Skip to content

Files

Latest commit

jgbernalpjgbernalp
feat: discover default lokistack (#690)
Mar 4, 2025
648c091 · Mar 4, 2025

History

History
4654 lines (4018 loc) · 133 KB
·

api.md

File metadata and controls

4654 lines (4018 loc) · 133 KB
·

API Reference

Packages:

monitoring.rhobs/v1alpha1

Resource Types:

MonitoringStack

↩ Parent

MonitoringStack is the Schema for the monitoringstacks API

Name Type Description Required
apiVersion string monitoring.rhobs/v1alpha1 true
kind string MonitoringStack true
metadata object Refer to the Kubernetes API documentation for the fields of the `metadata` field. true
spec object MonitoringStackSpec is the specification for desired Monitoring Stack
 false
status object MonitoringStackStatus defines the observed state of MonitoringStack. It should always be reconstructable from the state of the cluster and/or outside world.
 false

MonitoringStack.spec

↩ Parent

MonitoringStackSpec is the specification for desired Monitoring Stack

Name Type Description Required
alertmanagerConfig object Define Alertmanager config

Default: map[disabled:false]
 false
logLevel enum Loglevel set log levels of configured components

Enum: debug, info, warn, error
Default: info
 false
namespaceSelector object Namespace selector for Monitoring Stack Resources. To monitor everything, set to empty map selector. E.g. namespaceSelector: {}. To monitor resources in the namespace where Monitoring Stack was created in, set to null. E.g. namespaceSelector:.
 false
nodeSelector map[string]string Define node selector for Monitoring Stack Pods.
 false
prometheusConfig object Define prometheus config

Default: map[replicas:2]
 false
resourceSelector object Label selector for Monitoring Stack Resources. To monitor everything, set to empty map selector. E.g. resourceSelector: {}. To disable service discovery, set to null. E.g. resourceSelector:.
 false
resources object Define resources requests and limits for Monitoring Stack Pods.

Default: map[limits:map[cpu:500m memory:512Mi] requests:map[cpu:100m memory:256Mi]]
 false
retention string Time duration to retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years).

Default: 120h
 false
tolerations []object Define tolerations for Monitoring Stack Pods.
 false

MonitoringStack.spec.alertmanagerConfig

↩ Parent

Define Alertmanager config

Name Type Description Required
disabled boolean Disables the deployment of Alertmanager.

Default: false
 false
webTLSConfig object Configure TLS options for the Alertmanager web server.
 false

MonitoringStack.spec.alertmanagerConfig.webTLSConfig

↩ Parent

Configure TLS options for the Alertmanager web server.

Name Type Description Required
certificate object Reference to the TLS public certificate for the web server.
 true
certificateAuthority object Reference to the root Certificate Authority used to verify the web server's certificate.
 true
privateKey object Reference to the TLS private key for the web server.
 true

MonitoringStack.spec.alertmanagerConfig.webTLSConfig.certificate

↩ Parent

Reference to the TLS public certificate for the web server.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string The name of the secret in the object's namespace to select from.
 true

MonitoringStack.spec.alertmanagerConfig.webTLSConfig.certificateAuthority

↩ Parent

Reference to the root Certificate Authority used to verify the web server's certificate.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string The name of the secret in the object's namespace to select from.
 true

MonitoringStack.spec.alertmanagerConfig.webTLSConfig.privateKey

↩ Parent

Reference to the TLS private key for the web server.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string The name of the secret in the object's namespace to select from.
 true

MonitoringStack.spec.namespaceSelector

↩ Parent

Namespace selector for Monitoring Stack Resources. To monitor everything, set to empty map selector. E.g. namespaceSelector: {}. To monitor resources in the namespace where Monitoring Stack was created in, set to null. E.g. namespaceSelector:.

