, `name` or `username` has to be defined. + properties: + id: + description: ID of the responder. + type: string + name: + description: Name of the responder. + type: string + type: + description: Type of responder. + enum: + - team + - teams + - user + - escalation + - schedule + minLength: 1 + type: string + username: + description: Username of the responder. + type: string + required: + - type + type: object + type: array + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + source: + description: Backlink to the sender of the + notification. + type: string + tags: + description: Comma separated list of tags + attached to the notifications. + type: string + updateAlerts: + description: |- + Whether to update message and description of the alert in OpsGenie if it already exists + By default, the alert is never updated in OpsGenie, the new message only appears in activity log. + type: boolean + type: object + type: array + pagerdutyConfigs: + description: List of PagerDuty configurations. + items: + description: |- + PagerDutyConfig configures notifications via PagerDuty. + See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config + properties: + class: + description: The class/type of the event. + type: string + client: + description: Client identification. + type: string + clientURL: + description: Backlink to the sender of notification. + type: string + component: + description: The part or component of the + affected system that is broken. + type: string + description: + description: Description of the incident. + type: string + details: + description: Arbitrary key/value pairs that + provide further detail about the incident. + items: + description: KeyValue defines a (key, + value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + group: + description: A cluster or grouping of sources. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + pagerDutyImageConfigs: + description: A list of image details to + attach that provide further detail about + an incident. + items: + description: PagerDutyImageConfig attaches + images to an incident + properties: + alt: + description: Alt is the optional alternative + text for the image. + type: string + href: + description: Optional URL; makes the + image a clickable link. + type: string + src: + description: Src of the image being + attached to the incident + type: string + type: object + type: array + pagerDutyLinkConfigs: + description: A list of link details to attach + that provide further detail about an incident. + items: + description: PagerDutyLinkConfig attaches + text links to an incident + properties: + alt: + description: Text that describes the + purpose of the link, and can be + used as the link's text. + type: string + href: + description: Href is the URL of the + link to be attached + type: string + type: object + type: array + routingKey: + description: |- + The secret's key that contains the PagerDuty integration key (when using + Events API v2). Either this field or `serviceKey` needs to be defined. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + serviceKey: + description: |- + The secret's key that contains the PagerDuty service key (when using + integration type "Prometheus"). Either this field or `routingKey` needs to + be defined. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + severity: + description: Severity of the incident. + type: string + url: + description: The URL to send requests to. + type: string + type: object + type: array + pushoverConfigs: + description: List of Pushover configurations. + items: + description: |- + PushoverConfig configures notifications via Pushover. + See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + properties: + expire: + description: |- + How long your notification will continue to be retried for, unless the user + acknowledges the notification. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + html: + description: Whether notification message + is HTML or plain text. + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: Notification message. + type: string + priority: + description: Priority, see https://pushover.net/api#priority + type: string + retry: + description: |- + How often the Pushover servers will send the same notification to the user. + Must be at least 30 seconds. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + sound: + description: The name of one of the sounds + supported by device clients to override + the user's default sound choice + type: string + title: + description: Notification title. + type: string + token: + description: |- + The secret's key that contains the registered application's API token, see https://pushover.net/apps. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + description: A supplementary URL shown alongside + the message. + type: string + urlTitle: + description: A title for supplementary URL, + otherwise just the URL is shown + type: string + userKey: + description: |- + The secret's key that contains the recipient user's user key. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + slackConfigs: + description: List of Slack configurations. + items: + description: |- + SlackConfig configures notifications via Slack. + See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + properties: + actions: + description: A list of Slack actions that + are sent with each notification. + items: + description: |- + SlackAction configures a single Slack action that is sent with each + notification. + See https://api.slack.com/docs/message-attachments#action_fields and + https://api.slack.com/docs/message-buttons for more information. + properties: + confirm: + description: |- + SlackConfirmationField protect users from destructive actions or + particularly distinguished decisions by asking them to confirm their button + click one more time. + See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields + for more information. + properties: + dismissText: + type: string + okText: + type: string + text: + minLength: 1 + type: string + title: + type: string + required: + - text + type: object + name: + type: string + style: + type: string + text: + minLength: 1 + type: string + type: + minLength: 1 + type: string + url: + type: string + value: + type: string + required: + - text + - type + type: object + type: array + apiURL: + description: |- + The secret's key that contains the Slack webhook URL. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + callbackId: + type: string + channel: + description: The channel or user to send + notifications to. + type: string + color: + type: string + fallback: + type: string + fields: + description: A list of Slack fields that + are sent with each notification. + items: + description: |- + SlackField configures a single Slack field that is sent with each notification. + Each field must contain a title, value, and optionally, a boolean value to indicate if the field + is short enough to be displayed next to other fields designated as short. + See https://api.slack.com/docs/message-attachments#fields for more information. + properties: + short: + type: boolean + title: + minLength: 1 + type: string + value: + minLength: 1 + type: string + required: + - title + - value + type: object + type: array + footer: + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + iconEmoji: + type: string + iconURL: + type: string + imageURL: + type: string + linkNames: + type: boolean + mrkdwnIn: + items: + type: string + type: array + pretext: + type: string + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + shortFields: + type: boolean + text: + type: string + thumbURL: + type: string + title: + type: string + titleLink: + type: string + username: + type: string + type: object + type: array + snsConfigs: + description: List of SNS configurations + items: + description: |- + SNSConfig configures notifications via AWS SNS. + See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs + properties: + apiURL: + description: |- + The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. + If not specified, the SNS API URL from the SNS SDK will be used. + type: string + attributes: + additionalProperties: + type: string + description: SNS message attributes. + type: object + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: The message content of the + SNS notification. + type: string + phoneNumber: + description: |- + Phone number if message is delivered via SMS in E.164 format. + If you don't specify this value, you must specify a value for the TopicARN or TargetARN. + type: string + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + sigv4: + description: Configures AWS's Signature + Verification 4 signing process to sign + requests. + properties: + accessKey: + description: AccessKey is the AWS API + key. If blank, the environment variable + `AWS_ACCESS_KEY_ID` is used. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: Profile is the named AWS + profile used to authenticate. + type: string + region: + description: Region is the AWS region. + If blank, the region from the default + credentials chain used. + type: string + roleArn: + description: RoleArn is the named AWS + profile used to authenticate. + type: string + secretKey: + description: SecretKey is the AWS API + secret. If blank, the environment + variable `AWS_SECRET_ACCESS_KEY` is + used. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + subject: + description: Subject line when the message + is delivered to email endpoints. + type: string + targetARN: + description: |- + The mobile platform endpoint ARN if message is delivered via mobile notifications. + If you don't specify this value, you must specify a value for the topic_arn or PhoneNumber. + type: string + topicARN: + description: |- + SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic + If you don't specify this value, you must specify a value for the PhoneNumber or TargetARN. + type: string + type: object + type: array + telegramConfigs: + description: List of Telegram configurations. + items: + description: |- + TelegramConfig configures notifications via Telegram. + See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config + properties: + apiURL: + description: |- + The Telegram API URL i.e. https://api.telegram.org. + If not specified, default API URL will be used. + type: string + botToken: + description: |- + Telegram bot token + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + chatID: + description: The Telegram chat ID. + format: int64 + type: integer + disableNotifications: + description: Disable telegram notifications + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: Message template + type: string + parseMode: + description: Parse mode for telegram message + enum: + - MarkdownV2 + - Markdown + - HTML + type: string + sendResolved: + description: Whether to notify about resolved + alerts. + type: boolean + type: object + type: array + victoropsConfigs: + description: List of VictorOps configurations. + items: + description: |- + VictorOpsConfig configures notifications via VictorOps. + See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: |- + The secret's key that contains the API key to use when talking to the VictorOps API. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiUrl: + description: The VictorOps API URL. + type: string + customFields: + description: Additional custom fields for + notification. + items: + description: KeyValue defines a (key, + value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entityDisplayName: + description: Contains summary of the alerted + problem. + type: string + httpConfig: + description: The HTTP client's configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + messageType: + description: Describes the behavior of the + alert (CRITICAL, WARNING, INFO). + type: string + monitoringTool: + description: The monitoring tool the state + message is from. + type: string + routingKey: + description: A key used to map the alert + to a team. + type: string + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + stateMessage: + description: Contains long explanation of + the alerted problem. + type: string + type: object + type: array + webhookConfigs: + description: List of webhook configurations. + items: + description: |- + WebhookConfig configures notifications via a generic receiver supporting the webhook payload. + See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + maxAlerts: + description: Maximum number of alerts to + be sent per webhook message. When 0, all + alerts are included. + format: int32 + minimum: 0 + type: integer + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + url: + description: |- + The URL to send HTTP POST requests to. `urlSecret` takes precedence over + `url`. One of `urlSecret` and `url` should be defined. + type: string + urlSecret: + description: |- + The secret's key that contains the webhook URL to send HTTP requests to. + `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` + should be defined. