# Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.17.1-0.20250103184936-50893dee96da name: operatorconfigs.monitoring.googleapis.com spec: group: monitoring.googleapis.com names: kind: OperatorConfig listKind: OperatorConfigList plural: operatorconfigs singular: operatorconfig scope: Namespaced versions: - name: v1 schema: openAPIV3Schema: description: OperatorConfig defines configuration of the gmp-operator. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string collection: description: |- Collection specifies how the operator configures collection, including scraping and an integrated export to Google Cloud Monitoring. properties: compression: description: Compression enables compression of metrics collection data enum: - none - gzip type: string credentials: description: |- A reference to GCP service account credentials with which Prometheus collectors are run. It needs to have metric write permissions for all project IDs to which data is written. Within GKE, this can typically be left empty if the compute default service account has the required permissions. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic externalLabels: additionalProperties: type: string description: |- ExternalLabels specifies external labels that are attached to all scraped data before being written to Google Cloud Monitoring or any other additional exports specified in the OperatorConfig. The precedence behavior matches that of Prometheus. type: object filter: description: Filter limits which metric data is sent to Cloud Monitoring (it doesn't apply to additional exports). properties: matchOneOf: description: |- A list of Prometheus time series matchers. Every time series must match at least one of the matchers to be exported. This field can be used equivalently to the match[] parameter of the Prometheus federation endpoint to selectively export data. Example: `["{job!='foobar'}", "{__name__!~'container_foo.*|container_bar.*'}"]` items: type: string type: array type: object kubeletScraping: description: Configuration to scrape the metric endpoints of the Kubelets. properties: interval: description: The interval at which the metric endpoints are scraped. type: string tlsInsecureSkipVerify: description: |- TLSInsecureSkipVerify disables verifying the target cert. This can be useful for clusters provisioned with kubeadm. type: boolean required: - interval type: object type: object exports: description: |- Exports is an EXPERIMENTAL feature that specifies additional, optional endpoints to export to, on top of Google Cloud Monitoring collection. Note: To disable integrated export to Google Cloud Monitoring specify a non-matching filter in the "collection.filter" field. items: properties: url: description: The URL of the endpoint that supports Prometheus Remote Write to export samples to. type: string required: - url type: object type: array features: description: Features holds configuration for optional managed-collection features. properties: config: description: Settings for the collector configuration propagation. properties: compression: description: |- Compression enables compression of the config data propagated by the operator to collectors and the rule-evaluator. It is recommended to use the gzip option when using a large number of ClusterPodMonitoring, PodMonitoring, GlobalRules, ClusterRules, and/or Rules. enum: - none - gzip type: string type: object targetStatus: description: Configuration of target status reporting. properties: enabled: description: Enable target status reporting. type: boolean type: object type: object kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string managedAlertmanager: default: configSecret: key: alertmanager.yaml name: alertmanager description: ManagedAlertmanager holds information for configuring the managed instance of Alertmanager. properties: configSecret: description: |- ConfigSecret refers to the name of a single-key Secret in the public namespace that holds the managed Alertmanager config file. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic externalURL: description: |- ExternalURL is the URL under which Alertmanager is externally reachable (for example, if Alertmanager is served via a reverse proxy). Used for generating relative and absolute links back to Alertmanager itself. If the URL has a path portion, it will be used to prefix all HTTP endpoints served by Alertmanager, otherwise relevant URL components will be derived automatically. If no URL is provided, Alertmanager will point to the Google Cloud Metric Explorer page. type: string type: object metadata: type: object rules: description: Rules specifies how the operator configures and deploys rule-evaluator. properties: alerting: description: Alerting contains how the rule-evaluator configures alerting. properties: alertmanagers: description: Alertmanagers contains endpoint configuration for designated Alertmanagers. items: description: |- AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against. properties: apiVersion: description: |- Version of the Alertmanager API that rule-evaluator uses to send alerts. It can be "v1" or "v2". type: string authorization: description: Authorization section for this alertmanager endpoint properties: credentials: description: The secret's key that contains the credentials of the request properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: description: |- Set the authentication type. Defaults to Bearer, Basic will cause an error type: string type: object name: description: Name of Endpoints object in Namespace. type: string namespace: description: Namespace of Endpoints object. type: string pathPrefix: description: Prefix for the HTTP path alerts are pushed to. type: string port: anyOf: - type: integer - type: string description: Port the Alertmanager API is exposed on. x-kubernetes-int-or-string: true scheme: description: Scheme to use when firing alerts. type: string timeout: description: Timeout is a per-target Alertmanager timeout when pushing alerts. type: string tls: description: TLS Config to use for alertmanager connection. properties: ca: description: Struct containing the CA cert to use for the targets. properties: configMap: description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object cert: description: Struct containing the client cert file for the targets. properties: configMap: description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. type: boolean keySecret: description: Secret containing the client key file for the targets. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic maxVersion: description: |- Maximum TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Prometheus will use Go default minimum version, which is TLS 1.2. See MinVersion in https://pkg.go.dev/crypto/tls#Config. type: string minVersion: description: |- Minimum TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Prometheus will use Go default minimum version, which is TLS 1.2. See MinVersion in https://pkg.go.dev/crypto/tls#Config. type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - name - namespace - port type: object type: array type: object credentials: description: |- A reference to GCP service account credentials with which the rule evaluator container is run. It needs to have metric read permissions against queryProjectId and metric write permissions against all projects to which rule results are written. Within GKE, this can typically be left empty if the compute default service account has the required permissions. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic externalLabels: additionalProperties: type: string description: |- ExternalLabels specifies external labels that are attached to any rule results and alerts produced by rules. The precedence behavior matches that of Prometheus. type: object generatorUrl: description: |- The base URL used for the generator URL in the alert notification payload. Should point to an instance of a query frontend that gives access to queryProjectID. type: string queryProjectID: description: |- QueryProjectID is the GCP project ID to evaluate rules against. If left blank, the rule-evaluator will try attempt to infer the Project ID from the environment. type: string type: object scaling: description: Scaling contains configuration options for scaling GMP. properties: vpa: description: VPASpec defines configuration options for vertical pod autoscaling. properties: enabled: description: |- Enabled configures whether the operator configures Vertical Pod Autoscaling for GMP workloads. In GKE, installing Vertical Pod Autoscaling requires a cluster restart, and therefore it also results in an operator restart. In other environments, the operator may need to be restarted to enable VPA to run the following check again and watch for the objects. type: boolean type: object type: object type: object served: true storage: true - deprecated: true name: v1alpha1 schema: openAPIV3Schema: description: OperatorConfig defines configuration of the gmp-operator. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string collection: description: Collection specifies how the operator configures collection. properties: credentials: description: |- A reference to GCP service account credentials with which Prometheus collectors are run. It needs to have metric write permissions for all project IDs to which data is written. Within GKE, this can typically be left empty if the compute default service account has the required permissions. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic externalLabels: additionalProperties: type: string description: |- ExternalLabels specifies external labels that are attached to all scraped data before being written to Cloud Monitoring. The precedence behavior matches that of Prometheus. type: object filter: description: Filter limits which metric data is sent to Cloud Monitoring. properties: matchOneOf: description: |- A list Prometheus time series matchers. Every time series must match at least one of the matchers to be exported. This field can be used equivalently to the match[] parameter of the Prometheus federation endpoint to selectively export data. Example: `["{job='prometheus'}", "{__name__=~'job:.*'}"]` items: type: string type: array type: object type: object kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object rules: description: Rules specifies how the operator configures and deployes rule-evaluator. properties: alerting: description: Alerting contains how the rule-evaluator configures alerting. properties: alertmanagers: description: Alertmanagers contains endpoint configuration for designated Alertmanagers. items: description: |- AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against. properties: apiVersion: description: |- Version of the Alertmanager API that rule-evaluator uses to send alerts. It can be "v1" or "v2". type: string authorization: description: Authorization section for this alertmanager endpoint properties: credentials: description: The secret's key that contains the credentials of the request properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: description: |- Set the authentication type. Defaults to Bearer, Basic will cause an error type: string type: object name: description: Name of Endpoints object in Namespace. type: string namespace: description: Namespace of Endpoints object. type: string pathPrefix: description: Prefix for the HTTP path alerts are pushed to. type: string port: anyOf: - type: integer - type: string description: Port the Alertmanager API is exposed on. x-kubernetes-int-or-string: true scheme: description: Scheme to use when firing alerts. type: string timeout: description: Timeout is a per-target Alertmanager timeout when pushing alerts. type: string tls: description: TLS Config to use for alertmanager connection. properties: ca: description: Struct containing the CA cert to use for the targets. properties: configMap: description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object cert: description: Struct containing the client cert file for the targets. properties: configMap: description: ConfigMap containing data to use for the targets. properties: key: description: The key to select. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: description: Secret containing data to use for the targets. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object insecureSkipVerify: description: Disable target certificate validation. type: boolean keySecret: description: Secret containing the client key file for the targets. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: description: Used to verify the hostname for the targets. type: string type: object required: - name - namespace - port type: object type: array type: object credentials: description: |- A reference to GCP service account credentials with which the rule evaluator container is run. It needs to have metric read permissions against queryProjectId and metric write permissions against all projects to which rule results are written. Within GKE, this can typically be left empty if the compute default service account has the required permissions. properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic externalLabels: additionalProperties: type: string description: |- ExternalLabels specifies external labels that are attached to any rule results and alerts produced by rules. The precedence behavior matches that of Prometheus. type: object queryProjectID: description: |- QueryProjectID is the GCP project ID to evaluate rules against. If left blank, the rule-evaluator will try attempt to infer the Project ID from the environment. type: string type: object type: object served: true storage: false