Name Type Description Required
matchExpressions []object matchExpressions is a list of label selector requirements. The requirements are ANDed.
 false
matchLabels map[string]string matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false

MonitoringStack.spec.namespaceSelector.matchExpressions[index]

↩ Parent

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Name Type Description Required
key string key is the label key that the selector applies to.
 true
operator string operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false

MonitoringStack.spec.prometheusConfig

↩ Parent

Define prometheus config

Name Type Description Required
enableOtlpHttpReceiver boolean Enable Prometheus to accept OpenTelemetry Metrics via the otlp/http protocol. Defaults to the value of `false`. The resulting endpoint is /api/v1/otlp/v1/metrics.
 false
enableRemoteWriteReceiver boolean Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. Defaults to the value of `false`.
 false
externalLabels map[string]string Define ExternalLabels for prometheus
 false
persistentVolumeClaim object Define persistent volume claim for prometheus
 false
remoteWrite []object Define remote write for prometheus
 false
replicas integer Number of replicas/pods to deploy for a Prometheus deployment.

Format: int32
Default: 2
Minimum: 0
 false
scrapeInterval string Default interval between scrapes.
 false
webTLSConfig object Configure TLS options for the Prometheus web server.
 false

MonitoringStack.spec.prometheusConfig.persistentVolumeClaim

↩ Parent

Define persistent volume claim for prometheus

Name Type Description Required
accessModes []string accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
dataSource object dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
dataSourceRef object dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
resources object resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
selector object selector is a label query over volumes to consider for binding.
 false
storageClassName string storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
volumeAttributesClassName string volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
 false
volumeMode string volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
 false
volumeName string volumeName is the binding reference to the PersistentVolume backing this claim.
 false

MonitoringStack.spec.prometheusConfig.persistentVolumeClaim.dataSource

↩ Parent

dataSource field can be used to specify either:

  • An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
  • An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.
Name Type Description Required
kind string Kind is the type of resource being referenced
 true
name string Name is the name of resource being referenced
 true
apiGroup string APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
 false

MonitoringStack.spec.prometheusConfig.persistentVolumeClaim.dataSourceRef

↩ Parent

dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef:

  • While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects.
  • While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified.
  • While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
Name Type Description Required
kind string Kind is the type of resource being referenced
 true
name string Name is the name of resource being referenced
 true
apiGroup string APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
 false
namespace string Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false

MonitoringStack.spec.prometheusConfig.persistentVolumeClaim.resources

↩ Parent

resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources

Name Type Description Required
limits map[string]int or string Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false

MonitoringStack.spec.prometheusConfig.persistentVolumeClaim.selector

↩ Parent

selector is a label query over volumes to consider for binding.

Name Type Description Required
matchExpressions []object matchExpressions is a list of label selector requirements. The requirements are ANDed.
 false
matchLabels map[string]string matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false

MonitoringStack.spec.prometheusConfig.persistentVolumeClaim.selector.matchExpressions[index]

↩ Parent

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Name Type Description Required
key string key is the label key that the selector applies to.
 true
operator string operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index]

↩ Parent

RemoteWriteSpec defines the configuration to write samples from Prometheus to a remote endpoint.

Name Type Description Required
url string The URL of the endpoint to send samples to.
 true
authorization object Authorization section for the URL.

It requires Prometheus >= v2.26.0.

Cannot be set at the same time as sigv4, basicAuth, oauth2, or azureAd.

 false
azureAd object AzureAD for the URL.

It requires Prometheus >= v2.45.0.

Cannot be set at the same time as authorization, basicAuth, oauth2, or sigv4.

 false
basicAuth object BasicAuth configuration for the URL.

Cannot be set at the same time as sigv4, authorization, oauth2, or azureAd.

 false
bearerToken string Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using authorization.

Deprecated: this will be removed in a future release.

 false
bearerTokenFile string File from which to read bearer token for the URL.

Deprecated: this will be removed in a future release. Prefer using authorization.

 false
enableHTTP2 boolean Whether to enable HTTP2.
 false
followRedirects boolean Configure whether HTTP requests follow HTTP 3xx redirects.

It requires Prometheus >= v2.26.0.

 false
headers map[string]string Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten.

It requires Prometheus >= v2.25.0.

 false
messageVersion enum The Remote Write message's version to use when writing to the endpoint.

Version1.0 corresponds to the prometheus.WriteRequest protobuf message introduced in Remote Write 1.0. Version2.0 corresponds to the io.prometheus.write.v2.Request protobuf message introduced in Remote Write 2.0.