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + wechatConfigs: + description: List of WeChat configurations. + items: + description: |- + WeChatConfig configures notifications via WeChat. + See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config + properties: + agentID: + type: string + apiSecret: + description: |- + The secret's key that contains the WeChat API key. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: The WeChat API URL. + type: string + corpID: + description: The corp id for authentication. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: API request data as defined + by the WeChat API. + type: string + messageType: + type: string + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + toParty: + type: string + toTag: + type: string + toUser: + type: string + type: object + type: array + required: + - name + type: object + type: array + route: + description: |- + The Alertmanager route definition for alerts matching the resource's + namespace. If present, it will be added to the generated Alertmanager + configuration as a first-level route. + properties: + activeTimeIntervals: + description: ActiveTimeIntervals is a list of MuteTimeInterval + names when this route should be active. + items: + type: string + type: array + continue: + description: |- + Boolean indicating whether an alert should continue matching subsequent + sibling nodes. It will always be overridden to true for the first-level + route by the Prometheus operator. + type: boolean + groupBy: + description: |- + List of labels to group by. + Labels must not be repeated (unique list). + Special label "..." (aggregate by all possible labels), if provided, must be the only element in the list. + items: + type: string + type: array + groupInterval: + description: |- + How long to wait before sending an updated notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "5m" + type: string + groupWait: + description: |- + How long to wait before sending the initial notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "30s" + type: string + matchers: + description: |- + List of matchers that the alert's labels should match. For the first + level route, the operator removes any existing equality and regexp + matcher on the `namespace` label and adds a `namespace: ` matcher. + items: + description: Matcher defines how to match on alert's + labels. + properties: + matchType: + description: |- + Match operation available with AlertManager >= v0.22.0 and + takes precedence over Regex (deprecated) if non-empty. + enum: + - '!=' + - '=' + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: |- + Whether to match on equality (false) or regular-expression (true). + Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + muteTimeIntervals: + description: |- + Note: this comment applies to the field definition above but appears + below otherwise it gets included in the generated manifest. + CRD schema doesn't support self-referential types for now (see + https://github.com/kubernetes/kubernetes/issues/62872). We have to use + an alternative type to circumvent the limitation. The downside is that + the Kube API can't validate the data beyond the fact that it is a valid + JSON representation. + MuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched, + items: + type: string + type: array + receiver: + description: |- + Name of the receiver for this route. If not empty, it should be listed in + the `receivers` field. + type: string + repeatInterval: + description: |- + How long to wait before repeating the last notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "4h" + type: string + routes: + description: Child routes. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + email: + description: Email necessary to send alerts via email + type: string + type: object + restore: + description: Restore contains settings to control the restore + of an instance. + properties: + backupName: + description: BackupName is the name of the specific backup + you want to restore. + type: string + claimName: + description: |- + ClaimName specifies the name of the instance you want to restore from. + The claim has to be in the same namespace as this new instance. + type: string + type: object + scheduling: + description: Scheduling contains settings to control the scheduling + of an instance. + properties: + nodeSelector: + additionalProperties: + type: string + description: "NodeSelector is a selector which must match\ + \ a node\u2019s labels for the pod to be scheduled on\ + \ that node" + type: object + type: object + security: + default: {} + description: Security defines the security of a service + properties: + allowAllNamespaces: + default: false + description: AllowAllNamespaces allows the service to be + accessible from all namespaces, this supersedes the AllowedNamespaces + field + type: boolean + allowedGroups: + description: AllowedGroups defines a list of Groups that + have limited access to the instance namespace + items: + type: string + type: array + allowedNamespaces: + description: AllowedNamespaces defines a list of namespaces + from where the service can be reached in the claim namespace + items: + type: string + type: array + allowedUsers: + description: AllowedUsers defines a list of Users that have + limited access to instance namespace. + items: + type: string + type: array + deletionProtection: + default: true + description: DeletionProtection blocks the deletion of the + instance if it is enabled (enabled by default) + type: boolean + type: object + service: + collabora: + default: {} + description: Service contains nextcloud DBaaS specific properties + properties: + collabora: + properties: + enabled: + default: false + type: boolean + fqdn: + type: string + required: + - enabled + type: object + fqdn: + description: |- + FQDN contains the FQDN which will be used for the ingress. + If it's not set, no ingress will be deployed. + This also enables strict hostname checking for this FQDN. + type: string + postgreSQLParameters: + default: {} + description: |- + PostgreSQLParameters can be used to set any supported setting in the + underlying PostgreSQL instance. + properties: + backup: + description: Backup contains settings to control the + backups of an instance. + properties: + deletionProtection: + default: true + description: |- + DeletionProtection will protect the instance from being deleted for the given retention time. + This is enabled by default. + type: boolean + deletionRetention: + default: 7 + description: |- + DeletionRetention specifies in days how long the instance should be kept after deletion. + The default is keeping it one week. + type: integer + retention: + default: 6 + pattern: ^[1-9][0-9]*$ + type: integer + x-kubernetes-int-or-string: true + schedule: + pattern: ^(\*|([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])|\*\/([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])) + (\*|([0-9]|1[0-9]|2[0-3])|\*\/([0-9]|1[0-9]|2[0-3])) + (\*|([1-9]|1[0-9]|2[0-9]|3[0-1])|\*\/([1-9]|1[0-9]|2[0-9]|3[0-1])) + (\*|([1-9]|1[0-2])|\*\/([1-9]|1[0-2])) (\*|([0-6])|\*\/([0-6]))$ + type: string + type: object + encryption: + description: Encryption contains settings to control + the storage encryption of an instance. + properties: + enabled: + description: Enabled specifies if the instance should + use encrypted storage for the instance. + type: boolean + type: object + instances: + default: 1 + description: |- + Instances configures the number of PostgreSQL instances for the cluster. + Each instance contains one Postgres server. + Out of all Postgres servers, one is elected as the primary, the rest remain as read-only replicas. + maximum: 3 + minimum: 1 + type: integer + maintenance: + description: Maintenance contains settings to control + the maintenance of an instance. + properties: + dayOfWeek: + description: |- + DayOfWeek specifies at which weekday the maintenance is held place. + Allowed values are [monday, tuesday, wednesday, thursday, friday, saturday, sunday] + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + timeOfDay: + description: |- + TimeOfDay for installing updates in UTC. + Format: "hh:mm:ss". + pattern: ^([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$ + type: string + type: object + monitoring: + description: Monitoring contains settings to control + monitoring. + properties: + alertmanagerConfigRef: + description: |- + AlertmanagerConfigRef contains the name of the AlertmanagerConfig that should be copied over to the + namespace of the instance. + type: string + alertmanagerConfigSecretRef: + description: |- + AlertmanagerConfigSecretRef contains the name of the secret that is used + in the referenced AlertmanagerConfig + type: string + alertmanagerConfigTemplate: + description: |- + AlertmanagerConfigSpecTemplate takes an AlertmanagerConfigSpec object. + This takes precedence over the AlertmanagerConfigRef. + properties: + inhibitRules: + description: |- + List of inhibition rules. The rules will only apply to alerts matching + the resource's namespace. + items: + description: |- + InhibitRule defines an inhibition rule that allows to mute alerts when other + alerts are already firing. + See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule + properties: + equal: + description: |- + Labels that must have an equal value in the source and target alert for + the inhibition to take effect. + items: + type: string + type: array + sourceMatch: + description: |- + Matchers for which one or more alerts have to exist for the inhibition + to take effect. The operator enforces that the alert matches the + resource's namespace. + items: + description: Matcher defines how to + match on alert's labels. + properties: + matchType: + description: |- + Match operation available with AlertManager >= v0.22.0 and + takes precedence over Regex (deprecated) if non-empty. + enum: + - '!=' + - '=' + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: |- + Whether to match on equality (false) or regular-expression (true). + Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + targetMatch: + description: |- + Matchers that have to be fulfilled in the alerts to be muted. The + operator enforces that the alert matches the resource's namespace. + items: + description: Matcher defines how to + match on alert's labels. + properties: + matchType: + description: |- + Match operation available with AlertManager >= v0.22.0 and + takes precedence over Regex (deprecated) if non-empty. + enum: + - '!=' + - '=' + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: |- + Whether to match on equality (false) or regular-expression (true). + Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + type: object + type: array + muteTimeIntervals: + description: List of MuteTimeInterval specifying + when the routes should be muted. + items: + description: MuteTimeInterval specifies the + periods in time when notifications will + be muted + properties: + name: + description: Name of the time interval + type: string + timeIntervals: + description: TimeIntervals is a list of + TimeInterval + items: + description: TimeInterval describes + intervals of time + properties: + daysOfMonth: + description: DaysOfMonth is a list + of DayOfMonthRange + items: + description: DayOfMonthRange is + an inclusive range of days of + the month beginning at 1 + properties: + end: + description: End of the inclusive + range + maximum: 31 + minimum: -31 + type: integer + start: + description: Start of the + inclusive range + maximum: 31 + minimum: -31 + type: integer + type: object + type: array + months: + description: Months is a list of + MonthRange + items: + description: |- + MonthRange is an inclusive range of months of the year beginning in January + Months can be specified by name (e.g 'January') by numerical month (e.g '1') or as an inclusive range (e.g 'January:March', '1:3', '1:March') + pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12]))$)|$) + type: string + type: array + times: + description: Times is a list of + TimeRange + items: + description: TimeRange defines + a start and end time in 24hr + format + properties: + endTime: + description: EndTime is the + end time in 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + startTime: + description: StartTime is + the start time in 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + type: object + type: array + weekdays: + description: Weekdays is a list + of WeekdayRange + items: + description: |- + WeekdayRange is an inclusive range of days of the week beginning on Sunday + Days can be specified by name (e.g 'Sunday') or as an inclusive range (e.g 'Monday:Friday') + pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$) + type: string + type: array + years: + description: Years is a list of + YearRange + items: + description: YearRange is an inclusive + range of years + pattern: ^2\d{3}(?::2\d{3}|$) + type: string + type: array + type: object + type: array + type: object + type: array + receivers: + description: List of receivers. + items: + description: Receiver defines one or more + notification integrations. + properties: + emailConfigs: + description: List of Email configurations. + items: + description: EmailConfig configures + notifications via Email. + properties: + authIdentity: + description: The identity to use + for authentication. + type: string + authPassword: + description: |- + The secret's key that contains the password to use for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authSecret: + description: |- + The secret's key that contains the CRAM-MD5 secret. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authUsername: + description: The username to use + for authentication. + type: string + from: + description: The sender address. + type: string + headers: + description: |- + Further headers email header key/value pairs. Overrides any headers + previously set by the notification implementation. + items: + description: KeyValue defines + a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the + tuple. + type: string + required: + - key + - value + type: object + type: array + hello: + description: The hostname to identify + to the SMTP server. + type: string + html: + description: The HTML body of the + email notification. + type: string + requireTLS: + description: |- + The SMTP TLS requirement. + Note that Go does not support unencrypted connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + smarthost: + description: The SMTP host and port + through which emails are sent. + E.g. example.com:25 + type: string + text: + description: The text body of the + email notification. + type: string + tlsConfig: + description: TLS configuration + properties: + ca: + description: Certificate authority + used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key + to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key + to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for the + targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + to: + description: The email address to + send notifications to. + type: string + type: object + type: array + name: + description: Name of the receiver. Must + be unique across all items from the + list. + minLength: 1 + type: string + opsgenieConfigs: + description: List of OpsGenie configurations. + items: + description: |- + OpsGenieConfig configures notifications via OpsGenie. + See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + actions: + description: Comma separated list + of actions that will be available + for the alert. + type: string + apiKey: + description: |- + The secret's key that contains the OpsGenie API key. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: The URL to send OpsGenie + API requests to. + type: string + description: + description: Description of the + incident. + type: string + details: + description: A set of arbitrary + key/value pairs that provide further + detail about the incident. + items: + description: KeyValue defines + a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the + tuple. + type: string + required: + - key + - value + type: object + type: array + entity: + description: Optional field that + can be used to specify which domain + alert is related to. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the + credentials of the request + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects + specifies whether the client + should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for + the targets. + properties: + clientId: + description: The secret + or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret + containing the OAuth2 + client secret + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters + to append to the token + URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to + fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy + URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate + authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + message: + description: Alert text limited + to 130 characters. + type: string + note: + description: Additional alert note. + type: string + priority: + description: Priority level of alert. + Possible values are P1, P2, P3, + P4, and P5. + type: string + responders: + description: List of responders + responsible for notifications. + items: + description: |- + OpsGenieConfigResponder defines a responder to an incident. + One of `id`, `name` or `username` has to be defined. + properties: + id: + description: ID of the responder. + type: string + name: + description: Name of the responder. + type: string + type: + description: Type of responder. + enum: + - team + - teams + - user + - escalation + - schedule + minLength: 1 + type: string + username: + description: Username of the + responder. + type: string + required: + - type + type: object + type: array + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + source: + description: Backlink to the sender + of the notification. + type: string + tags: + description: Comma separated list + of tags attached to the notifications. + type: string + updateAlerts: + description: |- + Whether to update message and description of the alert in OpsGenie if it already exists + By default, the alert is never updated in OpsGenie, the new message only appears in activity log. + type: boolean + type: object + type: array + pagerdutyConfigs: + description: List of PagerDuty configurations. + items: + description: |- + PagerDutyConfig configures notifications via PagerDuty. + See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config + properties: + class: + description: The class/type of the + event. + type: string + client: + description: Client identification. + type: string + clientURL: + description: Backlink to the sender + of notification. + type: string + component: + description: The part or component + of the affected system that is + broken. + type: string + description: + description: Description of the + incident. + type: string + details: + description: Arbitrary key/value + pairs that provide further detail + about the incident. + items: + description: KeyValue defines + a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the + tuple. + type: string + required: + - key + - value + type: object + type: array + group: + description: A cluster or grouping + of sources. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the + credentials of the request + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects + specifies whether the client + should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for + the targets. + properties: + clientId: + description: The secret + or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret + containing the OAuth2 + client secret + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters + to append to the token + URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to + fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy + URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate + authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + pagerDutyImageConfigs: + description: A list of image details + to attach that provide further + detail about an incident. + items: + description: PagerDutyImageConfig + attaches images to an incident + properties: + alt: + description: Alt is the optional + alternative text for the + image. + type: string + href: + description: Optional URL; + makes the image a clickable + link. + type: string + src: + description: Src of the image + being attached to the incident + type: string + type: object + type: array + pagerDutyLinkConfigs: + description: A list of link details + to attach that provide further + detail about an incident. + items: + description: PagerDutyLinkConfig + attaches text links to an incident + properties: + alt: + description: Text that describes + the purpose of the link, + and can be used as the link's + text. + type: string + href: + description: Href is the URL + of the link to be attached + type: string + type: object + type: array + routingKey: + description: |- + The secret's key that contains the PagerDuty integration key (when using + Events API v2). Either this field or `serviceKey` needs to be defined. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + serviceKey: + description: |- + The secret's key that contains the PagerDuty service key (when using + integration type "Prometheus"). Either this field or `routingKey` needs to + be defined. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + severity: + description: Severity of the incident. + type: string + url: + description: The URL to send requests + to. + type: string + type: object + type: array + pushoverConfigs: + description: List of Pushover configurations. + items: + description: |- + PushoverConfig configures notifications via Pushover. + See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + properties: + expire: + description: |- + How long your notification will continue to be retried for, unless the user + acknowledges the notification. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + html: + description: Whether notification + message is HTML or plain text. + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the + credentials of the request + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects + specifies whether the client + should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for + the targets. + properties: + clientId: + description: The secret + or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret + containing the OAuth2 + client secret + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters + to append to the token + URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to + fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy + URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate + authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + message: + description: Notification message. + type: string + priority: + description: Priority, see https://pushover.net/api#priority + type: string + retry: + description: |- + How often the Pushover servers will send the same notification to the user. + Must be at least 30 seconds. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + sound: + description: The name of one of + the sounds supported by device + clients to override the user's + default sound choice + type: string + title: + description: Notification title. + type: string + token: + description: |- + The secret's key that contains the registered application's API token, see https://pushover.net/apps. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + description: A supplementary URL + shown alongside the message. + type: string + urlTitle: + description: A title for supplementary + URL, otherwise just the URL is + shown + type: string + userKey: + description: |- + The secret's key that contains the recipient user's user key. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + slackConfigs: + description: List of Slack configurations. + items: + description: |- + SlackConfig configures notifications via Slack. + See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + properties: + actions: + description: A list of Slack actions + that are sent with each notification. + items: + description: |- + SlackAction configures a single Slack action that is sent with each + notification. + See https://api.slack.com/docs/message-attachments#action_fields and + https://api.slack.com/docs/message-buttons for more information. + properties: + confirm: + description: |- + SlackConfirmationField protect users from destructive actions or + particularly distinguished decisions by asking them to confirm their button + click one more time. + See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields + for more information. + properties: + dismissText: + type: string + okText: + type: string + text: + minLength: 1 + type: string + title: + type: string + required: + - text + type: object + name: + type: string + style: + type: string + text: + minLength: 1 + type: string + type: + minLength: 1 + type: string + url: + type: string + value: + type: string + required: + - text + - type + type: object + type: array + apiURL: + description: |- + The secret's key that contains the Slack webhook URL. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + callbackId: + type: string + channel: + description: The channel or user + to send notifications to. + type: string + color: + type: string + fallback: + type: string + fields: + description: A list of Slack fields + that are sent with each notification. + items: + description: |- + SlackField configures a single Slack field that is sent with each notification. + Each field must contain a title, value, and optionally, a boolean value to indicate if the field + is short enough to be displayed next to other fields designated as short. + See https://api.slack.com/docs/message-attachments#fields for more information. + properties: + short: + type: boolean + title: + minLength: 1 + type: string + value: + minLength: 1 + type: string + required: + - title + - value + type: object + type: array + footer: + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the + credentials of the request + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects + specifies whether the client + should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for + the targets. + properties: + clientId: + description: The secret + or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret + containing the OAuth2 + client secret + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters + to append to the token + URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to + fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy + URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate + authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + iconEmoji: + type: string + iconURL: + type: string + imageURL: + type: string + linkNames: + type: boolean + mrkdwnIn: + items: + type: string + type: array + pretext: + type: string + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + shortFields: + type: boolean + text: + type: string + thumbURL: + type: string + title: + type: string + titleLink: + type: string + username: + type: string + type: object + type: array + snsConfigs: + description: List of SNS configurations + items: + description: |- + SNSConfig configures notifications via AWS SNS. + See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs + properties: + apiURL: + description: |- + The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. + If not specified, the SNS API URL from the SNS SDK will be used. + type: string + attributes: + additionalProperties: + type: string + description: SNS message attributes. + type: object + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the + credentials of the request + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects + specifies whether the client + should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for + the targets. + properties: + clientId: + description: The secret + or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret + containing the OAuth2 + client secret + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters + to append to the token + URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to + fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy + URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate + authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + message: + description: The message content + of the SNS notification. + type: string + phoneNumber: + description: |- + Phone number if message is delivered via SMS in E.164 format. + If you don't specify this value, you must specify a value for the TopicARN or TargetARN. + type: string + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + sigv4: + description: Configures AWS's Signature + Verification 4 signing process + to sign requests. + properties: + accessKey: + description: AccessKey is the + AWS API key. If blank, the + environment variable `AWS_ACCESS_KEY_ID` + is used. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: Profile is the + named AWS profile used to + authenticate. + type: string + region: + description: Region is the AWS + region. If blank, the region + from the default credentials + chain used. + type: string + roleArn: + description: RoleArn is the + named AWS profile used to + authenticate. + type: string + secretKey: + description: SecretKey is the + AWS API secret. If blank, + the environment variable `AWS_SECRET_ACCESS_KEY` + is used. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + subject: + description: Subject line when the + message is delivered to email + endpoints. + type: string + targetARN: + description: |- + The mobile platform endpoint ARN if message is delivered via mobile notifications. + If you don't specify this value, you must specify a value for the topic_arn or PhoneNumber. + type: string + topicARN: + description: |- + SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic + If you don't specify this value, you must specify a value for the PhoneNumber or TargetARN. + type: string + type: object + type: array + telegramConfigs: + description: List of Telegram configurations. + items: + description: |- + TelegramConfig configures notifications via Telegram. + See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config + properties: + apiURL: + description: |- + The Telegram API URL i.e. https://api.telegram.org. + If not specified, default API URL will be used. + type: string + botToken: + description: |- + Telegram bot token + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + chatID: + description: The Telegram chat ID. + format: int64 + type: integer + disableNotifications: + description: Disable telegram notifications + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the + credentials of the request + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects + specifies whether the client + should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for + the targets. + properties: + clientId: + description: The secret + or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret + containing the OAuth2 + client secret + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters + to append to the token + URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to + fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy + URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate + authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + message: + description: Message template + type: string + parseMode: + description: Parse mode for telegram + message + enum: + - MarkdownV2 + - Markdown + - HTML + type: string + sendResolved: + description: Whether to notify about + resolved alerts. + type: boolean + type: object + type: array + victoropsConfigs: + description: List of VictorOps configurations. + items: + description: |- + VictorOpsConfig configures notifications via VictorOps. + See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: |- + The secret's key that contains the API key to use when talking to the VictorOps API. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiUrl: + description: The VictorOps API URL. + type: string + customFields: + description: Additional custom fields + for notification. + items: + description: KeyValue defines + a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the + tuple. + type: string + required: + - key + - value + type: object + type: array + entityDisplayName: + description: Contains summary of + the alerted problem. + type: string + httpConfig: + description: The HTTP client's configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the + credentials of the request + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects + specifies whether the client + should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for + the targets. + properties: + clientId: + description: The secret + or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret + containing the OAuth2 + client secret + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters + to append to the token + URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to + fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy + URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate + authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + messageType: + description: Describes the behavior + of the alert (CRITICAL, WARNING, + INFO). + type: string + monitoringTool: + description: The monitoring tool + the state message is from. + type: string + routingKey: + description: A key used to map the + alert to a team. + type: string + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + stateMessage: + description: Contains long explanation + of the alerted problem. + type: string + type: object + type: array + webhookConfigs: + description: List of webhook configurations. + items: + description: |- + WebhookConfig configures notifications via a generic receiver supporting the webhook payload. + See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the + credentials of the request + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects + specifies whether the client + should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for + the targets. + properties: + clientId: + description: The secret + or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret + containing the OAuth2 + client secret + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters + to append to the token + URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to + fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy + URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate + authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + maxAlerts: + description: Maximum number of alerts + to be sent per webhook message. + When 0, all alerts are included. + format: int32 + minimum: 0 + type: integer + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + url: + description: |- + The URL to send HTTP POST requests to. `urlSecret` takes precedence over + `url`. One of `urlSecret` and `url` should be defined. + type: string + urlSecret: + description: |- + The secret's key that contains the webhook URL to send HTTP requests to. + `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` + should be defined. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + wechatConfigs: + description: List of WeChat configurations. + items: + description: |- + WeChatConfig configures notifications via WeChat. + See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config + properties: + agentID: + type: string + apiSecret: + description: |- + The secret's key that contains the WeChat API key. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: The WeChat API URL. + type: string + corpID: + description: The corp id for authentication. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the + credentials of the request + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects + specifies whether the client + should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for + the targets. + properties: + clientId: + description: The secret + or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret + containing the OAuth2 + client secret + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters + to append to the token + URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to + fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy + URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate + authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap + containing data to + use for the targets. + properties: + key: + description: The + key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret + containing data to + use for the targets. + properties: + key: + description: The + key of the secret + to select from. Must + be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key + of the secret to select + from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify + whether the Secret + or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + message: + description: API request data as + defined by the WeChat API. + type: string + messageType: + type: string + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + toParty: + type: string + toTag: + type: string + toUser: + type: string + type: object + type: array + required: + - name + type: object + type: array + route: + description: |- + The Alertmanager route definition for alerts matching the resource's + namespace. If present, it will be added to the generated Alertmanager + configuration as a first-level route. + properties: + activeTimeIntervals: + description: ActiveTimeIntervals is a list + of MuteTimeInterval names when this route + should be active. + items: + type: string + type: array + continue: + description: |- + Boolean indicating whether an alert should continue matching subsequent + sibling nodes. It will always be overridden to true for the first-level + route by the Prometheus operator. + type: boolean + groupBy: + description: |- + List of labels to group by. + Labels must not be repeated (unique list). + Special label "..." (aggregate by all possible labels), if provided, must be the only element in the list. + items: + type: string + type: array + groupInterval: + description: |- + How long to wait before sending an updated notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "5m" + type: string + groupWait: + description: |- + How long to wait before sending the initial notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "30s" + type: string + matchers: + description: |- + List of matchers that the alert's labels should match. For the first + level route, the operator removes any existing equality and regexp + matcher on the `namespace` label and adds a `namespace: ` matcher. + items: + description: Matcher defines how to match + on alert's labels. + properties: + matchType: + description: |- + Match operation available with AlertManager >= v0.22.0 and + takes precedence over Regex (deprecated) if non-empty. + enum: + - '!=' + - '=' + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: |- + Whether to match on equality (false) or regular-expression (true). + Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + muteTimeIntervals: + description: |- + Note: this comment applies to the field definition above but appears + below otherwise it gets included in the generated manifest. + CRD schema doesn't support self-referential types for now (see + https://github.com/kubernetes/kubernetes/issues/62872). We have to use + an alternative type to circumvent the limitation. The downside is that + the Kube API can't validate the data beyond the fact that it is a valid + JSON representation. + MuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched, + items: + type: string + type: array + receiver: + description: |- + Name of the receiver for this route. If not empty, it should be listed in + the `receivers` field. + type: string + repeatInterval: + description: |- + How long to wait before repeating the last notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "4h" + type: string + routes: + description: Child routes. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + email: + description: Email necessary to send alerts via + email + type: string + type: object + network: + description: Network contains any network related settings. + properties: + ipFilter: + default: + - 0.0.0.0/0 + description: |- + IPFilter is a list of allowed IPv4 CIDR ranges that can access the service. + If no IP Filter is set, you may not be able to reach the service. + A value of `0.0.0.0/0` will open the service to all addresses on the public internet. + items: + type: string + type: array + serviceType: + default: ClusterIP + description: |- + ServiceType defines the type of the service. + Possible enum values: + - `"ClusterIP"` indicates that the service is only reachable from within the cluster. + - `"LoadBalancer"` indicates that the service is reachable from the public internet via dedicated Ipv4 address. + enum: + - ClusterIP + - LoadBalancer + type: string + type: object + replication: + description: |- + This section allows to configure Postgres replication mode and HA roles groups. + + + The main replication group is implicit and contains the total number of instances less the sum of all instances in other replication groups. + properties: + mode: + description: "Mode defines the replication mode\ + \ applied to the whole cluster. Possible values\ + \ are: \"async\"(default), \"sync\", and \"strict-sync\"\ + \n\n\n\"async\": When in asynchronous mode the\ + \ cluster is allowed to lose some committed transactions.\n\ + When the primary server fails or becomes unavailable\ + \ for any other reason a sufficiently healthy\ + \ standby will automatically be promoted to primary.\n\ + Any transactions that have not been replicated\ + \ to that standby remain in a \u201Cforked timeline\u201D\ + \ on the primary, and are effectively unrecoverable\n\ + \n\n\"sync\": When in synchronous mode a standby\ + \ will not be promoted unless it is certain that\ + \ the standby contains all transactions that may\ + \ have returned a successful commit status to\ + \ client.\n This means that the system may be\ + \ unavailable for writes even though some servers\ + \ are available.\n\n\n\"strict-sync\": When it\ + \ is absolutely necessary to guarantee that each\ + \ write is stored durably on at least two nodes,\ + \ use the strict synchronous mode.\nThis mode\ + \ prevents synchronous replication to be switched\ + \ off on the primary when no synchronous standby\ + \ candidates are available.\nAs a downside, the\ + \ primary will not be available for writes, blocking\ + \ all client write requests until at least one\ + \ synchronous replica comes up.\n\n\nNOTE: We\ + \ recommend to always use three intances when\ + \ setting the mode to \"strict-sync\"." + enum: + - async + - sync + - strict-sync + type: string + type: object + restore: + description: Restore contains settings to control the + restore of an instance. + properties: + backupName: + description: BackupName is the name of the specific + backup you want to restore. + type: string + claimName: + description: |- + ClaimName specifies the name of the instance you want to restore from. + The claim has to be in the same namespace as this new instance. + type: string + recoveryTimeStamp: + description: |- + RecoveryTimeStamp an ISO 8601 date, that holds UTC date indicating at which point-in-time the database has to be restored. + This is optional and if no PIT recovery is required, it can be left empty. + pattern: ^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\d|2[0-3]):[0-5]\d:[0-5]\d(?:Z|[+-][01]\d:[0-5]\d)$ + type: string + type: object + scheduling: + description: Scheduling contains settings to control + the scheduling of an instance. + properties: + nodeSelector: + additionalProperties: + type: string + description: "NodeSelector is a selector which must\ + \ match a node\u2019s labels for the pod to be\ + \ scheduled on that node" + type: object + type: object + security: + description: Security defines the security of a service + properties: + allowAllNamespaces: + default: false + description: AllowAllNamespaces allows the service + to be accessible from all namespaces, this supersedes + the AllowedNamespaces field + type: boolean + allowedGroups: + description: AllowedGroups defines a list of Groups + that have limited access to the instance namespace + items: + type: string + type: array + allowedNamespaces: + description: AllowedNamespaces defines a list of + namespaces from where the service can be reached + in the claim namespace + items: + type: string + type: array + allowedUsers: + description: AllowedUsers defines a list of Users + that have limited access to instance namespace. + items: + type: string + type: array + deletionProtection: + default: true + description: DeletionProtection blocks the deletion + of the instance if it is enabled (enabled by default) + type: boolean + type: object + service: + description: Service contains PostgreSQL DBaaS specific + properties + properties: + access: + description: Access defines additional users and + databases for this instance. + items: + properties: + database: + description: Database is the name of the database + to create, defaults to user. + type: string + privileges: + description: |- + Privileges specifies the privileges to grant the user. Please check + the database's docs for available privileges. + items: + type: string + type: array + user: + description: |- + User specifies the username. If all other fields are left empty + then a new database with the same name and all permissions will be created. + type: string + writeConnectionSecretToRef: + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this user should + be written. + If not specified, a secret with the name $claimname-$username will be + created in the namespace where the claim is located. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - user + type: object + type: array + extensions: + description: Extensions allow to enable/disable + any of the supported + items: + description: VSHNDBaaSPostgresExtension contains + the name of a single extension. + properties: + name: + description: |- + Name is the name of the extension to enable. + For an extensive list, please consult https://stackgres.io/doc/latest/intro/extensions/ + type: string + type: object + type: array + majorVersion: + default: '15' + description: |- + MajorVersion contains supported version of PostgreSQL. + Multiple versions are supported. The latest version "15" is the default version. + enum: + - '12' + - '13' + - '14' + - '15' + - '16' + - '17' + type: string + pgBouncerSettings: + description: PgBouncerSettings passes additional + configuration to the pgBouncer instance. + properties: + databases: + description: |- + The `pgbouncer.ini` (Section [databases]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. + + + Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-databases) for more information about supported parameters. + type: object + x-kubernetes-preserve-unknown-fields: true + pgbouncer: + description: |- + The `pgbouncer.ini` (Section [pgbouncer]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. + + + Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#generic-settings) for more information about supported parameters + type: object + x-kubernetes-preserve-unknown-fields: true + users: + description: |- + The `pgbouncer.ini` (Section [users]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. + + + Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-users) for more information about supported parameters. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + pgSettings: + description: PGSettings contains additional PostgreSQL + settings. + type: object + x-kubernetes-preserve-unknown-fields: true + repackEnabled: + default: true + description: This is default option if neither repack + or vacuum are selected + type: boolean + serviceLevel: + default: besteffort + description: ServiceLevel defines the service level + of this service. Either Best Effort or Guaranteed + Availability is allowed. + enum: + - besteffort + - guaranteed + type: string + vacuumEnabled: + default: false + type: boolean + type: object + size: + description: Size contains settings to control the sizing + of a service. + properties: + cpu: + description: CPU defines the amount of Kubernetes + CPUs for an instance. + type: string + disk: + description: Disk defines the amount of disk space + for an instance. + type: string + memory: + description: Memory defines the amount of memory + in units of bytes for an instance. + type: string + plan: + description: Plan is the name of the resource plan + that defines the compute resources. + type: string + requests: + description: Requests defines CPU and memory requests + for an instance + properties: + cpu: + description: CPU defines the amount of Kubernetes + CPUs for an instance. + type: string + memory: + description: Memory defines the amount of memory + in units of bytes for an instance. + type: string + type: object + type: object + updateStrategy: + description: UpdateStrategy indicates when updates to + the instance spec will be applied. + properties: + type: + default: Immediate + description: |- + Type indicates the type of the UpdateStrategy. Default is OnRestart. + Possible enum values: + - `"OnRestart"` indicates that the changes to the spec will only be applied once the instance is restarted by other means, most likely during maintenance. + - `"Immediate"` indicates that update will be applied to the instance as soon as the spec changes. Please be aware that this might lead to short downtime. + enum: + - Immediate + - OnRestart + type: string + type: object + type: object + relativePath: + default: / + description: RelativePath on which Nextcloud will listen. + type: string + serviceLevel: + default: besteffort + description: ServiceLevel defines the service level of this + service. Either Best Effort or Guaranteed Availability + is allowed. + enum: + - besteffort + - guaranteed + type: string + useExternalPostgreSQL: + default: true + description: |- + UseExternalPostgreSQL defines if the VSHNPostgreSQL database backend should be used. Defaults to true. If set to false, + the build-in SQLite database is being used. + type: boolean + version: + default: '29' + description: |- + Version contains supported version of nextcloud. + Multiple versions are supported. The latest version 29 is the default version. + type: string + required: + - fqdn + type: object + size: + default: {} + description: Size contains settings to control the sizing of + a service. + properties: + cpu: + description: CPU defines the amount of Kubernetes CPUs for + an instance. + type: string + disk: + description: Disk defines the amount of disk space for an + instance. + type: string + memory: + description: Memory defines the amount of memory in units + of bytes for an instance. + type: string + plan: + default: standard-2 + description: | + Plan is the name of the resource plan that defines the compute resources. + + The following plans are available: + + standard-2 - CPU: 500m; Memory: 2Gi; Disk: 16Gi + + standard-4 - CPU: 1; Memory: 4Gi; Disk: 16Gi + + standard-8 - CPU: 2; Memory: 8Gi; Disk: 16Gi + enum: + - standard-2 + - standard-4 + - standard-8 + type: string + requests: + description: Requests defines CPU and memory requests for + an instance + properties: + cpu: + description: CPU defines the amount of Kubernetes CPUs + for an instance. + type: string + memory: + description: Memory defines the amount of memory in + units of bytes for an instance. + type: string + type: object + type: object + type: object + type: object + status: + description: Status reflects the observed state of a VSHNNextcloud. + properties: + instanceNamespace: + description: InstanceNamespace contains the name of the namespace + where the instance resides + type: string + schedules: + description: |- + Schedules keeps track of random generated schedules, is overwriten by + schedules set in the service's spec. + properties: + backup: + description: Backup keeps track of the backup schedule. + type: string + maintenance: + description: Maintenance keeps track of the maintenance schedule. + properties: + dayOfWeek: + description: |- + DayOfWeek specifies at which weekday the maintenance is held place. + Allowed values are [monday, tuesday, wednesday, thursday, friday, saturday, sunday] + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + timeOfDay: + description: |- + TimeOfDay for installing updates in UTC. + Format: "hh:mm:ss". + pattern: ^([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$ + type: string + type: object + type: object + type: object + required: + - spec + type: object + served: true diff --git a/tests/golden/openshift/appcat/appcat/20_xrd_vshn_postgres.yaml b/tests/golden/openshift/appcat/appcat/20_xrd_vshn_postgres.yaml index 235050985..48a62fefe 100644 --- a/tests/golden/openshift/appcat/appcat/20_xrd_vshn_postgres.yaml +++ b/tests/golden/openshift/appcat/appcat/20_xrd_vshn_postgres.yaml @@ -5766,6 +5766,7 @@ spec: - '14' - '15' - '16' + - '17' type: string pgBouncerSettings: description: PgBouncerSettings passes additional configuration diff --git a/tests/golden/openshift/appcat/appcat/21_composition_vshn_nextcloud.yaml b/tests/golden/openshift/appcat/appcat/21_composition_vshn_nextcloud.yaml new file mode 100644 index 000000000..6e8361f43 --- /dev/null +++ b/tests/golden/openshift/appcat/appcat/21_composition_vshn_nextcloud.yaml @@ -0,0 +1,71 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: '10' + metadata.appcat.vshn.io/description: Nextcloud instances by VSHN + metadata.appcat.vshn.io/displayname: Nextcloud by VSHN + metadata.appcat.vshn.io/end-user-docs-url: https://vs.hn/vshn-nextcloud + metadata.appcat.vshn.io/flavor: standalone + metadata.appcat.vshn.io/plans: '{"standard-2":{"size":{"cpu":"500m","disk":"16Gi","enabled":true,"memory":"2Gi"}},"standard-4":{"size":{"cpu":"1","disk":"16Gi","enabled":true,"memory":"4Gi"}},"standard-8":{"size":{"cpu":"2","disk":"16Gi","enabled":true,"memory":"8Gi"}}}' + metadata.appcat.vshn.io/product-description: https://products.docs.vshn.ch/products/appcat/nextcloud.html + metadata.appcat.vshn.io/zone: rma1 + labels: + metadata.appcat.vshn.io/offered: 'true' + metadata.appcat.vshn.io/serviceID: vshn-nextcloud + name: vshnnextcloud.vshn.appcat.vshn.io + name: vshnnextcloud.vshn.appcat.vshn.io +spec: + compositeTypeRef: + apiVersion: vshn.appcat.vshn.io/v1 + kind: XVSHNNextcloud + mode: Pipeline + pipeline: + - functionRef: + name: function-appcat + input: + apiVersion: v1 + data: + bucketRegion: lpg + chartRepository: https://nextcloud.github.io/helm/ + chartVersion: 5.0.0 + collaboraCPULimit: '1' + collaboraCPURequests: 250m + collaboraMemoryLimit: 1Gi + collaboraMemoryRequests: 256Mi + collabora_image: docker.io/collabora/code:24.04.9.2.1 + controlNamespace: syn-appcat-control + crossplaneNamespace: syn-crossplane + defaultPlan: standard-2 + emailAlertingEnabled: 'true' + emailAlertingSecretName: mailgun-smtp-credentials + emailAlertingSecretNamespace: syn-appcat + emailAlertingSmtpFromAddress: appcat@appuio.cloud + emailAlertingSmtpHost: smtp.eu.mailgun.org:465 + emailAlertingSmtpUsername: appcat@appuio.cloud + imageTag: v4.104.0 + ingress_annotations: | + cert-manager.io/cluster-issuer: letsencrypt-production + isOpenshift: 'true' + maintenanceSA: helm-based-service-maintenance + mode: standalone + ownerGroup: vshn.appcat.vshn.io + ownerKind: XVSHNNextcloud + ownerVersion: v1 + plans: '{"standard-2": {"size": {"cpu": "500m", "disk": "16Gi", "enabled": + true, "memory": "2Gi"}}, "standard-4": {"size": {"cpu": "1", "disk": "16Gi", + "enabled": true, "memory": "4Gi"}}, "standard-8": {"size": {"cpu": "2", + "disk": "16Gi", "enabled": true, "memory": "8Gi"}}}' + quotasEnabled: 'false' + restoreSA: nextcloudserviceaccount + salesOrder: '10431' + serviceName: nextcloud + sliNamespace: appcat-slos + kind: ConfigMap + metadata: + labels: + name: xfn-config + name: xfn-config + step: nextcloud-func + writeConnectionSecretsToNamespace: syn-crossplane diff --git a/tests/golden/openshift/appcat/appcat/21_composition_vshn_postgres.yaml b/tests/golden/openshift/appcat/appcat/21_composition_vshn_postgres.yaml index a3eabb293..cf6d15d1b 100644 --- a/tests/golden/openshift/appcat/appcat/21_composition_vshn_postgres.yaml +++ b/tests/golden/openshift/appcat/appcat/21_composition_vshn_postgres.yaml @@ -40,7 +40,7 @@ spec: emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: appcat@appuio.cloud externalDatabaseConnectionsEnabled: 'false' - imageTag: v4.102.1 + imageTag: v4.104.0 initContainers: '{"clusterReconciliationCycle": {"limits": {"cpu": "300m", "memory": "200Mi"}, "requests": {"cpu": "100m", "memory": "100Mi"}}, "pgbouncerAuthFile": {"limits": {"cpu": "300m", "memory": "500Mi"}, "requests": {"cpu": "100m", diff --git a/tests/golden/openshift/appcat/appcat/21_composition_vshn_redis.yaml b/tests/golden/openshift/appcat/appcat/21_composition_vshn_redis.yaml index 85219de35..52d845efb 100644 --- a/tests/golden/openshift/appcat/appcat/21_composition_vshn_redis.yaml +++ b/tests/golden/openshift/appcat/appcat/21_composition_vshn_redis.yaml @@ -570,7 +570,7 @@ spec: emailAlertingSmtpFromAddress: appcat@appuio.cloud emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: appcat@appuio.cloud - imageTag: v4.102.1 + imageTag: v4.104.0 isOpenshift: 'true' maintenanceSA: helm-based-service-maintenance ownerGroup: vshn.appcat.vshn.io diff --git a/tests/golden/openshift/appcat/appcat/21_openshift_template_nextcloud_vshn.yaml b/tests/golden/openshift/appcat/appcat/21_openshift_template_nextcloud_vshn.yaml new file mode 100644 index 000000000..b36384629 --- /dev/null +++ b/tests/golden/openshift/appcat/appcat/21_openshift_template_nextcloud_vshn.yaml @@ -0,0 +1,42 @@ +apiVersion: template.openshift.io/v1 +kind: Template +message: Your Nextcloud by VSHN instance is being provisioned, please see ${SECRET_NAME} + for access. +metadata: + annotations: + description: Nextcloud is an open source suite of client-server software for creating + and using file hosting services. + iconClass: icon-nextcloud + openshift.io/display-name: VSHNNextcloud + openshift.io/documentation-url: https://vs.hn/vshn-nextcloud + openshift.io/provider-display-name: VSHN + openshift.io/support-url: https://www.vshn.ch/en/contact/ + tags: idp,nextcloud + labels: + name: nextcloudbyvshn + name: nextcloudbyvshn + namespace: openshift +objects: + - apiVersion: vshn.appcat.vshn.io/v1 + kind: VSHNNextcloud + metadata: + annotations: {} + labels: + name: ${INSTANCE_NAME} + name: ${INSTANCE_NAME} + spec: + parameters: + service: + version: ${VERSION} + size: + plan: ${PLAN} + writeConnectionSecretToRef: + name: ${SECRET_NAME} +parameters: + - name: PLAN + value: standard-4 + - name: SECRET_NAME + value: nextcloud-credentials + - name: INSTANCE_NAME + - name: VERSION + value: '22' diff --git a/tests/golden/openshift/appcat/appcat/22_prom_rule_sla_nextcloud.yaml b/tests/golden/openshift/appcat/appcat/22_prom_rule_sla_nextcloud.yaml new file mode 100644 index 000000000..bf7141123 --- /dev/null +++ b/tests/golden/openshift/appcat/appcat/22_prom_rule_sla_nextcloud.yaml @@ -0,0 +1,15 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + name: vshn-vshnnextcloud-sla + name: vshn-vshnnextcloud-sla + namespace: appcat-slos +spec: + groups: + - name: appcat-vshnnextcloud-sla-target + rules: + - expr: vector(99.25) + labels: + service: VSHNNextcloud + record: sla:objective:ratio diff --git a/tests/golden/openshift/appcat/appcat/22_scc_appcat.yaml b/tests/golden/openshift/appcat/appcat/22_scc_appcat.yaml new file mode 100644 index 000000000..38f949a08 --- /dev/null +++ b/tests/golden/openshift/appcat/appcat/22_scc_appcat.yaml @@ -0,0 +1,26 @@ +allowHostDirVolumePlugin: true +allowHostIPC: true +allowHostNetwork: true +allowHostPID: true +allowHostPorts: true +allowPrivilegeEscalation: false +allowPrivilegedContainer: true +allowedCapabilities: + - MKNOD + - CHOWN + - SYS_CHROOT + - FOWNER +apiVersion: security.openshift.io/v1 +defaultAddCapabilities: + - MKNOD + - CHOWN + - SYS_CHROOT + - FOWNER +kind: SecurityContextConstraints +metadata: + name: appcat-collabora +readOnlyRootFilesystem: false +runAsUser: + type: MustRunAsNonRoot +seLinuxContext: + type: MustRunAs diff --git a/tests/golden/openshift/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/openshift/appcat/appcat/apiserver/30_deployment.yaml index 8c9fbb791..fbd31cd77 100644 --- a/tests/golden/openshift/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/openshift/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/openshift/appcat/appcat/sli_exporter/90_nextcloud_Opsgenie.yaml b/tests/golden/openshift/appcat/appcat/sli_exporter/90_nextcloud_Opsgenie.yaml new file mode 100644 index 000000000..1240a7c8b --- /dev/null +++ b/tests/golden/openshift/appcat/appcat/sli_exporter/90_nextcloud_Opsgenie.yaml @@ -0,0 +1,39 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + syn: 'true' + syn_component: appcat + syn_team: schedar + name: vshn-nextcloud-new-sla + namespace: appcat-slos +spec: + groups: + - name: appcat-nextcloud-sla-target + rules: + - alert: vshn-nextcloud-new-sla + expr: rate(appcat_probes_seconds_count{reason!="success", service="nextcloud", + ha="false", maintenance="false"}[5m]) > 0.2 and rate(appcat_probes_seconds_count{reason!="success", + service="nextcloud", ha="false", maintenance="false"}[1m]) > 0.75 + labels: + OnCall: '{{ if eq $labels.sla "guaranteed" }}true{{ else }}false{{ end + }}' + runbook: https://kb.vshn.ch/app-catalog/how-tos/appcat/GuaranteedUptimeTarget.html + service: nextcloud + severity: critical + syn: 'true' + syn_component: appcat + syn_team: schedar + - alert: vshn-nextcloud-new-sla-ha + expr: rate(appcat_probes_seconds_count{reason!="success", service="nextcloud", + ha="true"}[5m]) > 0.2 and rate(appcat_probes_seconds_count{reason!