When Version2.0 is selected, Prometheus will automatically be configured to append the metadata of scraped metrics to the WAL.

Before setting this field, consult with your remote storage provider what message version it supports.

It requires Prometheus >= v2.54.0.

Enum: V1.0, V2.0

 false
metadataConfig object MetadataConfig configures the sending of series metadata to the remote storage.
 false
name string The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues.

It requires Prometheus >= v2.15.0.

 false
noProxy string noProxy is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

 false
oauth2 object OAuth2 configuration for the URL.

It requires Prometheus >= v2.27.0.

Cannot be set at the same time as sigv4, authorization, basicAuth, or azureAd.

 false
proxyConnectHeader map[string][]object ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

 false
proxyFromEnvironment boolean Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

 false
proxyUrl string proxyURL defines the HTTP proxy server to use.
 false
queueConfig object QueueConfig allows tuning of the remote write queue parameters.
 false
remoteTimeout string Timeout for requests to the remote write endpoint.
 false
sendExemplars boolean Enables sending of exemplars over remote write. Note that exemplar-storage itself must be enabled using the spec.enableFeatures option for exemplars to be scraped in the first place.

It requires Prometheus >= v2.27.0.

 false
sendNativeHistograms boolean Enables sending of native histograms, also known as sparse histograms over remote write.

It requires Prometheus >= v2.40.0.

 false
sigv4 object Sigv4 allows to configures AWS's Signature Verification 4 for the URL.

It requires Prometheus >= v2.26.0.

Cannot be set at the same time as authorization, basicAuth, oauth2, or azureAd.

 false
tlsConfig object TLS Config to use for the URL.
 false
writeRelabelConfigs []object The list of remote write relabel configurations.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].authorization

↩ Parent

Authorization section for the URL.

It requires Prometheus >= v2.26.0.

Cannot be set at the same time as sigv4, basicAuth, oauth2, or azureAd.

Name Type Description Required
credentials object Selects a key of a Secret in the namespace that contains the credentials for authentication.
 false
credentialsFile string File to read a secret from, mutually exclusive with `credentials`.
 false
type string Defines the authentication type. The value is case-insensitive.

"Basic" is not a supported value.

Default: "Bearer"

 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].authorization.credentials

↩ Parent

Selects a key of a Secret in the namespace that contains the credentials for authentication.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].azureAd

↩ Parent

AzureAD for the URL.

It requires Prometheus >= v2.45.0.

Cannot be set at the same time as authorization, basicAuth, oauth2, or sigv4.

Name Type Description Required
cloud enum The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'.

Enum: AzureChina, AzureGovernment, AzurePublic
 false
managedIdentity object ManagedIdentity defines the Azure User-assigned Managed identity. Cannot be set at the same time as `oauth` or `sdk`.
 false
oauth object OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity` or `sdk`.

It requires Prometheus >= v2.48.0.

 false
sdk object SDK defines the Azure SDK config that is being used to authenticate. See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as oauth or managedIdentity.

It requires Prometheus >= 2.52.0.

 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].azureAd.managedIdentity

↩ Parent

ManagedIdentity defines the Azure User-assigned Managed identity. Cannot be set at the same time as oauth or sdk.

Name Type Description Required
clientId string The client id
 true

MonitoringStack.spec.prometheusConfig.remoteWrite[index].azureAd.oauth

↩ Parent

OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as managedIdentity or sdk.

It requires Prometheus >= v2.48.0.

Name Type Description Required
clientId string `clientID` is the clientId of the Azure Active Directory application that is being used to authenticate.
 true
clientSecret object `clientSecret` specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate.
 true
tenantId string `tenantId` is the tenant ID of the Azure Active Directory application that is being used to authenticate.
 true

MonitoringStack.spec.prometheusConfig.remoteWrite[index].azureAd.oauth.clientSecret

↩ Parent

clientSecret specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].azureAd.sdk

↩ Parent

SDK defines the Azure SDK config that is being used to authenticate. See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as oauth or managedIdentity.

It requires Prometheus >= 2.52.0.

Name Type Description Required
tenantId string `tenantId` is the tenant ID of the azure active directory application that is being used to authenticate.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].basicAuth

↩ Parent

BasicAuth configuration for the URL.

Cannot be set at the same time as sigv4, authorization, oauth2, or azureAd.

Name Type Description Required
password object `password` specifies a key of a Secret containing the password for authentication.
 false
username object `username` specifies a key of a Secret containing the username for authentication.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].basicAuth.password

↩ Parent

password specifies a key of a Secret containing the password for authentication.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].basicAuth.username

↩ Parent

username specifies a key of a Secret containing the username for authentication.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].metadataConfig

↩ Parent

MetadataConfig configures the sending of series metadata to the remote storage.

Name Type Description Required
send boolean Defines whether metric metadata is sent to the remote storage or not.
 false
sendInterval string Defines how frequently metric metadata is sent to the remote storage.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2

↩ Parent

OAuth2 configuration for the URL.

It requires Prometheus >= v2.27.0.

Cannot be set at the same time as sigv4, authorization, basicAuth, or azureAd.

Name Type Description Required
clientId object `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.
 true
clientSecret object `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.
 true
tokenUrl string `tokenURL` configures the URL to fetch the token from.
 true
endpointParams map[string]string `endpointParams` configures the HTTP parameters to append to the token URL.
 false
noProxy string `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

 false
proxyConnectHeader map[string][]object ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests.

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

 false
proxyFromEnvironment boolean Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).

It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.

 false
proxyUrl string proxyURL defines the HTTP proxy server to use.
 false
scopes []string scopes defines the OAuth2 scopes used for the token request.
 false
tlsConfig object TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.clientId

↩ Parent

clientId specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.

Name Type Description Required
configMap object ConfigMap containing data to use for the targets.
 false
secret object Secret containing data to use for the targets.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.clientId.configMap

↩ Parent

ConfigMap containing data to use for the targets.

Name Type Description Required
key string The key to select.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the ConfigMap or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.clientId.secret

↩ Parent

Secret containing data to use for the targets.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.clientSecret

↩ Parent

clientSecret specifies a key of a Secret containing the OAuth2 client's secret.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.proxyConnectHeader[key][index]

↩ Parent

SecretKeySelector selects a key of a Secret.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig

↩ Parent

TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0.

Name Type Description Required
ca object Certificate authority used when verifying server certificates.
 false
cert object Client certificate to present when doing client-authentication.
 false
insecureSkipVerify boolean Disable target certificate validation.
 false
keySecret object Secret containing the client key file for the targets.
 false
maxVersion enum Maximum acceptable TLS version.

It requires Prometheus >= v2.41.0.

Enum: TLS10, TLS11, TLS12, TLS13

 false
minVersion enum Minimum acceptable TLS version.

It requires Prometheus >= v2.35.0.

Enum: TLS10, TLS11, TLS12, TLS13

 false
serverName string Used to verify the hostname for the targets.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig.ca

↩ Parent

Certificate authority used when verifying server certificates.

Name Type Description Required
configMap object ConfigMap containing data to use for the targets.
 false
secret object Secret containing data to use for the targets.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig.ca.configMap

↩ Parent

ConfigMap containing data to use for the targets.

Name Type Description Required
key string The key to select.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the ConfigMap or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig.ca.secret

↩ Parent

Secret containing data to use for the targets.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig.cert

↩ Parent

Client certificate to present when doing client-authentication.

Name Type Description Required
configMap object ConfigMap containing data to use for the targets.
 false
secret object Secret containing data to use for the targets.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig.cert.configMap

↩ Parent

ConfigMap containing data to use for the targets.

Name Type Description Required
key string The key to select.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the ConfigMap or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig.cert.secret

↩ Parent

Secret containing data to use for the targets.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig.keySecret

↩ Parent

Secret containing the client key file for the targets.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].proxyConnectHeader[key][index]

↩ Parent

SecretKeySelector selects a key of a Secret.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].queueConfig

↩ Parent

QueueConfig allows tuning of the remote write queue parameters.