="success", + service="nextcloud", ha="true"}[1m]) > 0.75 + labels: + OnCall: '{{ if eq $labels.sla "guaranteed" }}true{{ else }}false{{ end + }}' + runbook: https://kb.vshn.ch/app-catalog/how-tos/appcat/GuaranteedUptimeTarget.html + service: nextcloud + severity: critical + syn: 'true' + syn_component: appcat + syn_team: schedar diff --git a/tests/golden/openshift/appcat/appcat/sli_exporter/90_slo_vshn_nextcloud.yaml b/tests/golden/openshift/appcat/appcat/sli_exporter/90_slo_vshn_nextcloud.yaml new file mode 100644 index 000000000..dd20b6e26 --- /dev/null +++ b/tests/golden/openshift/appcat/appcat/sli_exporter/90_slo_vshn_nextcloud.yaml @@ -0,0 +1,193 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + name: vshn-nextcloud + name: vshn-nextcloud + namespace: appcat-slos +spec: + groups: + - name: sloth-slo-sli-recordings-appcat-vshn-nextcloud-uptime + rules: + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNNextcloud", ha="false", maintenance="false"}[5m]) or 0*rate(appcat_probes_seconds_count{service="VSHNNextcloud"}[5m])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNNextcloud", ha="false"}[5m])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + sloth_window: 5m + record: slo:sli_error:ratio_rate5m + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNNextcloud", ha="false", maintenance="false"}[30m]) or 0*rate(appcat_probes_seconds_count{service="VSHNNextcloud"}[30m])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNNextcloud", ha="false"}[30m])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + sloth_window: 30m + record: slo:sli_error:ratio_rate30m + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNNextcloud", ha="false", maintenance="false"}[1h]) or 0*rate(appcat_probes_seconds_count{service="VSHNNextcloud"}[1h])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNNextcloud", ha="false"}[1h])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + sloth_window: 1h + record: slo:sli_error:ratio_rate1h + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNNextcloud", ha="false", maintenance="false"}[2h]) or 0*rate(appcat_probes_seconds_count{service="VSHNNextcloud"}[2h])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNNextcloud", ha="false"}[2h])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + sloth_window: 2h + record: slo:sli_error:ratio_rate2h + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNNextcloud", ha="false", maintenance="false"}[6h]) or 0*rate(appcat_probes_seconds_count{service="VSHNNextcloud"}[6h])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNNextcloud", ha="false"}[6h])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + sloth_window: 6h + record: slo:sli_error:ratio_rate6h + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNNextcloud", ha="false", maintenance="false"}[1d]) or 0*rate(appcat_probes_seconds_count{service="VSHNNextcloud"}[1d])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNNextcloud", ha="false"}[1d])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + sloth_window: 1d + record: slo:sli_error:ratio_rate1d + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNNextcloud", ha="false", maintenance="false"}[3d]) or 0*rate(appcat_probes_seconds_count{service="VSHNNextcloud"}[3d])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNNextcloud", ha="false"}[3d])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + sloth_window: 3d + record: slo:sli_error:ratio_rate3d + - expr: | + sum_over_time(slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-nextcloud-uptime", sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"}[30d]) + / ignoring (sloth_window) + count_over_time(slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-nextcloud-uptime", sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"}[30d]) + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + sloth_window: 30d + record: slo:sli_error:ratio_rate30d + - name: sloth-slo-meta-recordings-appcat-vshn-nextcloud-uptime + rules: + - expr: vector(0.9990000000000001) + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + record: slo:objective:ratio + - expr: vector(1-0.9990000000000001) + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + record: slo:error_budget:ratio + - expr: vector(30) + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + record: slo:time_period:days + - expr: | + slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-nextcloud-uptime", sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"} + / on(sloth_id, sloth_slo, sloth_service) group_left + slo:error_budget:ratio{sloth_id="appcat-vshn-nextcloud-uptime", sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"} + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + record: slo:current_burn_rate:ratio + - expr: | + slo:sli_error:ratio_rate30d{sloth_id="appcat-vshn-nextcloud-uptime", sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"} + / on(sloth_id, sloth_slo, sloth_service) group_left + slo:error_budget:ratio{sloth_id="appcat-vshn-nextcloud-uptime", sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"} + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + record: slo:period_burn_rate:ratio + - expr: 1 - slo:period_burn_rate:ratio{sloth_id="appcat-vshn-nextcloud-uptime", + sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"} + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + record: slo:period_error_budget_remaining:ratio + - expr: vector(1) + labels: + sloth_id: appcat-vshn-nextcloud-uptime + sloth_mode: cli-gen-prom + sloth_objective: '99.9' + sloth_service: appcat-vshn-nextcloud + sloth_slo: uptime + sloth_spec: prometheus/v1 + sloth_version: v0.11.0 + record: sloth_slo_info + - name: sloth-slo-alerts-appcat-vshn-nextcloud-uptime + rules: + - alert: SLO_AppCat_VSHNNextcloudUptime + annotations: + for: 6m + summary: Probes to Nextcloud by VSHN instance fail + title: (page) {{$labels.sloth_service}} {{$labels.sloth_slo}} SLO error + budget burn rate is too fast. + expr: | + ( + max(slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-nextcloud-uptime", sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"} > (14.4 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate1h{sloth_id="appcat-vshn-nextcloud-uptime", sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"} > (14.4 * 0.0009999999999999432)) without (sloth_window) + ) + or + ( + max(slo:sli_error:ratio_rate30m{sloth_id="appcat-vshn-nextcloud-uptime", sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"} > (6 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate6h{sloth_id="appcat-vshn-nextcloud-uptime", sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"} > (6 * 0.0009999999999999432)) without (sloth_window) + ) + for: 6m + labels: + service: VSHNNextcloud + severity: critical + sloth_severity: page + - alert: SLO_AppCat_VSHNNextcloudUptime + annotations: + runbook_url: https://hub.syn.tools/appcat/runbooks/vshn-nextcloud.html#uptime + summary: Probes to Nextcloud by VSHN instance fail + title: (ticket) {{$labels.sloth_service}} {{$labels.sloth_slo}} SLO error + budget burn rate is too fast. + expr: | + ( + max(slo:sli_error:ratio_rate2h{sloth_id="appcat-vshn-nextcloud-uptime", sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"} > (3 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate1d{sloth_id="appcat-vshn-nextcloud-uptime", sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"} > (3 * 0.0009999999999999432)) without (sloth_window) + ) + or + ( + max(slo:sli_error:ratio_rate6h{sloth_id="appcat-vshn-nextcloud-uptime", sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"} > (1 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate3d{sloth_id="appcat-vshn-nextcloud-uptime", sloth_service="appcat-vshn-nextcloud", sloth_slo="uptime"} > (1 * 0.0009999999999999432)) without (sloth_window) + ) + labels: + service: VSHNNextcloud + severity: warning + sloth_severity: ticket diff --git a/tests/golden/openshift/appcat/appcat/sli_exporter/90_slo_vshn_nextcloud_ha.yaml b/tests/golden/openshift/appcat/appcat/sli_exporter/90_slo_vshn_nextcloud_ha.yaml new file mode 100644 index 000000000..38a42476d --- /dev/null +++ b/tests/golden/openshift/appcat/appcat/sli_exporter/90_slo_vshn_nextcloud_ha.yaml @@ -0,0 +1,193 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + name: vshn-nextcloud-ha + name: vshn-nextcloud-ha + namespace: appcat-slos +spec: + groups: + - name: sloth-slo-sli-recordings-appcat-vshn-nextcloud-ha-uptime + rules: + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNNextcloud", ha="true"}[5m]) or 0*rate(appcat_probes_seconds_count{service="VSHNNextcloud"}[5m])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNNextcloud", ha="true"}[5m])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + sloth_window: 5m + record: slo:sli_error:ratio_rate5m + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNNextcloud", ha="true"}[30m]) or 0*rate(appcat_probes_seconds_count{service="VSHNNextcloud"}[30m])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNNextcloud", ha="true"}[30m])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + sloth_window: 30m + record: slo:sli_error:ratio_rate30m + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNNextcloud", ha="true"}[1h]) or 0*rate(appcat_probes_seconds_count{service="VSHNNextcloud"}[1h])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNNextcloud", ha="true"}[1h])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + sloth_window: 1h + record: slo:sli_error:ratio_rate1h + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNNextcloud", ha="true"}[2h]) or 0*rate(appcat_probes_seconds_count{service="VSHNNextcloud"}[2h])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNNextcloud", ha="true"}[2h])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + sloth_window: 2h + record: slo:sli_error:ratio_rate2h + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNNextcloud", ha="true"}[6h]) or 0*rate(appcat_probes_seconds_count{service="VSHNNextcloud"}[6h])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNNextcloud", ha="true"}[6h])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + sloth_window: 6h + record: slo:sli_error:ratio_rate6h + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNNextcloud", ha="true"}[1d]) or 0*rate(appcat_probes_seconds_count{service="VSHNNextcloud"}[1d])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNNextcloud", ha="true"}[1d])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + sloth_window: 1d + record: slo:sli_error:ratio_rate1d + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNNextcloud", ha="true"}[3d]) or 0*rate(appcat_probes_seconds_count{service="VSHNNextcloud"}[3d])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNNextcloud", ha="true"}[3d])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + sloth_window: 3d + record: slo:sli_error:ratio_rate3d + - expr: | + sum_over_time(slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-nextcloud-ha-uptime", sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"}[30d]) + / ignoring (sloth_window) + count_over_time(slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-nextcloud-ha-uptime", sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"}[30d]) + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + sloth_window: 30d + record: slo:sli_error:ratio_rate30d + - name: sloth-slo-meta-recordings-appcat-vshn-nextcloud-ha-uptime + rules: + - expr: vector(0.9990000000000001) + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + record: slo:objective:ratio + - expr: vector(1-0.9990000000000001) + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + record: slo:error_budget:ratio + - expr: vector(30) + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + record: slo:time_period:days + - expr: | + slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-nextcloud-ha-uptime", sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"} + / on(sloth_id, sloth_slo, sloth_service) group_left + slo:error_budget:ratio{sloth_id="appcat-vshn-nextcloud-ha-uptime", sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"} + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + record: slo:current_burn_rate:ratio + - expr: | + slo:sli_error:ratio_rate30d{sloth_id="appcat-vshn-nextcloud-ha-uptime", sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"} + / on(sloth_id, sloth_slo, sloth_service) group_left + slo:error_budget:ratio{sloth_id="appcat-vshn-nextcloud-ha-uptime", sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"} + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + record: slo:period_burn_rate:ratio + - expr: 1 - slo:period_burn_rate:ratio{sloth_id="appcat-vshn-nextcloud-ha-uptime", + sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"} + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + record: slo:period_error_budget_remaining:ratio + - expr: vector(1) + labels: + sloth_id: appcat-vshn-nextcloud-ha-uptime + sloth_mode: cli-gen-prom + sloth_objective: '99.9' + sloth_service: appcat-vshn-nextcloud-ha + sloth_slo: uptime + sloth_spec: prometheus/v1 + sloth_version: v0.11.0 + record: sloth_slo_info + - name: sloth-slo-alerts-appcat-vshn-nextcloud-ha-uptime + rules: + - alert: SLO_AppCat_HAVSHNNextcloudUptime + annotations: + for: 6m + summary: Probes to HA Nextcloud by VSHN instance fail + title: (page) {{$labels.sloth_service}} {{$labels.sloth_slo}} SLO error + budget burn rate is too fast. + expr: | + ( + max(slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-nextcloud-ha-uptime", sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"} > (14.4 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate1h{sloth_id="appcat-vshn-nextcloud-ha-uptime", sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"} > (14.4 * 0.0009999999999999432)) without (sloth_window) + ) + or + ( + max(slo:sli_error:ratio_rate30m{sloth_id="appcat-vshn-nextcloud-ha-uptime", sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"} > (6 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate6h{sloth_id="appcat-vshn-nextcloud-ha-uptime", sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"} > (6 * 0.0009999999999999432)) without (sloth_window) + ) + for: 6m + labels: + service: VSHNNextcloud + severity: critical + sloth_severity: page + - alert: SLO_AppCat_HAVSHNNextcloudUptime + annotations: + runbook_url: https://hub.syn.tools/appcat/runbooks/vshn-nextcloud.html#uptime + summary: Probes to HA Nextcloud by VSHN instance fail + title: (ticket) {{$labels.sloth_service}} {{$labels.sloth_slo}} SLO error + budget burn rate is too fast. + expr: | + ( + max(slo:sli_error:ratio_rate2h{sloth_id="appcat-vshn-nextcloud-ha-uptime", sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"} > (3 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate1d{sloth_id="appcat-vshn-nextcloud-ha-uptime", sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"} > (3 * 0.0009999999999999432)) without (sloth_window) + ) + or + ( + max(slo:sli_error:ratio_rate6h{sloth_id="appcat-vshn-nextcloud-ha-uptime", sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"} > (1 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate3d{sloth_id="appcat-vshn-nextcloud-ha-uptime", sloth_service="appcat-vshn-nextcloud-ha", sloth_slo="uptime"} > (1 * 0.0009999999999999432)) without (sloth_window) + ) + labels: + service: VSHNNextcloud + severity: warning + sloth_severity: ticket diff --git a/tests/golden/openshift/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/openshift/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 969bb6d0a..fd462b883 100644 --- a/tests/golden/openshift/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/openshift/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNMARIADB value: "false" - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/vshn/appcat/appcat/10_function_appcat.yaml b/tests/golden/vshn/appcat/appcat/10_function_appcat.yaml index a3fc26309..92b56c878 100644 --- a/tests/golden/vshn/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/vshn/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.102.1-func + package: ghcr.io/vshn/appcat:v4.104.0-func runtimeConfigRef: name: function-appcat diff --git a/tests/golden/vshn/appcat/appcat/10_provider_kubernetes.yaml b/tests/golden/vshn/appcat/appcat/10_provider_kubernetes.yaml index 53f7a4f13..8a2c98bb1 100644 --- a/tests/golden/vshn/appcat/appcat/10_provider_kubernetes.yaml +++ b/tests/golden/vshn/appcat/appcat/10_provider_kubernetes.yaml @@ -102,6 +102,8 @@ rules: - pods/log - pods/portforward - pods/status + - pods/attach + - pods/exec - services verbs: - get @@ -130,6 +132,8 @@ rules: - watch - list - patch + - update + - create - apiGroups: - rbac.authorization.k8s.io resourceNames: @@ -352,9 +356,21 @@ rules: - create - delete - apiGroups: - - apps + - networking.k8s.io resources: - - statefulsets + - ingresses + verbs: + - get + - list + - watch + - update + - patch + - create + - delete + - apiGroups: + - '' + resources: + - persistentvolumeclaims verbs: - get - list @@ -364,6 +380,12 @@ rules: - patch - update - delete + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - use --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/tests/golden/vshn/appcat/appcat/20_xrd_vshn_keycloak.yaml b/tests/golden/vshn/appcat/appcat/20_xrd_vshn_keycloak.yaml index e4dcaa3ed..202c5e67c 100644 --- a/tests/golden/vshn/appcat/appcat/20_xrd_vshn_keycloak.yaml +++ b/tests/golden/vshn/appcat/appcat/20_xrd_vshn_keycloak.yaml @@ -11790,6 +11790,7 @@ spec: - '14' - '15' - '16' + - '17' type: string pgBouncerSettings: description: PgBouncerSettings passes additional diff --git a/tests/golden/vshn/appcat/appcat/20_xrd_vshn_mariadb.yaml b/tests/golden/vshn/appcat/appcat/20_xrd_vshn_mariadb.yaml index 091e0875c..360492cb8 100644 --- a/tests/golden/vshn/appcat/appcat/20_xrd_vshn_mariadb.yaml +++ b/tests/golden/vshn/appcat/appcat/20_xrd_vshn_mariadb.yaml @@ -5678,7 +5678,7 @@ spec: default: '11.5' description: |- Version contains supported version of MariaDB. - Multiple versions are supported. The latest version "11.2" is the default version. + Multiple versions are supported. The latest version "11.5" is the default version. enum: - '10.4' - '10.5' diff --git a/tests/golden/vshn/appcat/appcat/20_xrd_vshn_nextcloud.yaml b/tests/golden/vshn/appcat/appcat/20_xrd_vshn_nextcloud.yaml index b17192448..301e32f80 100644 --- a/tests/golden/vshn/appcat/appcat/20_xrd_vshn_nextcloud.yaml +++ b/tests/golden/vshn/appcat/appcat/20_xrd_vshn_nextcloud.yaml @@ -5610,8 +5610,20 @@ spec: type: boolean type: object service: + collabora: + default: {} description: Service contains nextcloud DBaaS specific properties properties: + collabora: + properties: + enabled: + default: false + type: boolean + fqdn: + type: string + required: + - enabled + type: object fqdn: description: |- FQDN contains the FQDN which will be used for the ingress. @@ -11753,6 +11765,7 @@ spec: - '14' - '15' - '16' + - '17' type: string pgBouncerSettings: description: PgBouncerSettings passes additional diff --git a/tests/golden/vshn/appcat/appcat/20_xrd_vshn_postgres.yaml b/tests/golden/vshn/appcat/appcat/20_xrd_vshn_postgres.yaml index 235050985..48a62fefe 100644 --- a/tests/golden/vshn/appcat/appcat/20_xrd_vshn_postgres.yaml +++ b/tests/golden/vshn/appcat/appcat/20_xrd_vshn_postgres.yaml @@ -5766,6 +5766,7 @@ spec: - '14' - '15' - '16' + - '17' type: string pgBouncerSettings: description: PgBouncerSettings passes additional configuration diff --git a/tests/golden/vshn/appcat/appcat/21_composition_vshn_keycloak.yaml b/tests/golden/vshn/appcat/appcat/21_composition_vshn_keycloak.yaml index 28ca41c32..3047498c4 100644 --- a/tests/golden/vshn/appcat/appcat/21_composition_vshn_keycloak.yaml +++ b/tests/golden/vshn/appcat/appcat/21_composition_vshn_keycloak.yaml @@ -39,7 +39,7 @@ spec: emailAlertingSmtpFromAddress: appcat@appuio.cloud emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: appcat@appuio.cloud - imageTag: v4.102.1 + imageTag: v4.104.0 ingress_annotations: | nginx.ingress.kubernetes.io/backend-protocol: HTTPS cert-manager.io/cluster-issuer: letsencrypt-staging diff --git a/tests/golden/vshn/appcat/appcat/21_composition_vshn_mariadb.yaml b/tests/golden/vshn/appcat/appcat/21_composition_vshn_mariadb.yaml index 5976ec1c1..20931c0b9 100644 --- a/tests/golden/vshn/appcat/appcat/21_composition_vshn_mariadb.yaml +++ b/tests/golden/vshn/appcat/appcat/21_composition_vshn_mariadb.yaml @@ -39,7 +39,7 @@ spec: emailAlertingSmtpFromAddress: appcat@appuio.cloud emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: appcat@appuio.cloud - imageTag: v4.102.1 + imageTag: v4.104.0 isOpenshift: 'false' maintenanceSA: helm-based-service-maintenance mode: standalone diff --git a/tests/golden/vshn/appcat/appcat/21_composition_vshn_nextcloud.yaml b/tests/golden/vshn/appcat/appcat/21_composition_vshn_nextcloud.yaml index eefd9601c..a60a5dfac 100644 --- a/tests/golden/vshn/appcat/appcat/21_composition_vshn_nextcloud.yaml +++ b/tests/golden/vshn/appcat/appcat/21_composition_vshn_nextcloud.yaml @@ -30,6 +30,11 @@ spec: bucketRegion: lpg chartRepository: https://nextcloud.github.io/helm/ chartVersion: 5.0.0 + collaboraCPULimit: '1' + collaboraCPURequests: 250m + collaboraMemoryLimit: 1Gi + collaboraMemoryRequests: 256Mi + collabora_image: docker.io/collabora/code:24.04.9.2.1 controlNamespace: syn-appcat-control crossplaneNamespace: syn-crossplane defaultPlan: standard-2 @@ -39,11 +44,9 @@ spec: emailAlertingSmtpFromAddress: appcat@appuio.cloud emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: appcat@appuio.cloud - imageTag: v4.102.1 + imageTag: v4.104.0 ingress_annotations: | cert-manager.io/cluster-issuer: letsencrypt-staging - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" isOpenshift: 'false' maintenanceSA: helm-based-service-maintenance mode: standalone diff --git a/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml b/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml index 2f2fb9bad..71ac9b895 100644 --- a/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml +++ b/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml @@ -40,7 +40,7 @@ spec: emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: appcat@appuio.cloud externalDatabaseConnectionsEnabled: 'true' - imageTag: v4.102.1 + imageTag: v4.104.0 initContainers: '{"clusterReconciliationCycle": {"limits": {"cpu": "300m", "memory": "200Mi"}, "requests": {"cpu": "100m", "memory": "100Mi"}}, "pgbouncerAuthFile": {"limits": {"cpu": "300m", "memory": "500Mi"}, "requests": {"cpu": "100m", diff --git a/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml b/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml index 95bf0454e..d915b7b7e 100644 --- a/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml +++ b/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml @@ -596,7 +596,7 @@ spec: emailAlertingSmtpFromAddress: appcat@appuio.cloud emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: appcat@appuio.cloud - imageTag: v4.102.1 + imageTag: v4.104.0 isOpenshift: 'false' maintenanceSA: helm-based-service-maintenance ownerGroup: vshn.appcat.vshn.io diff --git a/tests/golden/vshn/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/vshn/appcat/appcat/apiserver/30_deployment.yaml index 8c9fbb791..fbd31cd77 100644 --- a/tests/golden/vshn/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/vshn/appcat/appcat/apiserver/30_deployment.yaml @@ -29,7 +29,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: failureThreshold: 3 httpGet: diff --git a/tests/golden/vshn/appcat/appcat/controllers/appcat/30_deployment.yaml b/tests/golden/vshn/appcat/appcat/controllers/appcat/30_deployment.yaml index 77782c47a..5eb1c1c05 100644 --- a/tests/golden/vshn/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/tests/golden/vshn/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -23,7 +23,7 @@ spec: env: - name: PLANS_NAMESPACE value: syn-appcat - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: httpGet: path: /healthz diff --git a/tests/golden/vshn/appcat/appcat/sla_reporter/01_cronjob.yaml b/tests/golden/vshn/appcat/appcat/sla_reporter/01_cronjob.yaml index ae9815de0..9a2698950 100644 --- a/tests/golden/vshn/appcat/appcat/sla_reporter/01_cronjob.yaml +++ b/tests/golden/vshn/appcat/appcat/sla_reporter/01_cronjob.yaml @@ -30,7 +30,7 @@ spec: envFrom: - secretRef: name: appcat-sla-reports-creds - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 name: sla-reporter resources: limits: diff --git a/tests/golden/vshn/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/vshn/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index a9c073b13..fc1b01792 100644 --- a/tests/golden/vshn/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/vshn/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -36,7 +36,7 @@ spec: value: "true" - name: APPCAT_SLI_VSHNMARIADB value: "true" - image: ghcr.io/vshn/appcat:v4.102.1 + image: ghcr.io/vshn/appcat:v4.104.0 livenessProbe: httpGet: path: /healthz diff --git a/tests/openshift.yml b/tests/openshift.yml index 4495804cc..622e1a840 100644 --- a/tests/openshift.yml +++ b/tests/openshift.yml @@ -47,6 +47,8 @@ parameters: services: vshn: enabled: true + nextcloud: + enabled: true postgres: sgNamespace: stackgres bucket_region: 'ch-gva-2' diff --git a/tests/vshn.yml b/tests/vshn.yml index b39e4ae92..6a01348c0 100644 --- a/tests/vshn.yml +++ b/tests/vshn.yml @@ -99,10 +99,12 @@ parameters: nextcloud: enabled: true additionalInputs: + collaboraCPULimit: "1" + collaboraCPURequests: 250m + collaboraMemoryLimit: 1Gi # during my tests I was able to force collabora to use ~800Mi + collaboraMemoryRequests: 256Mi ingress_annotations: | cert-manager.io/cluster-issuer: letsencrypt-staging - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" postgres: sgNamespace: stackgres