Name Type Description Required
batchSendDeadline string BatchSendDeadline is the maximum time a sample will wait in buffer.
 false
capacity integer Capacity is the number of samples to buffer per shard before we start dropping them.
 false
maxBackoff string MaxBackoff is the maximum retry delay.
 false
maxRetries integer MaxRetries is the maximum number of times to retry a batch on recoverable errors.
 false
maxSamplesPerSend integer MaxSamplesPerSend is the maximum number of samples per send.
 false
maxShards integer MaxShards is the maximum number of shards, i.e. amount of concurrency.
 false
minBackoff string MinBackoff is the initial retry delay. Gets doubled for every retry.
 false
minShards integer MinShards is the minimum number of shards, i.e. amount of concurrency.
 false
retryOnRateLimit boolean Retry upon receiving a 429 status code from the remote-write storage.

This is an experimental feature, it may change in any upcoming release in a breaking way.

 false
sampleAgeLimit string SampleAgeLimit drops samples older than the limit. It requires Prometheus >= v2.50.0.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].sigv4

↩ Parent

Sigv4 allows to configures AWS's Signature Verification 4 for the URL.

It requires Prometheus >= v2.26.0.

Cannot be set at the same time as authorization, basicAuth, oauth2, or azureAd.

Name Type Description Required
accessKey object AccessKey is the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used.
 false
profile string Profile is the named AWS profile used to authenticate.
 false
region string Region is the AWS region. If blank, the region from the default credentials chain used.
 false
roleArn string RoleArn is the named AWS profile used to authenticate.
 false
secretKey object SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].sigv4.accessKey

↩ Parent

AccessKey is the AWS API key. If not specified, the environment variable AWS_ACCESS_KEY_ID is used.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].sigv4.secretKey

↩ Parent

SecretKey is the AWS API secret. If not specified, the environment variable AWS_SECRET_ACCESS_KEY is used.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig

↩ Parent

TLS Config to use for the URL.

Name Type Description Required
ca object Certificate authority used when verifying server certificates.
 false
caFile string Path to the CA cert in the Prometheus container to use for the targets.
 false
cert object Client certificate to present when doing client-authentication.
 false
certFile string Path to the client cert file in the Prometheus container for the targets.
 false
insecureSkipVerify boolean Disable target certificate validation.
 false
keyFile string Path to the client key file in the Prometheus container for the targets.
 false
keySecret object Secret containing the client key file for the targets.
 false
maxVersion enum Maximum acceptable TLS version.

It requires Prometheus >= v2.41.0.

Enum: TLS10, TLS11, TLS12, TLS13

 false
minVersion enum Minimum acceptable TLS version.

It requires Prometheus >= v2.35.0.

Enum: TLS10, TLS11, TLS12, TLS13

 false
serverName string Used to verify the hostname for the targets.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig.ca

↩ Parent

Certificate authority used when verifying server certificates.

Name Type Description Required
configMap object ConfigMap containing data to use for the targets.
 false
secret object Secret containing data to use for the targets.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig.ca.configMap

↩ Parent

ConfigMap containing data to use for the targets.

Name Type Description Required
key string The key to select.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the ConfigMap or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig.ca.secret

↩ Parent

Secret containing data to use for the targets.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig.cert

↩ Parent

Client certificate to present when doing client-authentication.

Name Type Description Required
configMap object ConfigMap containing data to use for the targets.
 false
secret object Secret containing data to use for the targets.
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig.cert.configMap

↩ Parent

ConfigMap containing data to use for the targets.

Name Type Description Required
key string The key to select.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the ConfigMap or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig.cert.secret

↩ Parent

Secret containing data to use for the targets.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig.keySecret

↩ Parent

Secret containing the client key file for the targets.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

MonitoringStack.spec.prometheusConfig.remoteWrite[index].writeRelabelConfigs[index]

↩ Parent

RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples.

More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config

Name Type Description Required
action enum Action to perform based on the regex matching.

Uppercase and Lowercase actions require Prometheus >= v2.36.0. DropEqual and KeepEqual actions require Prometheus >= v2.41.0.

Default: "Replace"

Enum: replace, Replace, keep, Keep, drop, Drop, hashmod, HashMod, labelmap, LabelMap, labeldrop, LabelDrop, labelkeep, LabelKeep, lowercase, Lowercase, uppercase, Uppercase, keepequal, KeepEqual, dropequal, DropEqual
Default: replace

 false
modulus integer Modulus to take of the hash of the source label values.

Only applicable when the action is HashMod.

Format: int64

 false
regex string Regular expression against which the extracted value is matched.
 false
replacement string Replacement value against which a Replace action is performed if the regular expression matches.

Regex capture groups are available.

 false
separator string Separator is the string between concatenated SourceLabels.
 false
sourceLabels []string The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.
 false
targetLabel string Label to which the resulting string is written in a replacement.

It is mandatory for Replace, HashMod, Lowercase, Uppercase, KeepEqual and DropEqual actions.

Regex capture groups are available.

 false

MonitoringStack.spec.prometheusConfig.webTLSConfig

↩ Parent

Configure TLS options for the Prometheus web server.

Name Type Description Required
certificate object Reference to the TLS public certificate for the web server.
 true
certificateAuthority object Reference to the root Certificate Authority used to verify the web server's certificate.
 true
privateKey object Reference to the TLS private key for the web server.
 true

MonitoringStack.spec.prometheusConfig.webTLSConfig.certificate

↩ Parent

Reference to the TLS public certificate for the web server.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string The name of the secret in the object's namespace to select from.
 true

MonitoringStack.spec.prometheusConfig.webTLSConfig.certificateAuthority

↩ Parent

Reference to the root Certificate Authority used to verify the web server's certificate.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string The name of the secret in the object's namespace to select from.
 true

MonitoringStack.spec.prometheusConfig.webTLSConfig.privateKey

↩ Parent

Reference to the TLS private key for the web server.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string The name of the secret in the object's namespace to select from.
 true

MonitoringStack.spec.resourceSelector

↩ Parent

Label selector for Monitoring Stack Resources. To monitor everything, set to empty map selector. E.g. resourceSelector: {}. To disable service discovery, set to null. E.g. resourceSelector:.

Name Type Description Required
matchExpressions []object matchExpressions is a list of label selector requirements. The requirements are ANDed.
 false
matchLabels map[string]string matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false

MonitoringStack.spec.resourceSelector.matchExpressions[index]

↩ Parent

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Name Type Description Required
key string key is the label key that the selector applies to.
 true
operator string operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false

MonitoringStack.spec.resources

↩ Parent

Define resources requests and limits for Monitoring Stack Pods.

Name Type Description Required
claims []object Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.

This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.

This field is immutable. It can only be set for containers.

 false
limits map[string]int or string Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false

MonitoringStack.spec.resources.claims[index]

↩ Parent

ResourceClaim references one entry in PodSpec.ResourceClaims.

Name Type Description Required
name string Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
request string Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
 false

MonitoringStack.spec.tolerations[index]

↩ Parent

The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator .

Name Type Description Required
effect string Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
 false
key string Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
 false
operator string Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
 false
tolerationSeconds integer TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

Format: int64
 false
value string Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
 false

MonitoringStack.status

↩ Parent

MonitoringStackStatus defines the observed state of MonitoringStack. It should always be reconstructable from the state of the cluster and/or outside world.

Name Type Description Required
conditions []object Conditions provide status information about the MonitoringStack
 true

MonitoringStack.status.conditions[index]

↩ Parent

Name Type Description Required
lastTransitionTime string lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

Format: date-time
 true
message string message is a human readable message indicating details about the transition. This may be an empty string.
 true
reason string reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
 true
status enum status of the condition

Enum: True, False, Unknown, Degraded
 true
type string type of condition in CamelCase or in foo.example.com/CamelCase. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
 true
observedGeneration integer observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

Format: int64
Minimum: 0
 false

ThanosQuerier

↩ Parent

ThanosQuerier outlines the Thanos querier components, managed by this stack

Name Type Description Required
apiVersion string monitoring.rhobs/v1alpha1 true
kind string ThanosQuerier true
metadata object Refer to the Kubernetes API documentation for the fields of the `metadata` field. true
spec object ThanosQuerierSpec defines a single Thanos Querier instance. This means a label selector by which Monitoring Stack instances to query are selected, and an optional namespace selector and a list of replica labels by which to deduplicate.
 false
status object ThanosQuerierStatus defines the observed state of ThanosQuerier. It should always be reconstructable from the state of the cluster and/or outside world.
 false

ThanosQuerier.spec

↩ Parent

ThanosQuerierSpec defines a single Thanos Querier instance. This means a label selector by which Monitoring Stack instances to query are selected, and an optional namespace selector and a list of replica labels by which to deduplicate.

Name Type Description Required
selector object Selector to select Monitoring stacks to unify
 true
namespaceSelector object Selector to select which namespaces the Monitoring Stack objects are discovered from.
 false
replicaLabels []string
false
webTLSConfig object Configure TLS options for the Thanos web server.
 false

ThanosQuerier.spec.selector

↩ Parent

Selector to select Monitoring stacks to unify

Name Type Description Required
matchExpressions []object matchExpressions is a list of label selector requirements. The requirements are ANDed.
 false
matchLabels map[string]string matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
 false

ThanosQuerier.spec.selector.matchExpressions[index]

↩ Parent

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Name Type Description Required
key string key is the label key that the selector applies to.
 true
operator string operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
 true
values []string values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
 false

ThanosQuerier.spec.namespaceSelector

↩ Parent

Selector to select which namespaces the Monitoring Stack objects are discovered from.

Name Type Description Required
any boolean Boolean describing whether all namespaces are selected in contrast to a list restricting them.
 false
matchNames []string List of namespace names.
 false

ThanosQuerier.spec.webTLSConfig

↩ Parent

Configure TLS options for the Thanos web server.

Name Type Description Required
certificate object Reference to the TLS public certificate for the web server.
 true
certificateAuthority object Reference to the root Certificate Authority used to verify the web server's certificate.
 true
privateKey object Reference to the TLS private key for the web server.
 true

ThanosQuerier.spec.webTLSConfig.certificate

↩ Parent

Reference to the TLS public certificate for the web server.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string The name of the secret in the object's namespace to select from.
 true

ThanosQuerier.spec.webTLSConfig.certificateAuthority

↩ Parent

Reference to the root Certificate Authority used to verify the web server's certificate.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string The name of the secret in the object's namespace to select from.
 true

ThanosQuerier.spec.webTLSConfig.privateKey

↩ Parent

Reference to the TLS private key for the web server.

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string The name of the secret in the object's namespace to select from.
 true

observability.openshift.io/v1alpha1

Resource Types:

UIPlugin

↩ Parent

UIPlugin defines an observability console plugin.

Name Type Description Required
apiVersion string observability.openshift.io/v1alpha1 true
kind string UIPlugin true
metadata object Refer to the Kubernetes API documentation for the fields of the `metadata` field. true
spec object UIPluginSpec is the specification for desired state of UIPlugin.
 false
status object UIPluginStatus defines the observed state of UIPlugin. It should always be reconstructable from the state of the cluster and/or outside world.
 false

UIPlugin.spec

↩ Parent

UIPluginSpec is the specification for desired state of UIPlugin.

Name Type Description Required
type enum Type defines the UI plugin.

Enum: Dashboards, TroubleshootingPanel, DistributedTracing, Logging, Monitoring
 true
deployment object Deployment allows customizing aspects of the generated deployment hosting the UI Plugin.
 false
distributedTracing object DistributedTracing contains configuration for the distributed tracing console plugin.
 false
logging object Logging contains configuration for the logging console plugin.

It only applies to UIPlugin Type: Logging.

 false
monitoring object Monitoring contains configuration for the monitoring console plugin.
 false
troubleshootingPanel object TroubleshootingPanel contains configuration for the troubleshooting console plugin.
 false

UIPlugin.spec.deployment

↩ Parent

Deployment allows customizing aspects of the generated deployment hosting the UI Plugin.

Name Type Description Required
nodeSelector map[string]string Define a label-selector for nodes which the Pods should be scheduled on.

When no selector is specified it will default to a value only selecting Linux nodes ("kubernetes.io/os=linux").

 false
tolerations []object Define the tolerations used for the deployment.
 false

UIPlugin.spec.deployment.tolerations[index]

↩ Parent

The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator .

Name Type Description Required
effect string Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
 false
key string Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
 false
operator string Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
 false
tolerationSeconds integer TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

Format: int64
 false
value string Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
 false

UIPlugin.spec.distributedTracing

↩ Parent

DistributedTracing contains configuration for the distributed tracing console plugin.

Name Type Description Required
timeout string Timeout is the maximum duration before a query timeout.

The value is expected to be a sequence of digits followed by a unit suffix, which can be 's' (seconds) or 'm' (minutes).

 false

UIPlugin.spec.logging

↩ Parent

Logging contains configuration for the logging console plugin.

It only applies to UIPlugin Type: Logging.

Name Type Description Required
logsLimit integer LogsLimit is the max number of entries returned for a query.

Format: int32
Minimum: 0
 false
lokiStack object LokiStack points to the LokiStack instance of which logs should be displayed. It always references a LokiStack in the "openshift-logging" namespace.
 false
timeout string Timeout is the maximum duration before a query timeout.

The value is expected to be a sequence of digits followed by an optional unit suffix, which can be 's' (seconds) or 'm' (minutes). If the unit is omitted, it defaults to seconds.

 false

UIPlugin.spec.logging.lokiStack

↩ Parent

LokiStack points to the LokiStack instance of which logs should be displayed. It always references a LokiStack in the "openshift-logging" namespace.

Name Type Description Required
name string Name of the LokiStack resource.
 false
namespace string
false

UIPlugin.spec.monitoring

↩ Parent

Monitoring contains configuration for the monitoring console plugin.

Name Type Description Required
acm object ACM points to the alertmanager and thanosQuerier instance services of which it should create a proxy to.
 false
incidents object Incidents feature flag enablement
 false
perses object Perses points to the perses instance service of which it should create a proxy to.
 false

UIPlugin.spec.monitoring.acm

↩ Parent

ACM points to the alertmanager and thanosQuerier instance services of which it should create a proxy to.

Name Type Description Required
alertmanager object Alertmanager points to the alertmanager instance of which it should create a proxy to.
 true
enabled boolean Indicates if ACM-related feature(s) should be enabled
 true
thanosQuerier object ThanosQuerier points to the thanos-querier service of which it should create a proxy to.
 true

UIPlugin.spec.monitoring.acm.alertmanager

↩ Parent

Alertmanager points to the alertmanager instance of which it should create a proxy to.

Name Type Description Required
url string Url of the Alertmanager to proxy to.
 true

UIPlugin.spec.monitoring.acm.thanosQuerier

↩ Parent

ThanosQuerier points to the thanos-querier service of which it should create a proxy to.

Name Type Description Required
url string Url of the ThanosQuerier to proxy to.
 true

UIPlugin.spec.monitoring.incidents

↩ Parent

Incidents feature flag enablement

Name Type Description Required
enabled boolean Indicates if incidents-related feature(s) should be enabled.
 true

UIPlugin.spec.monitoring.perses

↩ Parent

Perses points to the perses instance service of which it should create a proxy to.

Name Type Description Required
enabled boolean Indicates if perses-related feature(s) should be enabled
 true

UIPlugin.spec.troubleshootingPanel

↩ Parent

TroubleshootingPanel contains configuration for the troubleshooting console plugin.

Name Type Description Required
timeout string Timeout is the maximum duration before a query timeout.

The value is expected to be a sequence of digits followed by a unit suffix, which can be 's' (seconds) or 'm' (minutes).

 false

UIPlugin.status

↩ Parent

UIPluginStatus defines the observed state of UIPlugin. It should always be reconstructable from the state of the cluster and/or outside world.

Name Type Description Required
conditions []object Conditions provide status information about the plugin.
 true

UIPlugin.status.conditions[index]

↩ Parent

Name Type Description Required
lastTransitionTime string lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

Format: date-time
 true
message string message is a human readable message indicating details about the transition. This may be an empty string.
 true
reason string reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
 true
status enum status of the condition

Enum: True, False, Unknown, Degraded
 true
type string type of condition in CamelCase or in foo.example.com/CamelCase. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
 true
observedGeneration integer observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

Format: int64
Minimum: 0
 false