From f02a735a4788ac0659bb1d11994cf5237128c77a Mon Sep 17 00:00:00 2001 From: Simon Beck Date: Tue, 16 Jan 2024 16:04:02 +0100 Subject: [PATCH 1/6] Extend API Bootstrapper --- Makefile | 8 +++++--- hack/bootstrap/template/api.txt | 12 ++++++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index a6845966ee..18cab415be 100644 --- a/Makefile +++ b/Makefile @@ -191,7 +191,9 @@ get-crds: ./hack/get_crds.sh https://github.com/vshn/provider-minio provider-minio apis/minio/v1 apis/minio ./hack/get_crds.sh https://github.com/crossplane-contrib/provider-helm provider-helm apis/release apis/helm -# API bootstrapping -.PHONY: bootstrap -bootstrap: +.PHONY: api-bootstrap +api-bootstrap: go run ./hack/bootstrap/template.go ${API_FILE} + +.PHONY: bootstrap +bootstrap: api-bootstrap generate ## API bootstrapping, create a new claim/composite API ready to be used diff --git a/hack/bootstrap/template/api.txt b/hack/bootstrap/template/api.txt index b80dbd87a8..4beb3fd5ff 100644 --- a/hack/bootstrap/template/api.txt +++ b/hack/bootstrap/template/api.txt @@ -1,6 +1,8 @@ package v1 import ( + "fmt" + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" v1 "github.com/vshn/appcat/v4/apis/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -232,6 +234,16 @@ func (v *{{.Name}}) SetBackupSchedule(schedule string) { v.Status.Schedules.Backup = schedule } +// GetBackupRetention returns the retention definition for this backup. +func (v *{{.Name}}) GetBackupRetention() K8upRetentionPolicy { + return v.Spec.Parameters.Backup.Retention +} + +// GetServiceName returns the name of this service +func (v *{{.Name}}) GetServiceName() string { + return "{{.NameShort}}" +} + // GetFullMaintenanceSchedule returns func (v *{{.Name}}) GetFullMaintenanceSchedule() VSHNDBaaSMaintenanceScheduleSpec { schedule := v.Spec.Parameters.Maintenance From 720bcbe09c51d94796951d5e44df0af02220ed61 Mon Sep 17 00:00:00 2001 From: Simon Beck Date: Wed, 17 Jan 2024 14:41:42 +0100 Subject: [PATCH 2/6] Improve logging metadata --- pkg/comp-functions/runtime/function_mgr.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/pkg/comp-functions/runtime/function_mgr.go b/pkg/comp-functions/runtime/function_mgr.go index db9317f622..c642b87ed2 100644 --- a/pkg/comp-functions/runtime/function_mgr.go +++ b/pkg/comp-functions/runtime/function_mgr.go @@ -26,6 +26,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" + controllerruntime "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -130,6 +131,8 @@ func (m Manager) RunFunction(ctx context.Context, req *fnv1beta1.RunFunctionRequ return errResp, err } + ctx = controllerruntime.LoggerInto(ctx, sr.Log) + for _, step := range function.Steps { m.log.Info("Running step", "name", step.Name) @@ -222,6 +225,16 @@ func NewServiceRuntime(l logr.Logger, config corev1.ConfigMap, req *fnv1beta1.Ru return &ServiceRuntime{}, err } + l = l.WithValues( + "resource", comp.Resource.GetName(), + ) + + if comp.Resource.GetClaimReference() != nil { + l = l.WithValues( + "claimNamespace", comp.Resource.GetClaimReference().Namespace, + "claimName", comp.Resource.GetClaimReference().Name) + } + return &ServiceRuntime{ Log: l, Config: config, From e5f040545d2c0ab4d078e5231a97d1cfc3435835 Mon Sep 17 00:00:00 2001 From: Simon Beck Date: Wed, 17 Jan 2024 11:01:21 +0100 Subject: [PATCH 3/6] Add Keycloak provisioning With this commit it's now possible to provision a fairly default Keycloak instance backed by our PostgreSQL implementation. --- Makefile | 6 + apis/stackgres/v1/groupversion_info.go | 2 + apis/stackgres/v1/sgpoolconfigs.go | 28 + apis/stackgres/v1/sgpoolconfigs.yaml | 75 + apis/stackgres/v1/sgpoolconfigs_types.go | 50 + apis/stackgres/v1/zz_generated.deepcopy.go | 155 +- apis/vshn/v1/dbaas_vshn_keycloak.go | 256 + apis/vshn/v1/dbaas_vshn_postgresql.go | 8 + apis/vshn/v1/groupversion_info.go | 4 + apis/vshn/v1/zz_generated.deepcopy.go | 320 + apis/vshn/v1/zz_generated.managed.go | 60 + apis/vshn/v1/zz_generated.managedlist.go | 9 + cmd/functions.go | 1 + crds/stackgres.io_sgpoolingconfigs.yaml | 117 + crds/vshn.appcat.vshn.io_vshnkeycloaks.yaml | 4017 ++++++++++ crds/vshn.appcat.vshn.io_vshnpostgresqls.yaml | 16 + crds/vshn.appcat.vshn.io_xvshnkeycloaks.yaml | 6455 +++++++++++++++++ .../vshn.appcat.vshn.io_xvshnpostgresqls.yaml | 29 + go.mod | 2 +- .../functions/common/alerting.go | 14 +- .../functions/common/instance_namespace.go | 9 - .../functions/common/interfaces.go | 13 +- .../functions/common/mailgun_alerting.go | 14 +- .../common/maintenance/maintenance.go | 12 +- pkg/comp-functions/functions/common/netpol.go | 3 +- .../functions/common/password.go | 20 +- pkg/comp-functions/functions/common/rbac.go | 4 +- .../functions/common/release.go | 81 + .../functions/common/resources.go | 18 +- .../functions/vshnkeycloak/deploy.go | 297 + .../functions/vshnkeycloak/register.go | 15 + .../functions/vshnmariadb/mariadb_deploy.go | 114 +- .../vshnpostgres/pg_bouncer_settings.go | 57 + .../functions/vshnpostgres/register.go | 4 + pkg/comp-functions/runtime/function_mgr.go | 131 +- 35 files changed, 12279 insertions(+), 137 deletions(-) create mode 100644 apis/stackgres/v1/sgpoolconfigs.go create mode 100644 apis/stackgres/v1/sgpoolconfigs.yaml create mode 100644 apis/stackgres/v1/sgpoolconfigs_types.go create mode 100644 apis/vshn/v1/dbaas_vshn_keycloak.go create mode 100644 crds/stackgres.io_sgpoolingconfigs.yaml create mode 100644 crds/vshn.appcat.vshn.io_vshnkeycloaks.yaml create mode 100644 crds/vshn.appcat.vshn.io_xvshnkeycloaks.yaml create mode 100644 pkg/comp-functions/functions/vshnkeycloak/deploy.go create mode 100644 pkg/comp-functions/functions/vshnkeycloak/register.go create mode 100644 pkg/comp-functions/functions/vshnpostgres/pg_bouncer_settings.go diff --git a/Makefile b/Makefile index 18cab415be..4399eccc9d 100644 --- a/Makefile +++ b/Makefile @@ -91,6 +91,12 @@ generate-stackgres-crds: go run github.com/deepmap/oapi-codegen/cmd/oapi-codegen --package=v1 -generate=types -o apis/stackgres/v1/sgcluster.gen.go apis/stackgres/v1/sgcluster.yaml perl -i -0pe 's/\*struct\s\{\n\s\sAdditionalProperties\smap\[string\]string\s`json:"-"`\n\s}/map\[string\]string/gms' apis/stackgres/v1/sgcluster.gen.go + # curl ${STACKGRES_CRD_URL}/SGPoolingConfig.yaml?inline=false -o apis/stackgres/v1/sgpoolconfigs_crd.yaml + # yq -i e apis/stackgres/v1/sgpoolconfigs.yaml --expression ".components.schemas.SGPoolingConfigSpec=load(\"apis/stackgres/v1/sgpoolconfigs_crd.yaml\").spec.versions[0].schema.openAPIV3Schema.properties.spec" + # yq -i e apis/stackgres/v1/sgpoolconfigs.yaml --expression ".components.schemas.SGPoolingConfigStatus=load(\"apis/stackgres/v1/sgpoolconfigs_crd.yaml\").spec.versions[0].schema.openAPIV3Schema.properties.status" + # go run github.com/deepmap/oapi-codegen/cmd/oapi-codegen --package=v1 -generate=types -o apis/stackgres/v1/sgpoolconfigs.gen.go apis/stackgres/v1/sgpoolconfigs.yaml + # perl -i -0pe 's/\*struct\s\{\n\s\sAdditionalProperties\smap\[string\]string\s`json:"-"`\n\s}/map\[string\]string/gms' apis/stackgres/v1/sgpoolconfigs.gen.go + go run sigs.k8s.io/controller-tools/cmd/controller-gen object paths=./apis/stackgres/v1/... rm apis/stackgres/v1/*_crd.yaml diff --git a/apis/stackgres/v1/groupversion_info.go b/apis/stackgres/v1/groupversion_info.go index bb42147f0b..5af3b7f5eb 100644 --- a/apis/stackgres/v1/groupversion_info.go +++ b/apis/stackgres/v1/groupversion_info.go @@ -28,5 +28,7 @@ func init() { &SGClusterList{}, &SGPostgresConfig{}, &SGPostgesConfigList{}, + &SGPoolingConfigList{}, + &SGPoolingConfig{}, ) } diff --git a/apis/stackgres/v1/sgpoolconfigs.go b/apis/stackgres/v1/sgpoolconfigs.go new file mode 100644 index 0000000000..452e2af34a --- /dev/null +++ b/apis/stackgres/v1/sgpoolconfigs.go @@ -0,0 +1,28 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +kubebuilder:object:root=true + +// SGPoolingConfig is the API for creating pgbouncer configs clusters. +type SGPoolingConfig struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec defines the desired state of a VSHNPostgreSQL. + Spec SGPoolingConfigSpec `json:"spec"` + + // Status reflects the observed state of a VSHNPostgreSQL. + Status SGPoolingConfigStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +type SGPoolingConfigList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []SGPoolingConfig `json:"items"` +} diff --git a/apis/stackgres/v1/sgpoolconfigs.yaml b/apis/stackgres/v1/sgpoolconfigs.yaml new file mode 100644 index 0000000000..22543f05a8 --- /dev/null +++ b/apis/stackgres/v1/sgpoolconfigs.yaml @@ -0,0 +1,75 @@ +openapi: "3.0.2" +paths: + "/spec": + get: + responses: + "200": + content: + "application/json": + schema: + "$ref": "#/components/schemas/SGPoolingConfigSpec" + "/status": + get: + responses: + "200": + content: + "application/json": + schema: + "$ref": "#/components/schemas/SGPoolingConfigStatus" +components: + schemas: + SGPoolingConfigSpec: + type: object + properties: + pgBouncer: + type: object + description: | + Connection pooling configuration based on PgBouncer. + properties: + pgbouncer.ini: + type: object + description: | + The `pgbouncer.ini` parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. + + Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#generic-settings) for more information about supported parameters. + properties: + pgbouncer: + type: object + additionalProperties: true + description: | + The `pgbouncer.ini` (Section [pgbouncer]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. + + Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#generic-settings) for more information about supported parameters + databases: + type: object + additionalProperties: + type: object + additionalProperties: true + description: | + The `pgbouncer.ini` (Section [databases]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. + + Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-databases) for more information about supported parameters. + users: + type: object + additionalProperties: + type: object + additionalProperties: true + description: | + The `pgbouncer.ini` (Section [users]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. + + Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-users) for more information about supported parameters. + SGPoolingConfigStatus: + type: object + properties: + pgBouncer: + type: object + description: | + Connection pooling configuration status based on PgBouncer. + properties: + defaultParameters: + type: object + additionalProperties: + type: string + description: | + The `pgbouncer.ini` default parameters parameters which are used if not set. + required: ["defaultParameters"] diff --git a/apis/stackgres/v1/sgpoolconfigs_types.go b/apis/stackgres/v1/sgpoolconfigs_types.go new file mode 100644 index 0000000000..e3b9d25da3 --- /dev/null +++ b/apis/stackgres/v1/sgpoolconfigs_types.go @@ -0,0 +1,50 @@ +// Package v1 provides primitives to interact with the openapi HTTP API. +// +// Code generated by github.com/deepmap/oapi-codegen version v0.0.0-00010101000000-000000000000 DO NOT EDIT. +package v1 + +import "k8s.io/apimachinery/pkg/runtime" + +// SGPoolingConfigSpec defines model for SGPoolingConfigSpec. +type SGPoolingConfigSpec struct { + // Connection pooling configuration based on PgBouncer. + PgBouncer *SGPoolingConfigSpecPgBouncer `json:"pgBouncer,omitempty"` +} + +// SGPoolingConfigSpecPgBouncer defines model for SGPoolingConfigSpecPgBouncer. +type SGPoolingConfigSpecPgBouncer struct { + // The `pgbouncer.ini` parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. + // + // Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#generic-settings) for more information about supported parameters. + PgbouncerIni *SGPoolingConfigSpecPgBouncerPgbouncerIni `json:"pgbouncer.ini,omitempty"` +} + +// SGPoolingConfigSpecPgBouncerPgbouncerIni defines model for SGPoolingConfigSpecPgBouncerPgbouncerIni. +type SGPoolingConfigSpecPgBouncerPgbouncerIni struct { + // The `pgbouncer.ini` (Section [databases]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. + // + // Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-databases) for more information about supported parameters. + Databases runtime.RawExtension `json:"databases,omitempty"` + + // The `pgbouncer.ini` (Section [pgbouncer]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. + // + // Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#generic-settings) for more information about supported parameters + Pgbouncer runtime.RawExtension `json:"pgbouncer,omitempty"` + + // The `pgbouncer.ini` (Section [users]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. + // + // Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-users) for more information about supported parameters. + Users runtime.RawExtension `json:"users,omitempty"` +} + +// SGPoolingConfigStatus defines model for SGPoolingConfigStatus. +type SGPoolingConfigStatus struct { + // Connection pooling configuration status based on PgBouncer. + PgBouncer *SGPoolingConfigStatusPgBouncer `json:"pgBouncer,omitempty"` +} + +// SGPoolingConfigStatusPgBouncer defines model for SGPoolingConfigStatusPgBouncer. +type SGPoolingConfigStatusPgBouncer struct { + // The `pgbouncer.ini` default parameters parameters which are used if not set. + DefaultParameters SGPoolingConfigSpecPgBouncerPgbouncerIni `json:"defaultParameters"` +} diff --git a/apis/stackgres/v1/zz_generated.deepcopy.go b/apis/stackgres/v1/zz_generated.deepcopy.go index d8404d1217..24fda188ab 100644 --- a/apis/stackgres/v1/zz_generated.deepcopy.go +++ b/apis/stackgres/v1/zz_generated.deepcopy.go @@ -5,7 +5,7 @@ package v1 import ( - runtime "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. @@ -9903,6 +9903,159 @@ func (in *SGDbOpsStatusSecurityUpgrade) DeepCopy() *SGDbOpsStatusSecurityUpgrade return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SGPoolingConfig) DeepCopyInto(out *SGPoolingConfig) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SGPoolingConfig. +func (in *SGPoolingConfig) DeepCopy() *SGPoolingConfig { + if in == nil { + return nil + } + out := new(SGPoolingConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SGPoolingConfig) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SGPoolingConfigList) DeepCopyInto(out *SGPoolingConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]SGPoolingConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SGPoolingConfigList. +func (in *SGPoolingConfigList) DeepCopy() *SGPoolingConfigList { + if in == nil { + return nil + } + out := new(SGPoolingConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SGPoolingConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SGPoolingConfigSpec) DeepCopyInto(out *SGPoolingConfigSpec) { + *out = *in + if in.PgBouncer != nil { + in, out := &in.PgBouncer, &out.PgBouncer + *out = new(SGPoolingConfigSpecPgBouncer) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SGPoolingConfigSpec. +func (in *SGPoolingConfigSpec) DeepCopy() *SGPoolingConfigSpec { + if in == nil { + return nil + } + out := new(SGPoolingConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SGPoolingConfigSpecPgBouncer) DeepCopyInto(out *SGPoolingConfigSpecPgBouncer) { + *out = *in + if in.PgbouncerIni != nil { + in, out := &in.PgbouncerIni, &out.PgbouncerIni + *out = new(SGPoolingConfigSpecPgBouncerPgbouncerIni) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SGPoolingConfigSpecPgBouncer. +func (in *SGPoolingConfigSpecPgBouncer) DeepCopy() *SGPoolingConfigSpecPgBouncer { + if in == nil { + return nil + } + out := new(SGPoolingConfigSpecPgBouncer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SGPoolingConfigSpecPgBouncerPgbouncerIni) DeepCopyInto(out *SGPoolingConfigSpecPgBouncerPgbouncerIni) { + *out = *in + in.Databases.DeepCopyInto(&out.Databases) + in.Pgbouncer.DeepCopyInto(&out.Pgbouncer) + in.Users.DeepCopyInto(&out.Users) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SGPoolingConfigSpecPgBouncerPgbouncerIni. +func (in *SGPoolingConfigSpecPgBouncerPgbouncerIni) DeepCopy() *SGPoolingConfigSpecPgBouncerPgbouncerIni { + if in == nil { + return nil + } + out := new(SGPoolingConfigSpecPgBouncerPgbouncerIni) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SGPoolingConfigStatus) DeepCopyInto(out *SGPoolingConfigStatus) { + *out = *in + if in.PgBouncer != nil { + in, out := &in.PgBouncer, &out.PgBouncer + *out = new(SGPoolingConfigStatusPgBouncer) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SGPoolingConfigStatus. +func (in *SGPoolingConfigStatus) DeepCopy() *SGPoolingConfigStatus { + if in == nil { + return nil + } + out := new(SGPoolingConfigStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SGPoolingConfigStatusPgBouncer) DeepCopyInto(out *SGPoolingConfigStatusPgBouncer) { + *out = *in + in.DefaultParameters.DeepCopyInto(&out.DefaultParameters) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SGPoolingConfigStatusPgBouncer. +func (in *SGPoolingConfigStatusPgBouncer) DeepCopy() *SGPoolingConfigStatusPgBouncer { + if in == nil { + return nil + } + out := new(SGPoolingConfigStatusPgBouncer) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SGPostgesConfigList) DeepCopyInto(out *SGPostgesConfigList) { *out = *in diff --git a/apis/vshn/v1/dbaas_vshn_keycloak.go b/apis/vshn/v1/dbaas_vshn_keycloak.go new file mode 100644 index 0000000000..c485d4c221 --- /dev/null +++ b/apis/vshn/v1/dbaas_vshn_keycloak.go @@ -0,0 +1,256 @@ +package v1 + +import ( + "fmt" + + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + v1 "github.com/vshn/appcat/v4/apis/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// Workaround to make nested defaulting work. +// kubebuilder is unable to set a {} default +//go:generate yq -i e ../../generated/vshn.appcat.vshn.io_vshnkeycloaks.yaml --expression "with(.spec.versions[]; .schema.openAPIV3Schema.properties.spec.properties.parameters.default={})" +//go:generate yq -i e ../../generated/vshn.appcat.vshn.io_vshnkeycloaks.yaml --expression "with(.spec.versions[]; .schema.openAPIV3Schema.properties.spec.properties.parameters.properties.size.default={})" +//go:generate yq -i e ../../generated/vshn.appcat.vshn.io_vshnkeycloaks.yaml --expression "with(.spec.versions[]; .schema.openAPIV3Schema.properties.spec.properties.parameters.properties.service.default={})" +//go:generate yq -i e ../../generated/vshn.appcat.vshn.io_vshnkeycloaks.yaml --expression "with(.spec.versions[]; .schema.openAPIV3Schema.properties.spec.properties.parameters.properties.service.properties.postgreSQLParameters.default={})" +//go:generate yq -i e ../../generated/vshn.appcat.vshn.io_vshnkeycloaks.yaml --expression "with(.spec.versions[]; .schema.openAPIV3Schema.properties.spec.properties.parameters.properties.tls.default={})" +//go:generate yq -i e ../../generated/vshn.appcat.vshn.io_vshnkeycloaks.yaml --expression "with(.spec.versions[]; .schema.openAPIV3Schema.properties.spec.properties.parameters.properties.backup.default={})" + +// +kubebuilder:object:root=true + +// VSHNKeycloak is the API for creating keycloak instances. +type VSHNKeycloak struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec defines the desired state of a VSHNKeycloak. + Spec VSHNKeycloakSpec `json:"spec"` + + // Status reflects the observed state of a VSHNKeycloak. + Status VSHNKeycloakStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:generate=true +// +kubebuilder:object:root=true +type VSHNKeycloakList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []VSHNKeycloak `json:"items,omitempty"` +} + +// VSHNKeycloakSpec defines the desired state of a VSHNKeycloak. +type VSHNKeycloakSpec struct { + // Parameters are the configurable fields of a VSHNKeycloak. + Parameters VSHNKeycloakParameters `json:"parameters,omitempty"` + + // WriteConnectionSecretToRef references a secret to which the connection details will be written. + WriteConnectionSecretToRef v1.LocalObjectReference `json:"writeConnectionSecretToRef,omitempty"` +} + +// VSHNKeycloakParameters are the configurable fields of a VSHNKeycloak. +type VSHNKeycloakParameters struct { + // Service contains keycloak DBaaS specific properties + Service VSHNKeycloakServiceSpec `json:"service,omitempty"` + + // Size contains settings to control the sizing of a service. + Size VSHNSizeSpec `json:"size,omitempty"` + + // Scheduling contains settings to control the scheduling of an instance. + Scheduling VSHNDBaaSSchedulingSpec `json:"scheduling,omitempty"` + + // TLS contains settings to control tls traffic of a service. + TLS VSHNKeycloakTLSSpec `json:"tls,omitempty"` + + // Backup contains settings to control how the instance should get backed up. + Backup K8upBackupSpec `json:"backup,omitempty"` + + // Restore contains settings to control the restore of an instance. + Restore K8upRestoreSpec `json:"restore,omitempty"` + + // Maintenance contains settings to control the maintenance of an instance. + Maintenance VSHNDBaaSMaintenanceScheduleSpec `json:"maintenance,omitempty"` +} + +// VSHNKeycloakServiceSpec contains keycloak DBaaS specific properties +type VSHNKeycloakServiceSpec struct { + // FQDN contains the FQDN which will be used for the ingress. + // If it's not set, no ingress will be deployed. + // This also enables strict hostname checking for this FQDN. + FQDN string `json:"fqdn,omitempty"` + + // RelativePath on which Keycloak will listen. + // +kubebuilder:default="/" + RelativePath string `json:"relativePath,omitempty"` + + // +kubebuilder:validation:Enum="23" + // +kubebuilder:default="23" + + // Version contains supported version of keycloak. + // Multiple versions are supported. The latest version 22 is the default version. + Version string `json:"version,omitempty"` + + // +kubebuilder:validation:Enum="besteffort";"guaranteed" + // +kubebuilder:default="besteffort" + + // ServiceLevel defines the service level of this service. Either Best Effort or Guaranteed Availability is allowed. + ServiceLevel VSHNDBaaSServiceLevel `json:"serviceLevel,omitempty"` + + // PostgreSQLParameters can be used to set any supported setting in the + // underlying PostgreSQL instance. + PostgreSQLParameters *VSHNPostgreSQLParameters `json:"postgreSQLParameters,omitempty"` +} + +// VSHNKeycloakSettings contains Keycloak specific settings. +type VSHNKeycloakSettings struct{} + +// VSHNKeycloakSizeSpec contains settings to control the sizing of a service. +type VSHNKeycloakSizeSpec struct { + + // CPURequests defines the requests amount of Kubernetes CPUs for an instance. + CPURequests string `json:"cpuRequests,omitempty"` + + // CPULimits defines the limits amount of Kubernetes CPUs for an instance. + CPULimits string `json:"cpuLimits,omitempty"` + + // MemoryRequests defines the requests amount of memory in units of bytes for an instance. + MemoryRequests string `json:"memoryRequests,omitempty"` + + // MemoryLimits defines the limits amount of memory in units of bytes for an instance. + MemoryLimits string `json:"memoryLimits,omitempty"` + + // Disk defines the amount of disk space for an instance. + Disk string `json:"disk,omitempty"` + + // Plan is the name of the resource plan that defines the compute resources. + Plan string `json:"plan,omitempty"` +} + +// VSHNKeycloakTLSSpec contains settings to control tls traffic of a service. +type VSHNKeycloakTLSSpec struct { + // +kubebuilder:default=true + + // TLSEnabled enables TLS traffic for the service + TLSEnabled bool `json:"enabled,omitempty"` + + // +kubebuilder:default=true + // TLSAuthClients enables client authentication requirement + TLSAuthClients bool `json:"authClients,omitempty"` +} + +// VSHNKeycloakStatus reflects the observed state of a VSHNKeycloak. +type VSHNKeycloakStatus struct { + NamespaceConditions []v1.Condition `json:"namespaceConditions,omitempty"` + SelfSignedIssuerConditions []v1.Condition `json:"selfSignedIssuerConditions,omitempty"` + LocalCAConditions []v1.Condition `json:"localCAConditions,omitempty"` + CaCertificateConditions []v1.Condition `json:"caCertificateConditions,omitempty"` + ServerCertificateConditions []v1.Condition `json:"serverCertificateConditions,omitempty"` + ClientCertificateConditions []v1.Condition `json:"clientCertificateConditions,omitempty"` + // InstanceNamespace contains the name of the namespace where the instance resides + InstanceNamespace string `json:"instanceNamespace,omitempty"` + // Schedules keeps track of random generated schedules, is overwriten by + // schedules set in the service's spec. + Schedules VSHNScheduleStatus `json:"schedules,omitempty"` +} + +func (v *VSHNKeycloak) GetClaimNamespace() string { + return v.GetLabels()["crossplane.io/claim-namespace"] +} + +func (v *VSHNKeycloak) GetInstanceNamespace() string { + return fmt.Sprintf("vshn-keycloak-%s", v.GetName()) +} + +// +kubebuilder:object:generate=true +// +kubebuilder:object:root=true + +// XVSHNKeycloak represents the internal composite of this claim +type XVSHNKeycloak struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec XVSHNKeycloakSpec `json:"spec"` + Status XVSHNKeycloakStatus `json:"status,omitempty"` +} + +// XVSHNKeycloakSpec defines the desired state of a VSHNKeycloak. +type XVSHNKeycloakSpec struct { + // Parameters are the configurable fields of a VSHNKeycloak. + Parameters VSHNKeycloakParameters `json:"parameters,omitempty"` + + xpv1.ResourceSpec `json:",inline"` +} + +type XVSHNKeycloakStatus struct { + VSHNKeycloakStatus `json:",inline"` + xpv1.ResourceStatus `json:",inline"` +} + +// +kubebuilder:object:generate=true +// +kubebuilder:object:root=true + +// XVSHNKeycloakList represents a list of composites +type XVSHNKeycloakList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []XVSHNKeycloak `json:"items"` +} + +// GetMaintenanceDayOfWeek returns the currently set day of week +func (n *VSHNKeycloak) GetMaintenanceDayOfWeek() string { + if n.Spec.Parameters.Maintenance.DayOfWeek != "" { + return n.Spec.Parameters.Maintenance.DayOfWeek + } + return n.Status.Schedules.Maintenance.DayOfWeek +} + +// GetMaintenanceTimeOfDay returns the currently set time of day +func (v *VSHNKeycloak) GetMaintenanceTimeOfDay() string { + if v.Spec.Parameters.Maintenance.TimeOfDay != "" { + return v.Spec.Parameters.Maintenance.TimeOfDay + } + return v.Status.Schedules.Maintenance.TimeOfDay +} + +// SetMaintenanceDayOfWeek sets the day of week to the given value +func (v *VSHNKeycloak) SetMaintenanceDayOfWeek(dow string) { + v.Status.Schedules.Maintenance.DayOfWeek = dow +} + +// SetMaintenanceTimeOfDay sets the time of day to the given value +func (v *VSHNKeycloak) SetMaintenanceTimeOfDay(tod string) { + v.Status.Schedules.Maintenance.TimeOfDay = tod +} + +// GetBackupSchedule returns the current backup schedule +func (v *VSHNKeycloak) GetBackupSchedule() string { + if v.Spec.Parameters.Backup.Schedule != "" { + return v.Spec.Parameters.Backup.Schedule + } + return v.Status.Schedules.Backup +} + +// SetBackupSchedule overwrites the current backup schedule +func (v *VSHNKeycloak) SetBackupSchedule(schedule string) { + v.Status.Schedules.Backup = schedule +} + +// GetBackupRetention returns the retention definition for this backup. +func (v *VSHNKeycloak) GetBackupRetention() K8upRetentionPolicy { + return v.Spec.Parameters.Backup.Retention +} + +// GetServiceName returns the name of this service +func (v *VSHNKeycloak) GetServiceName() string { + return "keycloak" +} + +// GetFullMaintenanceSchedule returns +func (v *VSHNKeycloak) GetFullMaintenanceSchedule() VSHNDBaaSMaintenanceScheduleSpec { + schedule := v.Spec.Parameters.Maintenance + schedule.DayOfWeek = v.GetMaintenanceDayOfWeek() + schedule.TimeOfDay = v.GetMaintenanceTimeOfDay() + return schedule +} diff --git a/apis/vshn/v1/dbaas_vshn_postgresql.go b/apis/vshn/v1/dbaas_vshn_postgresql.go index a27d2589ff..122bc366ea 100644 --- a/apis/vshn/v1/dbaas_vshn_postgresql.go +++ b/apis/vshn/v1/dbaas_vshn_postgresql.go @@ -4,6 +4,7 @@ import ( "fmt" xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + sgv1 "github.com/vshn/appcat/v4/apis/stackgres/v1" v1 "github.com/vshn/appcat/v4/apis/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -140,6 +141,9 @@ type VSHNPostgreSQLServiceSpec struct { // ServiceLevel defines the service level of this service. Either Best Effort or Guaranteed Availability is allowed. ServiceLevel VSHNDBaaSServiceLevel `json:"serviceLevel,omitempty"` + + // PgBouncerSettings passes additional configuration to the pgBouncer instance. + PgBouncerSettings *sgv1.SGPoolingConfigSpecPgBouncerPgbouncerIni `json:"pgBouncerSettings,omitempty"` } // VSHNDBaaSPostgresExtension contains the name of a single extension. @@ -327,3 +331,7 @@ type XVSHNPostgreSQLList struct { func (pg *VSHNPostgreSQL) GetInstanceNamespace() string { return fmt.Sprintf("vshn-postgresql-%s", pg.GetName()) } + +func (pg *XVSHNPostgreSQL) GetInstanceNamespace() string { + return fmt.Sprintf("vshn-postgresql-%s", pg.GetName()) +} diff --git a/apis/vshn/v1/groupversion_info.go b/apis/vshn/v1/groupversion_info.go index 1b0d4560a2..7dd3fa5b0f 100644 --- a/apis/vshn/v1/groupversion_info.go +++ b/apis/vshn/v1/groupversion_info.go @@ -34,5 +34,9 @@ func init() { &XVSHNRedisList{}, &XVSHNMinio{}, &XVSHNMinioList{}, + &XVSHNKeycloak{}, + &XVSHNKeycloakList{}, + &VSHNKeycloakList{}, + &VSHNKeycloak{}, ) } diff --git a/apis/vshn/v1/zz_generated.deepcopy.go b/apis/vshn/v1/zz_generated.deepcopy.go index 11ff2cbb6b..45e89c54a7 100644 --- a/apis/vshn/v1/zz_generated.deepcopy.go +++ b/apis/vshn/v1/zz_generated.deepcopy.go @@ -6,6 +6,7 @@ package v1 import ( "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1alpha1" + stackgresv1 "github.com/vshn/appcat/v4/apis/stackgres/v1" apisv1 "github.com/vshn/appcat/v4/apis/v1" "k8s.io/apimachinery/pkg/runtime" ) @@ -143,6 +144,227 @@ func (in *VSHNDBaaSSizeRequestsSpec) DeepCopy() *VSHNDBaaSSizeRequestsSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSHNKeycloak) DeepCopyInto(out *VSHNKeycloak) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSHNKeycloak. +func (in *VSHNKeycloak) DeepCopy() *VSHNKeycloak { + if in == nil { + return nil + } + out := new(VSHNKeycloak) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *VSHNKeycloak) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSHNKeycloakList) DeepCopyInto(out *VSHNKeycloakList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]VSHNKeycloak, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSHNKeycloakList. +func (in *VSHNKeycloakList) DeepCopy() *VSHNKeycloakList { + if in == nil { + return nil + } + out := new(VSHNKeycloakList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *VSHNKeycloakList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSHNKeycloakParameters) DeepCopyInto(out *VSHNKeycloakParameters) { + *out = *in + in.Service.DeepCopyInto(&out.Service) + out.Size = in.Size + in.Scheduling.DeepCopyInto(&out.Scheduling) + out.TLS = in.TLS + out.Backup = in.Backup + out.Restore = in.Restore + out.Maintenance = in.Maintenance +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSHNKeycloakParameters. +func (in *VSHNKeycloakParameters) DeepCopy() *VSHNKeycloakParameters { + if in == nil { + return nil + } + out := new(VSHNKeycloakParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSHNKeycloakServiceSpec) DeepCopyInto(out *VSHNKeycloakServiceSpec) { + *out = *in + if in.PostgreSQLParameters != nil { + in, out := &in.PostgreSQLParameters, &out.PostgreSQLParameters + *out = new(VSHNPostgreSQLParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSHNKeycloakServiceSpec. +func (in *VSHNKeycloakServiceSpec) DeepCopy() *VSHNKeycloakServiceSpec { + if in == nil { + return nil + } + out := new(VSHNKeycloakServiceSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSHNKeycloakSettings) DeepCopyInto(out *VSHNKeycloakSettings) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSHNKeycloakSettings. +func (in *VSHNKeycloakSettings) DeepCopy() *VSHNKeycloakSettings { + if in == nil { + return nil + } + out := new(VSHNKeycloakSettings) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSHNKeycloakSizeSpec) DeepCopyInto(out *VSHNKeycloakSizeSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSHNKeycloakSizeSpec. +func (in *VSHNKeycloakSizeSpec) DeepCopy() *VSHNKeycloakSizeSpec { + if in == nil { + return nil + } + out := new(VSHNKeycloakSizeSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSHNKeycloakSpec) DeepCopyInto(out *VSHNKeycloakSpec) { + *out = *in + in.Parameters.DeepCopyInto(&out.Parameters) + out.WriteConnectionSecretToRef = in.WriteConnectionSecretToRef +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSHNKeycloakSpec. +func (in *VSHNKeycloakSpec) DeepCopy() *VSHNKeycloakSpec { + if in == nil { + return nil + } + out := new(VSHNKeycloakSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSHNKeycloakStatus) DeepCopyInto(out *VSHNKeycloakStatus) { + *out = *in + if in.NamespaceConditions != nil { + in, out := &in.NamespaceConditions, &out.NamespaceConditions + *out = make([]apisv1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.SelfSignedIssuerConditions != nil { + in, out := &in.SelfSignedIssuerConditions, &out.SelfSignedIssuerConditions + *out = make([]apisv1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LocalCAConditions != nil { + in, out := &in.LocalCAConditions, &out.LocalCAConditions + *out = make([]apisv1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.CaCertificateConditions != nil { + in, out := &in.CaCertificateConditions, &out.CaCertificateConditions + *out = make([]apisv1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ServerCertificateConditions != nil { + in, out := &in.ServerCertificateConditions, &out.ServerCertificateConditions + *out = make([]apisv1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ClientCertificateConditions != nil { + in, out := &in.ClientCertificateConditions, &out.ClientCertificateConditions + *out = make([]apisv1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.Schedules = in.Schedules +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSHNKeycloakStatus. +func (in *VSHNKeycloakStatus) DeepCopy() *VSHNKeycloakStatus { + if in == nil { + return nil + } + out := new(VSHNKeycloakStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSHNKeycloakTLSSpec) DeepCopyInto(out *VSHNKeycloakTLSSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSHNKeycloakTLSSpec. +func (in *VSHNKeycloakTLSSpec) DeepCopy() *VSHNKeycloakTLSSpec { + if in == nil { + return nil + } + out := new(VSHNKeycloakTLSSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VSHNMariaDB) DeepCopyInto(out *VSHNMariaDB) { *out = *in @@ -637,6 +859,11 @@ func (in *VSHNPostgreSQLServiceSpec) DeepCopyInto(out *VSHNPostgreSQLServiceSpec *out = make([]VSHNDBaaSPostgresExtension, len(*in)) copy(*out, *in) } + if in.PgBouncerSettings != nil { + in, out := &in.PgBouncerSettings, &out.PgBouncerSettings + *out = new(stackgresv1.SGPoolingConfigSpecPgBouncerPgbouncerIni) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSHNPostgreSQLServiceSpec. @@ -1008,6 +1235,99 @@ func (in *VSHNSizeSpec) DeepCopy() *VSHNSizeSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *XVSHNKeycloak) DeepCopyInto(out *XVSHNKeycloak) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XVSHNKeycloak. +func (in *XVSHNKeycloak) DeepCopy() *XVSHNKeycloak { + if in == nil { + return nil + } + out := new(XVSHNKeycloak) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *XVSHNKeycloak) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *XVSHNKeycloakList) DeepCopyInto(out *XVSHNKeycloakList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]XVSHNKeycloak, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XVSHNKeycloakList. +func (in *XVSHNKeycloakList) DeepCopy() *XVSHNKeycloakList { + if in == nil { + return nil + } + out := new(XVSHNKeycloakList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *XVSHNKeycloakList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *XVSHNKeycloakSpec) DeepCopyInto(out *XVSHNKeycloakSpec) { + *out = *in + in.Parameters.DeepCopyInto(&out.Parameters) + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XVSHNKeycloakSpec. +func (in *XVSHNKeycloakSpec) DeepCopy() *XVSHNKeycloakSpec { + if in == nil { + return nil + } + out := new(XVSHNKeycloakSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *XVSHNKeycloakStatus) DeepCopyInto(out *XVSHNKeycloakStatus) { + *out = *in + in.VSHNKeycloakStatus.DeepCopyInto(&out.VSHNKeycloakStatus) + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XVSHNKeycloakStatus. +func (in *XVSHNKeycloakStatus) DeepCopy() *XVSHNKeycloakStatus { + if in == nil { + return nil + } + out := new(XVSHNKeycloakStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *XVSHNMariaDB) DeepCopyInto(out *XVSHNMariaDB) { *out = *in diff --git a/apis/vshn/v1/zz_generated.managed.go b/apis/vshn/v1/zz_generated.managed.go index a132cec27c..c2257719f9 100644 --- a/apis/vshn/v1/zz_generated.managed.go +++ b/apis/vshn/v1/zz_generated.managed.go @@ -4,6 +4,66 @@ package v1 import xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" +// GetCondition of this XVSHNKeycloak. +func (mg *XVSHNKeycloak) GetCondition(ct xpv1.ConditionType) xpv1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this XVSHNKeycloak. +func (mg *XVSHNKeycloak) GetDeletionPolicy() xpv1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetManagementPolicies of this XVSHNKeycloak. +func (mg *XVSHNKeycloak) GetManagementPolicies() xpv1.ManagementPolicies { + return mg.Spec.ManagementPolicies +} + +// GetProviderConfigReference of this XVSHNKeycloak. +func (mg *XVSHNKeycloak) GetProviderConfigReference() *xpv1.Reference { + return mg.Spec.ProviderConfigReference +} + +// GetPublishConnectionDetailsTo of this XVSHNKeycloak. +func (mg *XVSHNKeycloak) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { + return mg.Spec.PublishConnectionDetailsTo +} + +// GetWriteConnectionSecretToReference of this XVSHNKeycloak. +func (mg *XVSHNKeycloak) GetWriteConnectionSecretToReference() *xpv1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this XVSHNKeycloak. +func (mg *XVSHNKeycloak) SetConditions(c ...xpv1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this XVSHNKeycloak. +func (mg *XVSHNKeycloak) SetDeletionPolicy(r xpv1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetManagementPolicies of this XVSHNKeycloak. +func (mg *XVSHNKeycloak) SetManagementPolicies(r xpv1.ManagementPolicies) { + mg.Spec.ManagementPolicies = r +} + +// SetProviderConfigReference of this XVSHNKeycloak. +func (mg *XVSHNKeycloak) SetProviderConfigReference(r *xpv1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +// SetPublishConnectionDetailsTo of this XVSHNKeycloak. +func (mg *XVSHNKeycloak) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { + mg.Spec.PublishConnectionDetailsTo = r +} + +// SetWriteConnectionSecretToReference of this XVSHNKeycloak. +func (mg *XVSHNKeycloak) SetWriteConnectionSecretToReference(r *xpv1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + // GetCondition of this XVSHNMariaDB. func (mg *XVSHNMariaDB) GetCondition(ct xpv1.ConditionType) xpv1.Condition { return mg.Status.GetCondition(ct) diff --git a/apis/vshn/v1/zz_generated.managedlist.go b/apis/vshn/v1/zz_generated.managedlist.go index fe1187a416..ef5dc90c3b 100644 --- a/apis/vshn/v1/zz_generated.managedlist.go +++ b/apis/vshn/v1/zz_generated.managedlist.go @@ -4,6 +4,15 @@ package v1 import resource "github.com/crossplane/crossplane-runtime/pkg/resource" +// GetItems of this XVSHNKeycloakList. +func (l *XVSHNKeycloakList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + // GetItems of this XVSHNMariaDBList. func (l *XVSHNMariaDBList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) diff --git a/cmd/functions.go b/cmd/functions.go index 5677f4d90c..b0378b0a52 100644 --- a/cmd/functions.go +++ b/cmd/functions.go @@ -6,6 +6,7 @@ import ( "github.com/spf13/cobra" "github.com/spf13/viper" _ "github.com/vshn/appcat/v4/pkg/comp-functions/functions/miniobucket" + _ "github.com/vshn/appcat/v4/pkg/comp-functions/functions/vshnkeycloak" _ "github.com/vshn/appcat/v4/pkg/comp-functions/functions/vshnmariadb" _ "github.com/vshn/appcat/v4/pkg/comp-functions/functions/vshnminio" _ "github.com/vshn/appcat/v4/pkg/comp-functions/functions/vshnpostgres" diff --git a/crds/stackgres.io_sgpoolingconfigs.yaml b/crds/stackgres.io_sgpoolingconfigs.yaml new file mode 100644 index 0000000000..50a4c018b3 --- /dev/null +++ b/crds/stackgres.io_sgpoolingconfigs.yaml @@ -0,0 +1,117 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: sgpoolingconfigs.stackgres.io +spec: + group: stackgres.io + names: + kind: SGPoolingConfig + listKind: SGPoolingConfigList + plural: sgpoolingconfigs + singular: sgpoolingconfig + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SGPoolingConfig is the API for creating pgbouncer configs clusters. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of a VSHNPostgreSQL. + properties: + pgBouncer: + description: Connection pooling configuration based on PgBouncer. + properties: + pgbouncer.ini: + description: "The `pgbouncer.ini` parameters the configuration + contains, represented as an object where the keys are valid + names for the `pgbouncer.ini` configuration file parameters. + \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#generic-settings) + for more information about supported parameters." + properties: + databases: + description: "The `pgbouncer.ini` (Section [databases]) parameters + the configuration contains, represented as an object where + the keys are valid names for the `pgbouncer.ini` configuration + file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-databases) + for more information about supported parameters." + type: object + x-kubernetes-preserve-unknown-fields: true + pgbouncer: + description: "The `pgbouncer.ini` (Section [pgbouncer]) parameters + the configuration contains, represented as an object where + the keys are valid names for the `pgbouncer.ini` configuration + file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#generic-settings) + for more information about supported parameters" + type: object + x-kubernetes-preserve-unknown-fields: true + users: + description: "The `pgbouncer.ini` (Section [users]) parameters + the configuration contains, represented as an object where + the keys are valid names for the `pgbouncer.ini` configuration + file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-users) + for more information about supported parameters." + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + type: object + status: + description: Status reflects the observed state of a VSHNPostgreSQL. + properties: + pgBouncer: + description: Connection pooling configuration status based on PgBouncer. + properties: + defaultParameters: + description: The `pgbouncer.ini` default parameters parameters + which are used if not set. + properties: + databases: + description: "The `pgbouncer.ini` (Section [databases]) parameters + the configuration contains, represented as an object where + the keys are valid names for the `pgbouncer.ini` configuration + file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-databases) + for more information about supported parameters." + type: object + x-kubernetes-preserve-unknown-fields: true + pgbouncer: + description: "The `pgbouncer.ini` (Section [pgbouncer]) parameters + the configuration contains, represented as an object where + the keys are valid names for the `pgbouncer.ini` configuration + file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#generic-settings) + for more information about supported parameters" + type: object + x-kubernetes-preserve-unknown-fields: true + users: + description: "The `pgbouncer.ini` (Section [users]) parameters + the configuration contains, represented as an object where + the keys are valid names for the `pgbouncer.ini` configuration + file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-users) + for more information about supported parameters." + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + required: + - defaultParameters + type: object + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/crds/vshn.appcat.vshn.io_vshnkeycloaks.yaml b/crds/vshn.appcat.vshn.io_vshnkeycloaks.yaml new file mode 100644 index 0000000000..535977b980 --- /dev/null +++ b/crds/vshn.appcat.vshn.io_vshnkeycloaks.yaml @@ -0,0 +1,4017 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: vshnkeycloaks.vshn.appcat.vshn.io +spec: + group: vshn.appcat.vshn.io + names: + kind: VSHNKeycloak + listKind: VSHNKeycloakList + plural: vshnkeycloaks + singular: vshnkeycloak + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: VSHNKeycloak is the API for creating keycloak instances. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of a VSHNKeycloak. + properties: + parameters: + description: Parameters are the configurable fields of a VSHNKeycloak. + properties: + backup: + description: Backup contains settings to control how the instance should get backed up. + properties: + retention: + description: K8upRetentionPolicy describes the retention configuration for a K8up backup. + properties: + keepDaily: + default: 6 + type: integer + keepHourly: + type: integer + keepLast: + type: integer + keepMonthly: + type: integer + keepWeekly: + type: integer + keepYearly: + type: integer + type: object + schedule: + pattern: ^(\*|([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])|\*\/([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])) (\*|([0-9]|1[0-9]|2[0-3])|\*\/([0-9]|1[0-9]|2[0-3])) (\*|([1-9]|1[0-9]|2[0-9]|3[0-1])|\*\/([1-9]|1[0-9]|2[0-9]|3[0-1])) (\*|([1-9]|1[0-2])|\*\/([1-9]|1[0-2])) (\*|([0-6])|\*\/([0-6]))$ + type: string + type: object + default: {} + maintenance: + description: Maintenance contains settings to control the maintenance of an instance. + properties: + dayOfWeek: + description: DayOfWeek specifies at which weekday the maintenance is held place. Allowed values are [monday, tuesday, wednesday, thursday, friday, saturday, sunday] + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + timeOfDay: + description: 'TimeOfDay for installing updates in UTC. Format: "hh:mm:ss".' + pattern: ^([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$ + type: string + type: object + restore: + description: Restore contains settings to control the restore of an instance. + properties: + backupName: + description: BackupName is the name of the specific backup you want to restore. + type: string + claimName: + description: ClaimName specifies the name of the instance you want to restore from. The claim has to be in the same namespace as this new instance. + type: string + type: object + scheduling: + description: Scheduling contains settings to control the scheduling of an instance. + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is a selector which must match a node’s labels for the pod to be scheduled on that node + type: object + type: object + service: + description: Service contains keycloak DBaaS specific properties + properties: + fqdn: + description: FQDN contains the FQDN which will be used for the ingress. If it's not set, no ingress will be deployed. This also enables strict hostname checking for this FQDN. + type: string + postgreSQLParameters: + description: PostgreSQLParameters can be used to set any supported setting in the underlying PostgreSQL instance. + properties: + backup: + description: Backup contains settings to control the backups of an instance. + properties: + deletionProtection: + default: true + description: DeletionProtection will protect the instance from being deleted for the given retention time. This is enabled by default. + type: boolean + deletionRetention: + default: 7 + description: DeletionRetention specifies in days how long the instance should be kept after deletion. The default is keeping it one week. + type: integer + retention: + default: 6 + pattern: ^[1-9][0-9]*$ + type: integer + x-kubernetes-int-or-string: true + schedule: + pattern: ^(\*|([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])|\*\/([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])) (\*|([0-9]|1[0-9]|2[0-3])|\*\/([0-9]|1[0-9]|2[0-3])) (\*|([1-9]|1[0-9]|2[0-9]|3[0-1])|\*\/([1-9]|1[0-9]|2[0-9]|3[0-1])) (\*|([1-9]|1[0-2])|\*\/([1-9]|1[0-2])) (\*|([0-6])|\*\/([0-6]))$ + type: string + type: object + encryption: + description: Encryption contains settings to control the storage encryption of an instance. + properties: + enabled: + description: Enabled specifies if the instance should use encrypted storage for the instance. + type: boolean + type: object + instances: + default: 1 + description: Instances configures the number of PostgreSQL instances for the cluster. Each instance contains one Postgres server. Out of all Postgres servers, one is elected as the primary, the rest remain as read-only replicas. + maximum: 3 + minimum: 1 + type: integer + maintenance: + description: Maintenance contains settings to control the maintenance of an instance. + properties: + dayOfWeek: + description: DayOfWeek specifies at which weekday the maintenance is held place. Allowed values are [monday, tuesday, wednesday, thursday, friday, saturday, sunday] + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + timeOfDay: + description: 'TimeOfDay for installing updates in UTC. Format: "hh:mm:ss".' + pattern: ^([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$ + type: string + type: object + monitoring: + description: Monitoring contains settings to control monitoring. + properties: + alertmanagerConfigRef: + description: AlertmanagerConfigRef contains the name of the AlertmanagerConfig that should be copied over to the namespace of the instance. + type: string + alertmanagerConfigSecretRef: + description: AlertmanagerConfigSecretRef contains the name of the secret that is used in the referenced AlertmanagerConfig + type: string + alertmanagerConfigTemplate: + description: AlertmanagerConfigSpecTemplate takes an AlertmanagerConfigSpec object. This takes precedence over the AlertmanagerConfigRef. + properties: + inhibitRules: + description: List of inhibition rules. The rules will only apply to alerts matching the resource's namespace. + items: + description: InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule + properties: + equal: + description: Labels that must have an equal value in the source and target alert for the inhibition to take effect. + items: + type: string + type: array + sourceMatch: + description: Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource's namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: Match operation available with AlertManager >= v0.22.0 and takes precedence over Regex (deprecated) if non-empty. + enum: + - '!=' + - "=" + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression (true). Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + targetMatch: + description: Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource's namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: Match operation available with AlertManager >= v0.22.0 and takes precedence over Regex (deprecated) if non-empty. + enum: + - '!=' + - "=" + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression (true). Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + type: object + type: array + muteTimeIntervals: + description: List of MuteTimeInterval specifying when the routes should be muted. + items: + description: MuteTimeInterval specifies the periods in time when notifications will be muted + properties: + name: + description: Name of the time interval + type: string + timeIntervals: + description: TimeIntervals is a list of TimeInterval + items: + description: TimeInterval describes intervals of time + properties: + daysOfMonth: + description: DaysOfMonth is a list of DayOfMonthRange + items: + description: DayOfMonthRange is an inclusive range of days of the month beginning at 1 + properties: + end: + description: End of the inclusive range + maximum: 31 + minimum: -31 + type: integer + start: + description: Start of the inclusive range + maximum: 31 + minimum: -31 + type: integer + type: object + type: array + months: + description: Months is a list of MonthRange + items: + description: MonthRange is an inclusive range of months of the year beginning in January Months can be specified by name (e.g 'January') by numerical month (e.g '1') or as an inclusive range (e.g 'January:March', '1:3', '1:March') + pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12]))$)|$) + type: string + type: array + times: + description: Times is a list of TimeRange + items: + description: TimeRange defines a start and end time in 24hr format + properties: + endTime: + description: EndTime is the end time in 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + startTime: + description: StartTime is the start time in 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + type: object + type: array + weekdays: + description: Weekdays is a list of WeekdayRange + items: + description: WeekdayRange is an inclusive range of days of the week beginning on Sunday Days can be specified by name (e.g 'Sunday') or as an inclusive range (e.g 'Monday:Friday') + pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$) + type: string + type: array + years: + description: Years is a list of YearRange + items: + description: YearRange is an inclusive range of years + pattern: ^2\d{3}(?::2\d{3}|$) + type: string + type: array + type: object + type: array + type: object + type: array + receivers: + description: List of receivers. + items: + description: Receiver defines one or more notification integrations. + properties: + emailConfigs: + description: List of Email configurations. + items: + description: EmailConfig configures notifications via Email. + properties: + authIdentity: + description: The identity to use for authentication. + type: string + authPassword: + description: The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authSecret: + description: The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authUsername: + description: The username to use for authentication. + type: string + from: + description: The sender address. + type: string + headers: + description: Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + hello: + description: The hostname to identify to the SMTP server. + type: string + html: + description: The HTML body of the email notification. + type: string + requireTLS: + description: The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + smarthost: + description: The SMTP host and port through which emails are sent. E.g. example.com:25 + type: string + text: + description: The text body of the email notification. + type: string + tlsConfig: + description: TLS configuration + properties: + ca: + description: Certificate authority used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + to: + description: The email address to send notifications to. + type: string + type: object + type: array + name: + description: Name of the receiver. Must be unique across all items from the list. + minLength: 1 + type: string + opsgenieConfigs: + description: List of OpsGenie configurations. + items: + description: OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + actions: + description: Comma separated list of actions that will be available for the alert. + type: string + apiKey: + description: The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: The URL to send OpsGenie API requests to. + type: string + description: + description: Description of the incident. + type: string + details: + description: A set of arbitrary key/value pairs that provide further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entity: + description: Optional field that can be used to specify which domain alert is related to. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: Alert text limited to 130 characters. + type: string + note: + description: Additional alert note. + type: string + priority: + description: Priority level of alert. Possible values are P1, P2, P3, P4, and P5. + type: string + responders: + description: List of responders responsible for notifications. + items: + description: OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined. + properties: + id: + description: ID of the responder. + type: string + name: + description: Name of the responder. + type: string + type: + description: Type of responder. + enum: + - team + - teams + - user + - escalation + - schedule + minLength: 1 + type: string + username: + description: Username of the responder. + type: string + required: + - type + type: object + type: array + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + source: + description: Backlink to the sender of the notification. + type: string + tags: + description: Comma separated list of tags attached to the notifications. + type: string + updateAlerts: + description: Whether to update message and description of the alert in OpsGenie if it already exists By default, the alert is never updated in OpsGenie, the new message only appears in activity log. + type: boolean + type: object + type: array + pagerdutyConfigs: + description: List of PagerDuty configurations. + items: + description: PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config + properties: + class: + description: The class/type of the event. + type: string + client: + description: Client identification. + type: string + clientURL: + description: Backlink to the sender of notification. + type: string + component: + description: The part or component of the affected system that is broken. + type: string + description: + description: Description of the incident. + type: string + details: + description: Arbitrary key/value pairs that provide further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + group: + description: A cluster or grouping of sources. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + pagerDutyImageConfigs: + description: A list of image details to attach that provide further detail about an incident. + items: + description: PagerDutyImageConfig attaches images to an incident + properties: + alt: + description: Alt is the optional alternative text for the image. + type: string + href: + description: Optional URL; makes the image a clickable link. + type: string + src: + description: Src of the image being attached to the incident + type: string + type: object + type: array + pagerDutyLinkConfigs: + description: A list of link details to attach that provide further detail about an incident. + items: + description: PagerDutyLinkConfig attaches text links to an incident + properties: + alt: + description: Text that describes the purpose of the link, and can be used as the link's text. + type: string + href: + description: Href is the URL of the link to be attached + type: string + type: object + type: array + routingKey: + description: The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + serviceKey: + description: The secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + severity: + description: Severity of the incident. + type: string + url: + description: The URL to send requests to. + type: string + type: object + type: array + pushoverConfigs: + description: List of Pushover configurations. + items: + description: PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + properties: + expire: + description: How long your notification will continue to be retried for, unless the user acknowledges the notification. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + html: + description: Whether notification message is HTML or plain text. + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: Notification message. + type: string + priority: + description: Priority, see https://pushover.net/api#priority + type: string + retry: + description: How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sound: + description: The name of one of the sounds supported by device clients to override the user's default sound choice + type: string + title: + description: Notification title. + type: string + token: + description: The secret's key that contains the registered application's API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + description: A supplementary URL shown alongside the message. + type: string + urlTitle: + description: A title for supplementary URL, otherwise just the URL is shown + type: string + userKey: + description: The secret's key that contains the recipient user's user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + slackConfigs: + description: List of Slack configurations. + items: + description: SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + properties: + actions: + description: A list of Slack actions that are sent with each notification. + items: + description: SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information. + properties: + confirm: + description: SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information. + properties: + dismissText: + type: string + okText: + type: string + text: + minLength: 1 + type: string + title: + type: string + required: + - text + type: object + name: + type: string + style: + type: string + text: + minLength: 1 + type: string + type: + minLength: 1 + type: string + url: + type: string + value: + type: string + required: + - text + - type + type: object + type: array + apiURL: + description: The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + callbackId: + type: string + channel: + description: The channel or user to send notifications to. + type: string + color: + type: string + fallback: + type: string + fields: + description: A list of Slack fields that are sent with each notification. + items: + description: SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information. + properties: + short: + type: boolean + title: + minLength: 1 + type: string + value: + minLength: 1 + type: string + required: + - title + - value + type: object + type: array + footer: + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + iconEmoji: + type: string + iconURL: + type: string + imageURL: + type: string + linkNames: + type: boolean + mrkdwnIn: + items: + type: string + type: array + pretext: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + shortFields: + type: boolean + text: + type: string + thumbURL: + type: string + title: + type: string + titleLink: + type: string + username: + type: string + type: object + type: array + snsConfigs: + description: List of SNS configurations + items: + description: SNSConfig configures notifications via AWS SNS. See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs + properties: + apiURL: + description: The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. If not specified, the SNS API URL from the SNS SDK will be used. + type: string + attributes: + additionalProperties: + type: string + description: SNS message attributes. + type: object + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: The message content of the SNS notification. + type: string + phoneNumber: + description: Phone number if message is delivered via SMS in E.164 format. If you don't specify this value, you must specify a value for the TopicARN or TargetARN. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sigv4: + description: Configures AWS's Signature Verification 4 signing process to sign requests. + properties: + accessKey: + description: AccessKey is the AWS API key. If blank, the environment variable `AWS_ACCESS_KEY_ID` is used. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: Profile is the named AWS profile used to authenticate. + type: string + region: + description: Region is the AWS region. If blank, the region from the default credentials chain used. + type: string + roleArn: + description: RoleArn is the named AWS profile used to authenticate. + type: string + secretKey: + description: SecretKey is the AWS API secret. If blank, the environment variable `AWS_SECRET_ACCESS_KEY` is used. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + subject: + description: Subject line when the message is delivered to email endpoints. + type: string + targetARN: + description: The mobile platform endpoint ARN if message is delivered via mobile notifications. If you don't specify this value, you must specify a value for the topic_arn or PhoneNumber. + type: string + topicARN: + description: SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic If you don't specify this value, you must specify a value for the PhoneNumber or TargetARN. + type: string + type: object + type: array + telegramConfigs: + description: List of Telegram configurations. + items: + description: TelegramConfig configures notifications via Telegram. See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config + properties: + apiURL: + description: The Telegram API URL i.e. https://api.telegram.org. If not specified, default API URL will be used. + type: string + botToken: + description: Telegram bot token The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + chatID: + description: The Telegram chat ID. + format: int64 + type: integer + disableNotifications: + description: Disable telegram notifications + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: Message template + type: string + parseMode: + description: Parse mode for telegram message + enum: + - MarkdownV2 + - Markdown + - HTML + type: string + sendResolved: + description: Whether to notify about resolved alerts. + type: boolean + type: object + type: array + victoropsConfigs: + description: List of VictorOps configurations. + items: + description: VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiUrl: + description: The VictorOps API URL. + type: string + customFields: + description: Additional custom fields for notification. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entityDisplayName: + description: Contains summary of the alerted problem. + type: string + httpConfig: + description: The HTTP client's configuration. + properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + messageType: + description: Describes the behavior of the alert (CRITICAL, WARNING, INFO). + type: string + monitoringTool: + description: The monitoring tool the state message is from. + type: string + routingKey: + description: A key used to map the alert to a team. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + stateMessage: + description: Contains long explanation of the alerted problem. + type: string + type: object + type: array + webhookConfigs: + description: List of webhook configurations. + items: + description: WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + maxAlerts: + description: Maximum number of alerts to be sent per webhook message. When 0, all alerts are included. + format: int32 + minimum: 0 + type: integer + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + url: + description: The URL to send HTTP POST requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. + type: string + urlSecret: + description: The secret's key that contains the webhook URL to send HTTP requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + wechatConfigs: + description: List of WeChat configurations. + items: + description: WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config + properties: + agentID: + type: string + apiSecret: + description: The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: The WeChat API URL. + type: string + corpID: + description: The corp id for authentication. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials of the request + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: API request data as defined by the WeChat API. + type: string + messageType: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + toParty: + type: string + toTag: + type: string + toUser: + type: string + type: object + type: array + required: + - name + type: object + type: array + route: + description: The Alertmanager route definition for alerts matching the resource's namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. + properties: + activeTimeIntervals: + description: ActiveTimeIntervals is a list of MuteTimeInterval names when this route should be active. + items: + type: string + type: array + continue: + description: Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator. + type: boolean + groupBy: + description: List of labels to group by. Labels must not be repeated (unique list). Special label "..." (aggregate by all possible labels), if provided, must be the only element in the list. + items: + type: string + type: array + groupInterval: + description: 'How long to wait before sending an updated notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: "5m"' + type: string + groupWait: + description: 'How long to wait before sending the initial notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: "30s"' + type: string + matchers: + description: 'List of matchers that the alert''s labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher.' + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: Match operation available with AlertManager >= v0.22.0 and takes precedence over Regex (deprecated) if non-empty. + enum: + - '!=' + - "=" + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression (true). Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + muteTimeIntervals: + description: 'Note: this comment applies to the field definition above but appears below otherwise it gets included in the generated manifest. CRD schema doesn''t support self-referential types for now (see https://github.com/kubernetes/kubernetes/issues/62872). We have to use an alternative type to circumvent the limitation. The downside is that the Kube API can''t validate the data beyond the fact that it is a valid JSON representation. MuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched,' + items: + type: string + type: array + receiver: + description: Name of the receiver for this route. If not empty, it should be listed in the `receivers` field. + type: string + repeatInterval: + description: 'How long to wait before repeating the last notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: "4h"' + type: string + routes: + description: Child routes. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + email: + description: Email necessary to send alerts via email + type: string + type: object + network: + description: Network contains any network related settings. + properties: + ipFilter: + default: + - 0.0.0.0/0 + description: IPFilter is a list of allowed IPv4 CIDR ranges that can access the service. If no IP Filter is set, you may not be able to reach the service. A value of `0.0.0.0/0` will open the service to all addresses on the public internet. + items: + type: string + type: array + serviceType: + default: ClusterIP + description: 'ServiceType defines the type of the service. Possible enum values: - `"ClusterIP"` indicates that the service is only reachable from within the cluster. - `"LoadBalancer"` indicates that the service is reachable from the public internet via dedicated Ipv4 address.' + enum: + - ClusterIP + - LoadBalancer + type: string + type: object + replication: + description: "This section allows to configure Postgres replication mode and HA roles groups. \n The main replication group is implicit and contains the total number of instances less the sum of all instances in other replication groups." + properties: + mode: + description: "Mode defines the replication mode applied to the whole cluster. Possible values are: \"async\"(default), \"sync\", and \"strict-sync\" \n \"async\": When in asynchronous mode the cluster is allowed to lose some committed transactions. When the primary server fails or becomes unavailable for any other reason a sufficiently healthy standby will automatically be promoted to primary. Any transactions that have not been replicated to that standby remain in a “forked timeline” on the primary, and are effectively unrecoverable \n \"sync\": When in synchronous mode a standby will not be promoted unless it is certain that the standby contains all transactions that may have returned a successful commit status to client. This means that the system may be unavailable for writes even though some servers are available. \n \"strict-sync\": When it is absolutely necessary to guarantee that each write is stored durably on at least two nodes, use the strict synchronous mode. This mode prevents synchronous replication to be switched off on the primary when no synchronous standby candidates are available. As a downside, the primary will not be available for writes, blocking all client write requests until at least one synchronous replica comes up. \n NOTE: We recommend to always use three intances when setting the mode to \"strict-sync\"." + enum: + - async + - sync + - strict-sync + type: string + type: object + restore: + description: Restore contains settings to control the restore of an instance. + properties: + backupName: + description: BackupName is the name of the specific backup you want to restore. + type: string + claimName: + description: ClaimName specifies the name of the instance you want to restore from. The claim has to be in the same namespace as this new instance. + type: string + recoveryTimeStamp: + description: RecoveryTimeStamp an ISO 8601 date, that holds UTC date indicating at which point-in-time the database has to be restored. This is optional and if no PIT recovery is required, it can be left empty. + pattern: ^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\d|2[0-3]):[0-5]\d:[0-5]\d(?:Z|[+-][01]\d:[0-5]\d)$ + type: string + type: object + scheduling: + description: Scheduling contains settings to control the scheduling of an instance. + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is a selector which must match a node’s labels for the pod to be scheduled on that node + type: object + type: object + service: + description: Service contains PostgreSQL DBaaS specific properties + properties: + extensions: + description: Extensions allow to enable/disable any of the supported + items: + description: VSHNDBaaSPostgresExtension contains the name of a single extension. + properties: + name: + description: Name is the name of the extension to enable. For an extensive list, please consult https://stackgres.io/doc/latest/intro/extensions/ + type: string + type: object + type: array + majorVersion: + default: "15" + description: MajorVersion contains supported version of PostgreSQL. Multiple versions are supported. The latest version "15" is the default version. + enum: + - "12" + - "13" + - "14" + - "15" + type: string + pgBouncerSettings: + description: PgBouncerSettings passes additional configuration to the pgBouncer instance. + properties: + databases: + description: "The `pgbouncer.ini` (Section [databases]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-databases) for more information about supported parameters." + type: object + x-kubernetes-preserve-unknown-fields: true + pgbouncer: + description: "The `pgbouncer.ini` (Section [pgbouncer]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#generic-settings) for more information about supported parameters" + type: object + x-kubernetes-preserve-unknown-fields: true + users: + description: "The `pgbouncer.ini` (Section [users]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-users) for more information about supported parameters." + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + pgSettings: + description: PGSettings contains additional PostgreSQL settings. + type: object + x-kubernetes-preserve-unknown-fields: true + serviceLevel: + default: besteffort + description: ServiceLevel defines the service level of this service. Either Best Effort or Guaranteed Availability is allowed. + enum: + - besteffort + - guaranteed + type: string + type: object + size: + description: Size contains settings to control the sizing of a service. + properties: + cpu: + description: CPU defines the amount of Kubernetes CPUs for an instance. + type: string + disk: + description: Disk defines the amount of disk space for an instance. + type: string + memory: + description: Memory defines the amount of memory in units of bytes for an instance. + type: string + plan: + description: Plan is the name of the resource plan that defines the compute resources. + type: string + requests: + description: Requests defines CPU and memory requests for an instance + properties: + cpu: + description: CPU defines the amount of Kubernetes CPUs for an instance. + type: string + memory: + description: Memory defines the amount of memory in units of bytes for an instance. + type: string + type: object + type: object + updateStrategy: + description: UpdateStrategy indicates when updates to the instance spec will be applied. + properties: + type: + default: Immediate + description: 'Type indicates the type of the UpdateStrategy. Default is OnRestart. Possible enum values: - `"OnRestart"` indicates that the changes to the spec will only be applied once the instance is restarted by other means, most likely during maintenance. - `"Immediate"` indicates that update will be applied to the instance as soon as the spec changes. Please be aware that this might lead to short downtime.' + enum: + - Immediate + - OnRestart + type: string + type: object + type: object + default: {} + relativePath: + default: / + description: RelativePath on which Keycloak will listen. + type: string + serviceLevel: + default: besteffort + description: ServiceLevel defines the service level of this service. Either Best Effort or Guaranteed Availability is allowed. + enum: + - besteffort + - guaranteed + type: string + version: + default: "23" + description: Version contains supported version of keycloak. Multiple versions are supported. The latest version 22 is the default version. + enum: + - "23" + type: string + type: object + default: {} + size: + description: Size contains settings to control the sizing of a service. + properties: + cpu: + description: CPU defines the amount of Kubernetes CPUs for an instance. + type: string + disk: + description: Disk defines the amount of disk space for an instance. + type: string + memory: + description: Memory defines the amount of memory in units of bytes for an instance. + type: string + plan: + description: Plan is the name of the resource plan that defines the compute resources. + type: string + requests: + description: Requests defines CPU and memory requests for an instance + properties: + cpu: + description: CPU defines the amount of Kubernetes CPUs for an instance. + type: string + memory: + description: Memory defines the amount of memory in units of bytes for an instance. + type: string + type: object + type: object + default: {} + tls: + description: TLS contains settings to control tls traffic of a service. + properties: + authClients: + default: true + description: TLSAuthClients enables client authentication requirement + type: boolean + enabled: + default: true + description: TLSEnabled enables TLS traffic for the service + type: boolean + type: object + default: {} + type: object + default: {} + writeConnectionSecretToRef: + description: WriteConnectionSecretToRef references a secret to which the connection details will be written. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + type: string + type: object + x-kubernetes-map-type: atomic + type: object + status: + description: Status reflects the observed state of a VSHNKeycloak. + properties: + caCertificateConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + clientCertificateConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + instanceNamespace: + description: InstanceNamespace contains the name of the namespace where the instance resides + type: string + localCAConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + namespaceConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + schedules: + description: Schedules keeps track of random generated schedules, is overwriten by schedules set in the service's spec. + properties: + backup: + description: Backup keeps track of the backup schedule. + type: string + maintenance: + description: Maintenance keeps track of the maintenance schedule. + properties: + dayOfWeek: + description: DayOfWeek specifies at which weekday the maintenance is held place. Allowed values are [monday, tuesday, wednesday, thursday, friday, saturday, sunday] + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + timeOfDay: + description: 'TimeOfDay for installing updates in UTC. Format: "hh:mm:ss".' + pattern: ^([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$ + type: string + type: object + type: object + selfSignedIssuerConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + serverCertificateConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/crds/vshn.appcat.vshn.io_vshnpostgresqls.yaml b/crds/vshn.appcat.vshn.io_vshnpostgresqls.yaml index 623b66489b..c844e80010 100644 --- a/crds/vshn.appcat.vshn.io_vshnpostgresqls.yaml +++ b/crds/vshn.appcat.vshn.io_vshnpostgresqls.yaml @@ -3580,6 +3580,22 @@ spec: - "14" - "15" type: string + pgBouncerSettings: + description: PgBouncerSettings passes additional configuration to the pgBouncer instance. + properties: + databases: + description: "The `pgbouncer.ini` (Section [databases]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-databases) for more information about supported parameters." + type: object + x-kubernetes-preserve-unknown-fields: true + pgbouncer: + description: "The `pgbouncer.ini` (Section [pgbouncer]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#generic-settings) for more information about supported parameters" + type: object + x-kubernetes-preserve-unknown-fields: true + users: + description: "The `pgbouncer.ini` (Section [users]) parameters the configuration contains, represented as an object where the keys are valid names for the `pgbouncer.ini` configuration file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-users) for more information about supported parameters." + type: object + x-kubernetes-preserve-unknown-fields: true + type: object pgSettings: description: PGSettings contains additional PostgreSQL settings. type: object diff --git a/crds/vshn.appcat.vshn.io_xvshnkeycloaks.yaml b/crds/vshn.appcat.vshn.io_xvshnkeycloaks.yaml new file mode 100644 index 0000000000..d19f842f57 --- /dev/null +++ b/crds/vshn.appcat.vshn.io_xvshnkeycloaks.yaml @@ -0,0 +1,6455 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: xvshnkeycloaks.vshn.appcat.vshn.io +spec: + group: vshn.appcat.vshn.io + names: + kind: XVSHNKeycloak + listKind: XVSHNKeycloakList + plural: xvshnkeycloaks + singular: xvshnkeycloak + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: XVSHNKeycloak represents the internal composite of this claim + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: XVSHNKeycloakSpec defines the desired state of a VSHNKeycloak. + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + managementPolicies: + default: + - '*' + description: 'THIS IS A BETA FIELD. It is on by default but can be + opted out through a Crossplane feature flag. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + parameters: + description: Parameters are the configurable fields of a VSHNKeycloak. + properties: + backup: + description: Backup contains settings to control how the instance + should get backed up. + properties: + retention: + description: K8upRetentionPolicy describes the retention configuration + for a K8up backup. + properties: + keepDaily: + default: 6 + type: integer + keepHourly: + type: integer + keepLast: + type: integer + keepMonthly: + type: integer + keepWeekly: + type: integer + keepYearly: + type: integer + type: object + schedule: + pattern: ^(\*|([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])|\*\/([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])) + (\*|([0-9]|1[0-9]|2[0-3])|\*\/([0-9]|1[0-9]|2[0-3])) (\*|([1-9]|1[0-9]|2[0-9]|3[0-1])|\*\/([1-9]|1[0-9]|2[0-9]|3[0-1])) + (\*|([1-9]|1[0-2])|\*\/([1-9]|1[0-2])) (\*|([0-6])|\*\/([0-6]))$ + type: string + type: object + maintenance: + description: Maintenance contains settings to control the maintenance + of an instance. + properties: + dayOfWeek: + description: DayOfWeek specifies at which weekday the maintenance + is held place. Allowed values are [monday, tuesday, wednesday, + thursday, friday, saturday, sunday] + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + timeOfDay: + description: 'TimeOfDay for installing updates in UTC. Format: + "hh:mm:ss".' + pattern: ^([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$ + type: string + type: object + restore: + description: Restore contains settings to control the restore + of an instance. + properties: + backupName: + description: BackupName is the name of the specific backup + you want to restore. + type: string + claimName: + description: ClaimName specifies the name of the instance + you want to restore from. The claim has to be in the same + namespace as this new instance. + type: string + type: object + scheduling: + description: Scheduling contains settings to control the scheduling + of an instance. + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is a selector which must match a + node’s labels for the pod to be scheduled on that node + type: object + type: object + service: + description: Service contains keycloak DBaaS specific properties + properties: + fqdn: + description: FQDN contains the FQDN which will be used for + the ingress. If it's not set, no ingress will be deployed. + This also enables strict hostname checking for this FQDN. + type: string + postgreSQLParameters: + description: PostgreSQLParameters can be used to set any supported + setting in the underlying PostgreSQL instance. + properties: + backup: + description: Backup contains settings to control the backups + of an instance. + properties: + deletionProtection: + default: true + description: DeletionProtection will protect the instance + from being deleted for the given retention time. + This is enabled by default. + type: boolean + deletionRetention: + default: 7 + description: DeletionRetention specifies in days how + long the instance should be kept after deletion. + The default is keeping it one week. + type: integer + retention: + default: 6 + pattern: ^[1-9][0-9]*$ + type: integer + x-kubernetes-int-or-string: true + schedule: + pattern: ^(\*|([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])|\*\/([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])) + (\*|([0-9]|1[0-9]|2[0-3])|\*\/([0-9]|1[0-9]|2[0-3])) + (\*|([1-9]|1[0-9]|2[0-9]|3[0-1])|\*\/([1-9]|1[0-9]|2[0-9]|3[0-1])) + (\*|([1-9]|1[0-2])|\*\/([1-9]|1[0-2])) (\*|([0-6])|\*\/([0-6]))$ + type: string + type: object + encryption: + description: Encryption contains settings to control the + storage encryption of an instance. + properties: + enabled: + description: Enabled specifies if the instance should + use encrypted storage for the instance. + type: boolean + type: object + instances: + default: 1 + description: Instances configures the number of PostgreSQL + instances for the cluster. Each instance contains one + Postgres server. Out of all Postgres servers, one is + elected as the primary, the rest remain as read-only + replicas. + maximum: 3 + minimum: 1 + type: integer + maintenance: + description: Maintenance contains settings to control + the maintenance of an instance. + properties: + dayOfWeek: + description: DayOfWeek specifies at which weekday + the maintenance is held place. Allowed values are + [monday, tuesday, wednesday, thursday, friday, saturday, + sunday] + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + timeOfDay: + description: 'TimeOfDay for installing updates in + UTC. Format: "hh:mm:ss".' + pattern: ^([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$ + type: string + type: object + monitoring: + description: Monitoring contains settings to control monitoring. + properties: + alertmanagerConfigRef: + description: AlertmanagerConfigRef contains the name + of the AlertmanagerConfig that should be copied + over to the namespace of the instance. + type: string + alertmanagerConfigSecretRef: + description: AlertmanagerConfigSecretRef contains + the name of the secret that is used in the referenced + AlertmanagerConfig + type: string + alertmanagerConfigTemplate: + description: AlertmanagerConfigSpecTemplate takes + an AlertmanagerConfigSpec object. This takes precedence + over the AlertmanagerConfigRef. + properties: + inhibitRules: + description: List of inhibition rules. The rules + will only apply to alerts matching the resource's + namespace. + items: + description: InhibitRule defines an inhibition + rule that allows to mute alerts when other + alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule + properties: + equal: + description: Labels that must have an equal + value in the source and target alert for + the inhibition to take effect. + items: + type: string + type: array + sourceMatch: + description: Matchers for which one or more + alerts have to exist for the inhibition + to take effect. The operator enforces + that the alert matches the resource's + namespace. + items: + description: Matcher defines how to match + on alert's labels. + properties: + matchType: + description: Match operation available + with AlertManager >= v0.22.0 and + takes precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - "=" + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality + (false) or regular-expression (true). + Deprecated as of AlertManager >= + v0.22.0 where a user should use + MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + targetMatch: + description: Matchers that have to be fulfilled + in the alerts to be muted. The operator + enforces that the alert matches the resource's + namespace. + items: + description: Matcher defines how to match + on alert's labels. + properties: + matchType: + description: Match operation available + with AlertManager >= v0.22.0 and + takes precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - "=" + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality + (false) or regular-expression (true). + Deprecated as of AlertManager >= + v0.22.0 where a user should use + MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + type: object + type: array + muteTimeIntervals: + description: List of MuteTimeInterval specifying + when the routes should be muted. + items: + description: MuteTimeInterval specifies the + periods in time when notifications will be + muted + properties: + name: + description: Name of the time interval + type: string + timeIntervals: + description: TimeIntervals is a list of + TimeInterval + items: + description: TimeInterval describes intervals + of time + properties: + daysOfMonth: + description: DaysOfMonth is a list + of DayOfMonthRange + items: + description: DayOfMonthRange is + an inclusive range of days of + the month beginning at 1 + properties: + end: + description: End of the inclusive + range + maximum: 31 + minimum: -31 + type: integer + start: + description: Start of the inclusive + range + maximum: 31 + minimum: -31 + type: integer + type: object + type: array + months: + description: Months is a list of MonthRange + items: + description: MonthRange is an inclusive + range of months of the year beginning + in January Months can be specified + by name (e.g 'January') by numerical + month (e.g '1') or as an inclusive + range (e.g 'January:March', '1:3', + '1:March') + pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12]))$)|$) + type: string + type: array + times: + description: Times is a list of TimeRange + items: + description: TimeRange defines a + start and end time in 24hr format + properties: + endTime: + description: EndTime is the + end time in 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + startTime: + description: StartTime is the + start time in 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + type: object + type: array + weekdays: + description: Weekdays is a list of + WeekdayRange + items: + description: WeekdayRange is an + inclusive range of days of the + week beginning on Sunday Days + can be specified by name (e.g + 'Sunday') or as an inclusive range + (e.g 'Monday:Friday') + pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$) + type: string + type: array + years: + description: Years is a list of YearRange + items: + description: YearRange is an inclusive + range of years + pattern: ^2\d{3}(?::2\d{3}|$) + type: string + type: array + type: object + type: array + type: object + type: array + receivers: + description: List of receivers. + items: + description: Receiver defines one or more notification + integrations. + properties: + emailConfigs: + description: List of Email configurations. + items: + description: EmailConfig configures notifications + via Email. + properties: + authIdentity: + description: The identity to use for + authentication. + type: string + authPassword: + description: The secret's key that + contains the password to use for + authentication. The secret needs + to be in the same namespace as the + AlertmanagerConfig object and accessible + by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authSecret: + description: The secret's key that + contains the CRAM-MD5 secret. The + secret needs to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authUsername: + description: The username to use for + authentication. + type: string + from: + description: The sender address. + type: string + headers: + description: Further headers email + header key/value pairs. Overrides + any headers previously set by the + notification implementation. + items: + description: KeyValue defines a + (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + hello: + description: The hostname to identify + to the SMTP server. + type: string + html: + description: The HTML body of the + email notification. + type: string + requireTLS: + description: The SMTP TLS requirement. + Note that Go does not support unencrypted + connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + smarthost: + description: The SMTP host and port + through which emails are sent. E.g. + example.com:25 + type: string + text: + description: The text body of the + email notification. + type: string + tlsConfig: + description: TLS configuration + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing + the client key file for the + targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + to: + description: The email address to + send notifications to. + type: string + type: object + type: array + name: + description: Name of the receiver. Must + be unique across all items from the list. + minLength: 1 + type: string + opsgenieConfigs: + description: List of OpsGenie configurations. + items: + description: OpsGenieConfig configures + notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + actions: + description: Comma separated list + of actions that will be available + for the alert. + type: string + apiKey: + description: The secret's key that + contains the OpsGenie API key. The + secret needs to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: The URL to send OpsGenie + API requests to. + type: string + description: + description: Description of the incident. + type: string + details: + description: A set of arbitrary key/value + pairs that provide further detail + about the incident. + items: + description: KeyValue defines a + (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entity: + description: Optional field that can + be used to specify which domain + alert is related to. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header + configuration for the client. + This is mutually exclusive with + BasicAuth and is only available + starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the credentials + of the request + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication + type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the + client. This is mutually exclusive + with Authorization. If both + are defined, BasicAuth takes + precedence. + properties: + password: + description: The secret in + the service monitor namespace + that contains the password + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in + the service monitor namespace + that contains the username + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key + that contains the bearer token + to be used by the client for + authentication. The secret needs + to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow + HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the + targets. + properties: + clientId: + description: The secret or + configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to + append to the token URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch + the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate authority + used when verifying server + certificates. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + message: + description: Alert text limited to + 130 characters. + type: string + note: + description: Additional alert note. + type: string + priority: + description: Priority level of alert. + Possible values are P1, P2, P3, + P4, and P5. + type: string + responders: + description: List of responders responsible + for notifications. + items: + description: OpsGenieConfigResponder + defines a responder to an incident. + One of `id`, `name` or `username` + has to be defined. + properties: + id: + description: ID of the responder. + type: string + name: + description: Name of the responder. + type: string + type: + description: Type of responder. + enum: + - team + - teams + - user + - escalation + - schedule + minLength: 1 + type: string + username: + description: Username of the + responder. + type: string + required: + - type + type: object + type: array + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + source: + description: Backlink to the sender + of the notification. + type: string + tags: + description: Comma separated list + of tags attached to the notifications. + type: string + updateAlerts: + description: Whether to update message + and description of the alert in + OpsGenie if it already exists By + default, the alert is never updated + in OpsGenie, the new message only + appears in activity log. + type: boolean + type: object + type: array + pagerdutyConfigs: + description: List of PagerDuty configurations. + items: + description: PagerDutyConfig configures + notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config + properties: + class: + description: The class/type of the + event. + type: string + client: + description: Client identification. + type: string + clientURL: + description: Backlink to the sender + of notification. + type: string + component: + description: The part or component + of the affected system that is broken. + type: string + description: + description: Description of the incident. + type: string + details: + description: Arbitrary key/value pairs + that provide further detail about + the incident. + items: + description: KeyValue defines a + (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + group: + description: A cluster or grouping + of sources. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header + configuration for the client. + This is mutually exclusive with + BasicAuth and is only available + starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the credentials + of the request + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication + type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the + client. This is mutually exclusive + with Authorization. If both + are defined, BasicAuth takes + precedence. + properties: + password: + description: The secret in + the service monitor namespace + that contains the password + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in + the service monitor namespace + that contains the username + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key + that contains the bearer token + to be used by the client for + authentication. The secret needs + to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow + HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the + targets. + properties: + clientId: + description: The secret or + configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to + append to the token URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch + the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate authority + used when verifying server + certificates. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + pagerDutyImageConfigs: + description: A list of image details + to attach that provide further detail + about an incident. + items: + description: PagerDutyImageConfig + attaches images to an incident + properties: + alt: + description: Alt is the optional + alternative text for the image. + type: string + href: + description: Optional URL; makes + the image a clickable link. + type: string + src: + description: Src of the image + being attached to the incident + type: string + type: object + type: array + pagerDutyLinkConfigs: + description: A list of link details + to attach that provide further detail + about an incident. + items: + description: PagerDutyLinkConfig + attaches text links to an incident + properties: + alt: + description: Text that describes + the purpose of the link, and + can be used as the link's + text. + type: string + href: + description: Href is the URL + of the link to be attached + type: string + type: object + type: array + routingKey: + description: The secret's key that + contains the PagerDuty integration + key (when using Events API v2). + Either this field or `serviceKey` + needs to be defined. The secret + needs to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + serviceKey: + description: The secret's key that + contains the PagerDuty service key + (when using integration type "Prometheus"). + Either this field or `routingKey` + needs to be defined. The secret + needs to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + severity: + description: Severity of the incident. + type: string + url: + description: The URL to send requests + to. + type: string + type: object + type: array + pushoverConfigs: + description: List of Pushover configurations. + items: + description: PushoverConfig configures + notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + properties: + expire: + description: How long your notification + will continue to be retried for, + unless the user acknowledges the + notification. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + html: + description: Whether notification + message is HTML or plain text. + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header + configuration for the client. + This is mutually exclusive with + BasicAuth and is only available + starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the credentials + of the request + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication + type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the + client. This is mutually exclusive + with Authorization. If both + are defined, BasicAuth takes + precedence. + properties: + password: + description: The secret in + the service monitor namespace + that contains the password + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in + the service monitor namespace + that contains the username + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key + that contains the bearer token + to be used by the client for + authentication. The secret needs + to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow + HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the + targets. + properties: + clientId: + description: The secret or + configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to + append to the token URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch + the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate authority + used when verifying server + certificates. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + message: + description: Notification message. + type: string + priority: + description: Priority, see https://pushover.net/api#priority + type: string + retry: + description: How often the Pushover + servers will send the same notification + to the user. Must be at least 30 + seconds. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + sound: + description: The name of one of the + sounds supported by device clients + to override the user's default sound + choice + type: string + title: + description: Notification title. + type: string + token: + description: The secret's key that + contains the registered application's + API token, see https://pushover.net/apps. + The secret needs to be in the same + namespace as the AlertmanagerConfig + object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + description: A supplementary URL shown + alongside the message. + type: string + urlTitle: + description: A title for supplementary + URL, otherwise just the URL is shown + type: string + userKey: + description: The secret's key that + contains the recipient user's user + key. The secret needs to be in the + same namespace as the AlertmanagerConfig + object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + slackConfigs: + description: List of Slack configurations. + items: + description: SlackConfig configures notifications + via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + properties: + actions: + description: A list of Slack actions + that are sent with each notification. + items: + description: SlackAction configures + a single Slack action that is + sent with each notification. See + https://api.slack.com/docs/message-attachments#action_fields + and https://api.slack.com/docs/message-buttons + for more information. + properties: + confirm: + description: SlackConfirmationField + protect users from destructive + actions or particularly distinguished + decisions by asking them to + confirm their button click + one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields + for more information. + properties: + dismissText: + type: string + okText: + type: string + text: + minLength: 1 + type: string + title: + type: string + required: + - text + type: object + name: + type: string + style: + type: string + text: + minLength: 1 + type: string + type: + minLength: 1 + type: string + url: + type: string + value: + type: string + required: + - text + - type + type: object + type: array + apiURL: + description: The secret's key that + contains the Slack webhook URL. + The secret needs to be in the same + namespace as the AlertmanagerConfig + object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + callbackId: + type: string + channel: + description: The channel or user to + send notifications to. + type: string + color: + type: string + fallback: + type: string + fields: + description: A list of Slack fields + that are sent with each notification. + items: + description: SlackField configures + a single Slack field that is sent + with each notification. Each field + must contain a title, value, and + optionally, a boolean value to + indicate if the field is short + enough to be displayed next to + other fields designated as short. + See https://api.slack.com/docs/message-attachments#fields + for more information. + properties: + short: + type: boolean + title: + minLength: 1 + type: string + value: + minLength: 1 + type: string + required: + - title + - value + type: object + type: array + footer: + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header + configuration for the client. + This is mutually exclusive with + BasicAuth and is only available + starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the credentials + of the request + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication + type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the + client. This is mutually exclusive + with Authorization. If both + are defined, BasicAuth takes + precedence. + properties: + password: + description: The secret in + the service monitor namespace + that contains the password + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in + the service monitor namespace + that contains the username + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key + that contains the bearer token + to be used by the client for + authentication. The secret needs + to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow + HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the + targets. + properties: + clientId: + description: The secret or + configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to + append to the token URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch + the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate authority + used when verifying server + certificates. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + iconEmoji: + type: string + iconURL: + type: string + imageURL: + type: string + linkNames: + type: boolean + mrkdwnIn: + items: + type: string + type: array + pretext: + type: string + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + shortFields: + type: boolean + text: + type: string + thumbURL: + type: string + title: + type: string + titleLink: + type: string + username: + type: string + type: object + type: array + snsConfigs: + description: List of SNS configurations + items: + description: SNSConfig configures notifications + via AWS SNS. See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs + properties: + apiURL: + description: The SNS API URL i.e. + https://sns.us-east-2.amazonaws.com. + If not specified, the SNS API URL + from the SNS SDK will be used. + type: string + attributes: + additionalProperties: + type: string + description: SNS message attributes. + type: object + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header + configuration for the client. + This is mutually exclusive with + BasicAuth and is only available + starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the credentials + of the request + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication + type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the + client. This is mutually exclusive + with Authorization. If both + are defined, BasicAuth takes + precedence. + properties: + password: + description: The secret in + the service monitor namespace + that contains the password + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in + the service monitor namespace + that contains the username + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key + that contains the bearer token + to be used by the client for + authentication. The secret needs + to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow + HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the + targets. + properties: + clientId: + description: The secret or + configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to + append to the token URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch + the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate authority + used when verifying server + certificates. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + message: + description: The message content of + the SNS notification. + type: string + phoneNumber: + description: Phone number if message + is delivered via SMS in E.164 format. + If you don't specify this value, + you must specify a value for the + TopicARN or TargetARN. + type: string + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + sigv4: + description: Configures AWS's Signature + Verification 4 signing process to + sign requests. + properties: + accessKey: + description: AccessKey is the + AWS API key. If blank, the environment + variable `AWS_ACCESS_KEY_ID` + is used. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: Profile is the named + AWS profile used to authenticate. + type: string + region: + description: Region is the AWS + region. If blank, the region + from the default credentials + chain used. + type: string + roleArn: + description: RoleArn is the named + AWS profile used to authenticate. + type: string + secretKey: + description: SecretKey is the + AWS API secret. If blank, the + environment variable `AWS_SECRET_ACCESS_KEY` + is used. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + subject: + description: Subject line when the + message is delivered to email endpoints. + type: string + targetARN: + description: The mobile platform + endpoint ARN if message is delivered + via mobile notifications. If you + don't specify this value, you must + specify a value for the topic_arn + or PhoneNumber. + type: string + topicARN: + description: SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic + If you don't specify this value, + you must specify a value for the + PhoneNumber or TargetARN. + type: string + type: object + type: array + telegramConfigs: + description: List of Telegram configurations. + items: + description: TelegramConfig configures + notifications via Telegram. See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config + properties: + apiURL: + description: The Telegram API URL + i.e. https://api.telegram.org. If + not specified, default API URL will + be used. + type: string + botToken: + description: Telegram bot token The + secret needs to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + chatID: + description: The Telegram chat ID. + format: int64 + type: integer + disableNotifications: + description: Disable telegram notifications + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header + configuration for the client. + This is mutually exclusive with + BasicAuth and is only available + starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the credentials + of the request + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication + type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the + client. This is mutually exclusive + with Authorization. If both + are defined, BasicAuth takes + precedence. + properties: + password: + description: The secret in + the service monitor namespace + that contains the password + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in + the service monitor namespace + that contains the username + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key + that contains the bearer token + to be used by the client for + authentication. The secret needs + to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow + HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the + targets. + properties: + clientId: + description: The secret or + configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to + append to the token URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch + the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate authority + used when verifying server + certificates. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + message: + description: Message template + type: string + parseMode: + description: Parse mode for telegram + message + enum: + - MarkdownV2 + - Markdown + - HTML + type: string + sendResolved: + description: Whether to notify about + resolved alerts. + type: boolean + type: object + type: array + victoropsConfigs: + description: List of VictorOps configurations. + items: + description: VictorOpsConfig configures + notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: The secret's key that + contains the API key to use when + talking to the VictorOps API. The + secret needs to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiUrl: + description: The VictorOps API URL. + type: string + customFields: + description: Additional custom fields + for notification. + items: + description: KeyValue defines a + (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entityDisplayName: + description: Contains summary of the + alerted problem. + type: string + httpConfig: + description: The HTTP client's configuration. + properties: + authorization: + description: Authorization header + configuration for the client. + This is mutually exclusive with + BasicAuth and is only available + starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the credentials + of the request + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication + type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the + client. This is mutually exclusive + with Authorization. If both + are defined, BasicAuth takes + precedence. + properties: + password: + description: The secret in + the service monitor namespace + that contains the password + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in + the service monitor namespace + that contains the username + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key + that contains the bearer token + to be used by the client for + authentication. The secret needs + to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow + HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the + targets. + properties: + clientId: + description: The secret or + configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to + append to the token URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch + the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate authority + used when verifying server + certificates. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + messageType: + description: Describes the behavior + of the alert (CRITICAL, WARNING, + INFO). + type: string + monitoringTool: + description: The monitoring tool the + state message is from. + type: string + routingKey: + description: A key used to map the + alert to a team. + type: string + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + stateMessage: + description: Contains long explanation + of the alerted problem. + type: string + type: object + type: array + webhookConfigs: + description: List of webhook configurations. + items: + description: WebhookConfig configures + notifications via a generic receiver + supporting the webhook payload. See + https://prometheus.io/docs/alerting/latest/configuration/#webhook_config + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header + configuration for the client. + This is mutually exclusive with + BasicAuth and is only available + starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the credentials + of the request + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication + type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the + client. This is mutually exclusive + with Authorization. If both + are defined, BasicAuth takes + precedence. + properties: + password: + description: The secret in + the service monitor namespace + that contains the password + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in + the service monitor namespace + that contains the username + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key + that contains the bearer token + to be used by the client for + authentication. The secret needs + to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow + HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the + targets. + properties: + clientId: + description: The secret or + configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to + append to the token URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch + the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate authority + used when verifying server + certificates. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + maxAlerts: + description: Maximum number of alerts + to be sent per webhook message. + When 0, all alerts are included. + format: int32 + minimum: 0 + type: integer + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + url: + description: The URL to send HTTP + POST requests to. `urlSecret` takes + precedence over `url`. One of `urlSecret` + and `url` should be defined. + type: string + urlSecret: + description: The secret's key that + contains the webhook URL to send + HTTP requests to. `urlSecret` takes + precedence over `url`. One of `urlSecret` + and `url` should be defined. The + secret needs to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + wechatConfigs: + description: List of WeChat configurations. + items: + description: WeChatConfig configures notifications + via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config + properties: + agentID: + type: string + apiSecret: + description: The secret's key that + contains the WeChat API key. The + secret needs to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: The WeChat API URL. + type: string + corpID: + description: The corp id for authentication. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header + configuration for the client. + This is mutually exclusive with + BasicAuth and is only available + starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's + key that contains the credentials + of the request + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication + type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the + client. This is mutually exclusive + with Authorization. If both + are defined, BasicAuth takes + precedence. + properties: + password: + description: The secret in + the service monitor namespace + that contains the password + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in + the service monitor namespace + that contains the username + for authentication. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key + that contains the bearer token + to be used by the client for + authentication. The secret needs + to be in the same namespace + as the AlertmanagerConfig object + and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow + HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the + targets. + properties: + clientId: + description: The secret or + configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to + append to the token URL + type: object + scopes: + description: OAuth2 scopes + used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch + the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration + for the client. + properties: + ca: + description: Certificate authority + used when verifying server + certificates. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap + containing data to use + for the targets. + properties: + key: + description: The key + to select. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the ConfigMap + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the + targets. + properties: + key: + description: The key + of the secret to + select from. Must + be a valid secret + key. + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other + useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify + whether the Secret + or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target + certificate validation. + type: boolean + keySecret: + description: Secret containing + the client key file for + the targets. + properties: + key: + description: The key of + the secret to select + from. Must be a valid + secret key. + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful + fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify + the hostname for the targets. + type: string + type: object + type: object + message: + description: API request data as defined + by the WeChat API. + type: string + messageType: + type: string + sendResolved: + description: Whether or not to notify + about resolved alerts. + type: boolean + toParty: + type: string + toTag: + type: string + toUser: + type: string + type: object + type: array + required: + - name + type: object + type: array + route: + description: The Alertmanager route definition + for alerts matching the resource's namespace. + If present, it will be added to the generated + Alertmanager configuration as a first-level + route. + properties: + activeTimeIntervals: + description: ActiveTimeIntervals is a list + of MuteTimeInterval names when this route + should be active. + items: + type: string + type: array + continue: + description: Boolean indicating whether an + alert should continue matching subsequent + sibling nodes. It will always be overridden + to true for the first-level route by the + Prometheus operator. + type: boolean + groupBy: + description: List of labels to group by. Labels + must not be repeated (unique list). Special + label "..." (aggregate by all possible labels), + if provided, must be the only element in + the list. + items: + type: string + type: array + groupInterval: + description: 'How long to wait before sending + an updated notification. Must match the + regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "5m"' + type: string + groupWait: + description: 'How long to wait before sending + the initial notification. Must match the + regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "30s"' + type: string + matchers: + description: 'List of matchers that the alert''s + labels should match. For the first level + route, the operator removes any existing + equality and regexp matcher on the `namespace` + label and adds a `namespace: ` + matcher.' + items: + description: Matcher defines how to match + on alert's labels. + properties: + matchType: + description: Match operation available + with AlertManager >= v0.22.0 and takes + precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - "=" + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality + (false) or regular-expression (true). + Deprecated as of AlertManager >= v0.22.0 + where a user should use MatchType + instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + muteTimeIntervals: + description: 'Note: this comment applies to + the field definition above but appears below + otherwise it gets included in the generated + manifest. CRD schema doesn''t support self-referential + types for now (see https://github.com/kubernetes/kubernetes/issues/62872). + We have to use an alternative type to circumvent + the limitation. The downside is that the + Kube API can''t validate the data beyond + the fact that it is a valid JSON representation. + MuteTimeIntervals is a list of MuteTimeInterval + names that will mute this route when matched,' + items: + type: string + type: array + receiver: + description: Name of the receiver for this + route. If not empty, it should be listed + in the `receivers` field. + type: string + repeatInterval: + description: 'How long to wait before repeating + the last notification. Must match the regular + expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "4h"' + type: string + routes: + description: Child routes. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + email: + description: Email necessary to send alerts via email + type: string + type: object + network: + description: Network contains any network related settings. + properties: + ipFilter: + default: + - 0.0.0.0/0 + description: IPFilter is a list of allowed IPv4 CIDR + ranges that can access the service. If no IP Filter + is set, you may not be able to reach the service. + A value of `0.0.0.0/0` will open the service to + all addresses on the public internet. + items: + type: string + type: array + serviceType: + default: ClusterIP + description: 'ServiceType defines the type of the + service. Possible enum values: - `"ClusterIP"` indicates + that the service is only reachable from within the + cluster. - `"LoadBalancer"` indicates that the service + is reachable from the public internet via dedicated + Ipv4 address.' + enum: + - ClusterIP + - LoadBalancer + type: string + type: object + replication: + description: "This section allows to configure Postgres + replication mode and HA roles groups. \n The main replication + group is implicit and contains the total number of instances + less the sum of all instances in other replication groups." + properties: + mode: + description: "Mode defines the replication mode applied + to the whole cluster. Possible values are: \"async\"(default), + \"sync\", and \"strict-sync\" \n \"async\": When + in asynchronous mode the cluster is allowed to lose + some committed transactions. When the primary server + fails or becomes unavailable for any other reason + a sufficiently healthy standby will automatically + be promoted to primary. Any transactions that have + not been replicated to that standby remain in a + “forked timeline” on the primary, and are effectively + unrecoverable \n \"sync\": When in synchronous mode + a standby will not be promoted unless it is certain + that the standby contains all transactions that + may have returned a successful commit status to + client. This means that the system may be unavailable + for writes even though some servers are available. + \n \"strict-sync\": When it is absolutely necessary + to guarantee that each write is stored durably on + at least two nodes, use the strict synchronous mode. + This mode prevents synchronous replication to be + switched off on the primary when no synchronous + standby candidates are available. As a downside, + the primary will not be available for writes, blocking + all client write requests until at least one synchronous + replica comes up. \n NOTE: We recommend to always + use three intances when setting the mode to \"strict-sync\"." + enum: + - async + - sync + - strict-sync + type: string + type: object + restore: + description: Restore contains settings to control the + restore of an instance. + properties: + backupName: + description: BackupName is the name of the specific + backup you want to restore. + type: string + claimName: + description: ClaimName specifies the name of the instance + you want to restore from. The claim has to be in + the same namespace as this new instance. + type: string + recoveryTimeStamp: + description: RecoveryTimeStamp an ISO 8601 date, that + holds UTC date indicating at which point-in-time + the database has to be restored. This is optional + and if no PIT recovery is required, it can be left + empty. + pattern: ^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\d|2[0-3]):[0-5]\d:[0-5]\d(?:Z|[+-][01]\d:[0-5]\d)$ + type: string + type: object + scheduling: + description: Scheduling contains settings to control the + scheduling of an instance. + properties: + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is a selector which must + match a node’s labels for the pod to be scheduled + on that node + type: object + type: object + service: + description: Service contains PostgreSQL DBaaS specific + properties + properties: + extensions: + description: Extensions allow to enable/disable any + of the supported + items: + description: VSHNDBaaSPostgresExtension contains + the name of a single extension. + properties: + name: + description: Name is the name of the extension + to enable. For an extensive list, please consult + https://stackgres.io/doc/latest/intro/extensions/ + type: string + type: object + type: array + majorVersion: + default: "15" + description: MajorVersion contains supported version + of PostgreSQL. Multiple versions are supported. + The latest version "15" is the default version. + enum: + - "12" + - "13" + - "14" + - "15" + type: string + pgBouncerSettings: + description: PgBouncerSettings passes additional configuration + to the pgBouncer instance. + properties: + databases: + description: "The `pgbouncer.ini` (Section [databases]) + parameters the configuration contains, represented + as an object where the keys are valid names + for the `pgbouncer.ini` configuration file parameters. + \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-databases) + for more information about supported parameters." + type: object + x-kubernetes-preserve-unknown-fields: true + pgbouncer: + description: "The `pgbouncer.ini` (Section [pgbouncer]) + parameters the configuration contains, represented + as an object where the keys are valid names + for the `pgbouncer.ini` configuration file parameters. + \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#generic-settings) + for more information about supported parameters" + type: object + x-kubernetes-preserve-unknown-fields: true + users: + description: "The `pgbouncer.ini` (Section [users]) + parameters the configuration contains, represented + as an object where the keys are valid names + for the `pgbouncer.ini` configuration file parameters. + \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-users) + for more information about supported parameters." + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + pgSettings: + description: PGSettings contains additional PostgreSQL + settings. + type: object + x-kubernetes-preserve-unknown-fields: true + serviceLevel: + default: besteffort + description: ServiceLevel defines the service level + of this service. Either Best Effort or Guaranteed + Availability is allowed. + enum: + - besteffort + - guaranteed + type: string + type: object + size: + description: Size contains settings to control the sizing + of a service. + properties: + cpu: + description: CPU defines the amount of Kubernetes + CPUs for an instance. + type: string + disk: + description: Disk defines the amount of disk space + for an instance. + type: string + memory: + description: Memory defines the amount of memory in + units of bytes for an instance. + type: string + plan: + description: Plan is the name of the resource plan + that defines the compute resources. + type: string + requests: + description: Requests defines CPU and memory requests + for an instance + properties: + cpu: + description: CPU defines the amount of Kubernetes + CPUs for an instance. + type: string + memory: + description: Memory defines the amount of memory + in units of bytes for an instance. + type: string + type: object + type: object + updateStrategy: + description: UpdateStrategy indicates when updates to + the instance spec will be applied. + properties: + type: + default: Immediate + description: 'Type indicates the type of the UpdateStrategy. + Default is OnRestart. Possible enum values: - `"OnRestart"` + indicates that the changes to the spec will only + be applied once the instance is restarted by other + means, most likely during maintenance. - `"Immediate"` + indicates that update will be applied to the instance + as soon as the spec changes. Please be aware that + this might lead to short downtime.' + enum: + - Immediate + - OnRestart + type: string + type: object + type: object + relativePath: + default: / + description: RelativePath on which Keycloak will listen. + type: string + serviceLevel: + default: besteffort + description: ServiceLevel defines the service level of this + service. Either Best Effort or Guaranteed Availability is + allowed. + enum: + - besteffort + - guaranteed + type: string + version: + default: "23" + description: Version contains supported version of keycloak. + Multiple versions are supported. The latest version 22 is + the default version. + enum: + - "23" + type: string + type: object + size: + description: Size contains settings to control the sizing of a + service. + properties: + cpu: + description: CPU defines the amount of Kubernetes CPUs for + an instance. + type: string + disk: + description: Disk defines the amount of disk space for an + instance. + type: string + memory: + description: Memory defines the amount of memory in units + of bytes for an instance. + type: string + plan: + description: Plan is the name of the resource plan that defines + the compute resources. + type: string + requests: + description: Requests defines CPU and memory requests for + an instance + properties: + cpu: + description: CPU defines the amount of Kubernetes CPUs + for an instance. + type: string + memory: + description: Memory defines the amount of memory in units + of bytes for an instance. + type: string + type: object + type: object + tls: + description: TLS contains settings to control tls traffic of a + service. + properties: + authClients: + default: true + description: TLSAuthClients enables client authentication + requirement + type: boolean + enabled: + default: true + description: TLSEnabled enables TLS traffic for the service + type: boolean + type: object + type: object + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + type: object + status: + properties: + caCertificateConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + clientCertificateConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + instanceNamespace: + description: InstanceNamespace contains the name of the namespace + where the instance resides + type: string + localCAConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + namespaceConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + schedules: + description: Schedules keeps track of random generated schedules, + is overwriten by schedules set in the service's spec. + properties: + backup: + description: Backup keeps track of the backup schedule. + type: string + maintenance: + description: Maintenance keeps track of the maintenance schedule. + properties: + dayOfWeek: + description: DayOfWeek specifies at which weekday the maintenance + is held place. Allowed values are [monday, tuesday, wednesday, + thursday, friday, saturday, sunday] + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + timeOfDay: + description: 'TimeOfDay for installing updates in UTC. Format: + "hh:mm:ss".' + pattern: ^([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$ + type: string + type: object + type: object + selfSignedIssuerConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + serverCertificateConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/crds/vshn.appcat.vshn.io_xvshnpostgresqls.yaml b/crds/vshn.appcat.vshn.io_xvshnpostgresqls.yaml index 1df0dd1606..bac11fbde2 100644 --- a/crds/vshn.appcat.vshn.io_xvshnpostgresqls.yaml +++ b/crds/vshn.appcat.vshn.io_xvshnpostgresqls.yaml @@ -5040,6 +5040,35 @@ spec: - "14" - "15" type: string + pgBouncerSettings: + description: PgBouncerSettings passes additional configuration + to the pgBouncer instance. + properties: + databases: + description: "The `pgbouncer.ini` (Section [databases]) + parameters the configuration contains, represented as + an object where the keys are valid names for the `pgbouncer.ini` + configuration file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-databases) + for more information about supported parameters." + type: object + x-kubernetes-preserve-unknown-fields: true + pgbouncer: + description: "The `pgbouncer.ini` (Section [pgbouncer]) + parameters the configuration contains, represented as + an object where the keys are valid names for the `pgbouncer.ini` + configuration file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#generic-settings) + for more information about supported parameters" + type: object + x-kubernetes-preserve-unknown-fields: true + users: + description: "The `pgbouncer.ini` (Section [users]) parameters + the configuration contains, represented as an object + where the keys are valid names for the `pgbouncer.ini` + configuration file parameters. \n Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-users) + for more information about supported parameters." + type: object + x-kubernetes-preserve-unknown-fields: true + type: object pgSettings: description: PGSettings contains additional PostgreSQL settings. type: object diff --git a/go.mod b/go.mod index 632692e6b1..d5224274b6 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,6 @@ require ( github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79 github.com/crossplane/function-sdk-go v0.1.0 github.com/deepmap/oapi-codegen v0.0.0-00010101000000-000000000000 - github.com/docker/docker v24.0.7+incompatible github.com/go-logr/logr v1.3.0 github.com/go-logr/zapr v1.2.4 github.com/golang/mock v1.6.0 @@ -96,6 +95,7 @@ require ( github.com/distribution/reference v0.5.0 // indirect github.com/docker/cli v24.0.6+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect + github.com/docker/docker v24.0.7+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.0 // indirect github.com/emicklei/dot v1.6.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect diff --git a/pkg/comp-functions/functions/common/alerting.go b/pkg/comp-functions/functions/common/alerting.go index 622c705bc8..9268f8b47f 100644 --- a/pkg/comp-functions/functions/common/alerting.go +++ b/pkg/comp-functions/functions/common/alerting.go @@ -15,7 +15,7 @@ import ( "github.com/vshn/appcat/v4/pkg/comp-functions/runtime" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) type Alerter interface { @@ -102,12 +102,12 @@ func deployAlertmanagerFromRef(ctx context.Context, AlertmanagerConfigSecretRef, Namespace: claimNamespace, Name: AlertmanagerConfigSecretRef, }, - FieldPath: pointer.String("spec"), + FieldPath: ptr.To("spec"), }, - ToFieldPath: pointer.String("spec"), + ToFieldPath: ptr.To("spec"), } - return svc.SetDesiredKubeObject(ac, name+"-alertmanagerconfig", xRef) + return svc.SetDesiredKubeObject(ac, name+"-alertmanagerconfig", runtime.KubeOptionAddRefs(xRef)) } func deployAlertmanagerFromTemplate(ctx context.Context, AlertmanagerConfigSecretRef, claimNamespace, name, instanceNamespace string, AlertmanagerConfigSpecTemplate *alertmanagerv1alpha1.AlertmanagerConfigSpec, svc *runtime.ServiceRuntime) error { @@ -137,10 +137,10 @@ func deploySecretRef(ctx context.Context, AlertmanagerConfigSecretRef, claimName Namespace: claimNamespace, Name: AlertmanagerConfigSecretRef, }, - FieldPath: pointer.String("data"), + FieldPath: ptr.To("data"), }, - ToFieldPath: pointer.String("data"), + ToFieldPath: ptr.To("data"), } - return svc.SetDesiredKubeObject(s, name+"-alertmanagerconfigsecret", xRef) + return svc.SetDesiredKubeObject(s, name+"-alertmanagerconfigsecret", runtime.KubeOptionAddRefs(xRef)) } diff --git a/pkg/comp-functions/functions/common/instance_namespace.go b/pkg/comp-functions/functions/common/instance_namespace.go index 40c2e064d9..2e039c94f4 100644 --- a/pkg/comp-functions/functions/common/instance_namespace.go +++ b/pkg/comp-functions/functions/common/instance_namespace.go @@ -18,15 +18,6 @@ const ( claimNameLabel = "crossplane.io/claim-name" ) -// InstanceNamespaceInfo provides all the necessary information to create -// an instance namespace. -type InstanceNamespaceInfo interface { - GetName() string - GetClaimNamespace() string - GetInstanceNamespace() string - GetLabels() map[string]string -} - func BootstrapInstanceNs(ctx context.Context, comp InstanceNamespaceInfo, serviceName, namespaceResName string, svc *runtime.ServiceRuntime) error { l := svc.Log diff --git a/pkg/comp-functions/functions/common/interfaces.go b/pkg/comp-functions/functions/common/interfaces.go index 612c3cb51a..44c4b0fc9b 100644 --- a/pkg/comp-functions/functions/common/interfaces.go +++ b/pkg/comp-functions/functions/common/interfaces.go @@ -4,9 +4,18 @@ import vshnv1 "github.com/vshn/appcat/v4/apis/vshn/v1" // InfoGetter will return various information about the given AppCat composite. type InfoGetter interface { - GetName() string - GetInstanceNamespace() string GetBackupSchedule() string GetBackupRetention() vshnv1.K8upRetentionPolicy GetServiceName() string + GetLabels() map[string]string + InstanceNamespaceInfo +} + +// InstanceNamespaceInfo provides all the necessary information to create +// an instance namespace. +type InstanceNamespaceInfo interface { + GetName() string + GetClaimNamespace() string + GetInstanceNamespace() string + GetLabels() map[string]string } diff --git a/pkg/comp-functions/functions/common/mailgun_alerting.go b/pkg/comp-functions/functions/common/mailgun_alerting.go index eb27d24a74..df514c5b7f 100644 --- a/pkg/comp-functions/functions/common/mailgun_alerting.go +++ b/pkg/comp-functions/functions/common/mailgun_alerting.go @@ -12,7 +12,7 @@ import ( runtime "github.com/vshn/appcat/v4/pkg/comp-functions/runtime" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" controllerruntime "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -83,8 +83,8 @@ func deployAlertmanagerConfig(ctx context.Context, name, email, instanceNamespac }, }, Smarthost: svc.Config.Data["emailAlertingSmtpHost"], - RequireTLS: pointer.Bool(true), - SendResolved: pointer.Bool(true), + RequireTLS: ptr.To(true), + SendResolved: ptr.To(true), }, }, }, @@ -125,16 +125,16 @@ func deployAlertmanagerConfig(ctx context.Context, name, email, instanceNamespac Namespace: svc.Config.Data["emailAlertingSecretNamespace"], Name: svc.Config.Data["emailAlertingSecretName"], }, - FieldPath: pointer.String("data.password"), + FieldPath: ptr.To("data.password"), }, - ToFieldPath: pointer.String("data.password"), + ToFieldPath: ptr.To("data.password"), } - if err := svc.SetDesiredKubeObject(secret, alertManagerConfigSecretName, patchSecretWithOtherSecret); err != nil { + if err := svc.SetDesiredKubeObject(secret, alertManagerConfigSecretName, runtime.KubeOptionAddRefs(patchSecretWithOtherSecret)); err != nil { return err } - return svc.SetDesiredKubeObject(ac, alertManagerConfigName, xRef) + return svc.SetDesiredKubeObject(ac, alertManagerConfigName, runtime.KubeOptionAddRefs(xRef)) } func mailAlertingEnabled(config *v1.ConfigMap) bool { diff --git a/pkg/comp-functions/functions/common/maintenance/maintenance.go b/pkg/comp-functions/functions/common/maintenance/maintenance.go index 24e5173476..d5ea6014fc 100644 --- a/pkg/comp-functions/functions/common/maintenance/maintenance.go +++ b/pkg/comp-functions/functions/common/maintenance/maintenance.go @@ -129,7 +129,7 @@ func (m *Maintenance) Run(ctx context.Context) *xfnproto.Result { } for _, extraR := range m.extraResources { - err = m.svc.SetDesiredKubeObject(extraR.Resource, extraR.Name, extraR.Refs...) + err = m.svc.SetDesiredKubeObject(extraR.Resource, extraR.Name, runtime.KubeOptionAddRefs(extraR.Refs...)) if err != nil { return runtime.NewFatalResult(err) } @@ -298,10 +298,10 @@ func (m *Maintenance) parseCron() (string, error) { } // SetReleaseVersion sets the version from the claim if it's a new instance otherwise it is managed by maintenance function -func SetReleaseVersion(ctx context.Context, version string, values map[string]interface{}, observed map[string]interface{}, fields []string) error { +func SetReleaseVersion(ctx context.Context, version string, desiredValues map[string]interface{}, observedValues map[string]interface{}, fields []string) error { l := controllerruntime.LoggerFrom(ctx) - tag, _, err := unstructured.NestedString(observed, fields...) + tag, _, err := unstructured.NestedString(observedValues, fields...) if err != nil { return fmt.Errorf("cannot get image tag from values in release: %v", err) } @@ -316,13 +316,13 @@ func SetReleaseVersion(ctx context.Context, version string, values map[string]in if err != nil { l.Info("failed to parse observed service version", "version", tag) // If the observed version is not parsable, e.g. if it's empty, update to the desired version - return unstructured.SetNestedField(values, version, fields...) + return unstructured.SetNestedField(desiredValues, version, fields...) } if observedVersion.GTE(desiredVersion) { // In case the overved tag is valid and greater than the desired version, keep the observed version - return unstructured.SetNestedField(values, tag, fields...) + return unstructured.SetNestedField(desiredValues, tag, fields...) } // In case the observed tag is smaller than the desired version, then set the version from the claim - return unstructured.SetNestedField(values, version, fields...) + return unstructured.SetNestedField(desiredValues, version, fields...) } diff --git a/pkg/comp-functions/functions/common/netpol.go b/pkg/comp-functions/functions/common/netpol.go index 7a2bbe55fe..57879c5e34 100644 --- a/pkg/comp-functions/functions/common/netpol.go +++ b/pkg/comp-functions/functions/common/netpol.go @@ -1,7 +1,6 @@ package common import ( - "context" "fmt" "github.com/vshn/appcat/v4/pkg/comp-functions/runtime" @@ -9,7 +8,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -func CreateNetworkPolicy(ctx context.Context, sourceNs []string, instanceNs string, instance string, svc *runtime.ServiceRuntime) error { +func CreateNetworkPolicy(sourceNs []string, instanceNs string, instance string, svc *runtime.ServiceRuntime) error { netPolPeer := []netv1.NetworkPolicyPeer{} for _, ns := range sourceNs { diff --git a/pkg/comp-functions/functions/common/password.go b/pkg/comp-functions/functions/common/password.go index 0d5b357aa0..0b0a2434f3 100644 --- a/pkg/comp-functions/functions/common/password.go +++ b/pkg/comp-functions/functions/common/password.go @@ -3,6 +3,7 @@ package common import ( "fmt" + xkube "github.com/crossplane-contrib/provider-kubernetes/apis/object/v1alpha1" "github.com/sethvargo/go-password/password" "github.com/vshn/appcat/v4/pkg/comp-functions/runtime" corev1 "k8s.io/api/core/v1" @@ -14,9 +15,11 @@ import ( // The function accepts a list of fields that should be populated with passwords. // It returns the name of the secret resource, so it can be referenced later. The name of the inner secret object is the // same as the resource name. +// Additionally it exposes the generated passwords as connection details, for easier retrieval. func AddCredentialsSecret(comp InfoGetter, svc *runtime.ServiceRuntime, fieldList []string) (string, error) { secretObjectName := comp.GetName() + "-credentials-secret" secret := &corev1.Secret{} + cd := []xkube.ConnectionDetail{} err := svc.GetObservedKubeObject(secret, secretObjectName) if err == runtime.ErrNotFound { stringData := map[string]string{} @@ -38,7 +41,22 @@ func AddCredentialsSecret(comp InfoGetter, svc *runtime.ServiceRuntime, fieldLis return secretObjectName, err } - return secretObjectName, svc.SetDesiredKubeObject(secret, secretObjectName) + // We need to add the secrets every time, or we override existing ones with + // an empty array. + for _, field := range fieldList { + cd = append(cd, xkube.ConnectionDetail{ + ObjectReference: corev1.ObjectReference{ + APIVersion: "v1", + Kind: "Secret", + Namespace: comp.GetInstanceNamespace(), + Name: secretObjectName, + FieldPath: "data." + field, + }, + ToConnectionSecretKey: field, + }) + } + + return secretObjectName, svc.SetDesiredKubeObject(secret, secretObjectName, runtime.KubeOptionAddConnectionDetails(comp.GetInstanceNamespace(), cd...)) } func genPassword() (string, error) { diff --git a/pkg/comp-functions/functions/common/rbac.go b/pkg/comp-functions/functions/common/rbac.go index a0fcb6033d..92ae65fd8d 100644 --- a/pkg/comp-functions/functions/common/rbac.go +++ b/pkg/comp-functions/functions/common/rbac.go @@ -40,7 +40,7 @@ func AddSaWithRole(ctx context.Context, svc *runtime.ServiceRuntime, policies [] }, } - err = svc.SetDesiredKubeObject(role, compName+"-"+suffix+"-role", saReference) + err = svc.SetDesiredKubeObject(role, compName+"-"+suffix+"-role", runtime.KubeOptionAddRefs(saReference)) if err != nil { return err } @@ -70,5 +70,5 @@ func AddSaWithRole(ctx context.Context, svc *runtime.ServiceRuntime, policies [] }, } - return svc.SetDesiredKubeObject(roleBinding, compName+"-"+suffix+"-rolebinding", roleReference, saReference) + return svc.SetDesiredKubeObject(roleBinding, compName+"-"+suffix+"-rolebinding", runtime.KubeOptionAddRefs(roleReference, saReference)) } diff --git a/pkg/comp-functions/functions/common/release.go b/pkg/comp-functions/functions/common/release.go index 75bf72c946..176968a89c 100644 --- a/pkg/comp-functions/functions/common/release.go +++ b/pkg/comp-functions/functions/common/release.go @@ -1,10 +1,16 @@ package common import ( + "context" "encoding/json" + "errors" "fmt" + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" xhelmv1 "github.com/vshn/appcat/v4/apis/helm/release/v1beta1" + "github.com/vshn/appcat/v4/pkg/comp-functions/runtime" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + k8sruntime "k8s.io/apimachinery/pkg/runtime" ) // GetReleaseValues returns the parsed values from the given release. @@ -19,3 +25,78 @@ func GetReleaseValues(r *xhelmv1.Release) (map[string]interface{}, error) { } return values, nil } + +// GetObservedReleaseValues returns the observed releaseValues for the given release name. +func GetObservedReleaseValues(svc *runtime.ServiceRuntime, releaseName string) (map[string]interface{}, error) { + values := map[string]interface{}{} + + r, err := getObservedRelease(svc, releaseName) + if err != nil { + return nil, fmt.Errorf("cannot get observed release: %w", err) + } + + if r == nil { + return values, nil + } + + if r.Spec.ForProvider.Values.Raw == nil { + return values, nil + } + err = json.Unmarshal(r.Spec.ForProvider.Values.Raw, &values) + if err != nil { + return nil, fmt.Errorf("cannot unmarshal values from release: %v", err) + } + + return values, err +} + +func getObservedRelease(svc *runtime.ServiceRuntime, releaseName string) (*xhelmv1.Release, error) { + r := &xhelmv1.Release{} + err := svc.GetObservedComposedResource(r, releaseName) + if errors.Is(err, runtime.ErrNotFound) { + return nil, nil + } + return r, nil +} + +// NewRelease returns a new release with some defaults set. +func NewRelease(ctx context.Context, svc *runtime.ServiceRuntime, comp InfoGetter, values map[string]any, cd ...xhelmv1.ConnectionDetail) (*xhelmv1.Release, error) { + + vb, err := json.Marshal(values) + if err != nil { + return nil, err + } + + release := &xhelmv1.Release{ + ObjectMeta: metav1.ObjectMeta{ + Name: comp.GetName(), + }, + Spec: xhelmv1.ReleaseSpec{ + ForProvider: xhelmv1.ReleaseParameters{ + Chart: xhelmv1.ChartSpec{ + Repository: svc.Config.Data["chartRepository"], + Version: svc.Config.Data["chartVersion"], + Name: comp.GetServiceName(), + }, + Namespace: comp.GetInstanceNamespace(), + ValuesSpec: xhelmv1.ValuesSpec{ + Values: k8sruntime.RawExtension{ + Raw: vb, + }, + }, + }, + ResourceSpec: xpv1.ResourceSpec{ + ProviderConfigReference: &xpv1.Reference{ + Name: "helm", + }, + WriteConnectionSecretToReference: &xpv1.SecretReference{ + Name: comp.GetName() + "-connection", + Namespace: comp.GetInstanceNamespace(), + }, + }, + ConnectionDetails: cd, + }, + } + + return release, nil +} diff --git a/pkg/comp-functions/functions/common/resources.go b/pkg/comp-functions/functions/common/resources.go index bd297f36e1..bd75c5b2e4 100644 --- a/pkg/comp-functions/functions/common/resources.go +++ b/pkg/comp-functions/functions/common/resources.go @@ -5,7 +5,15 @@ import ( "github.com/vshn/appcat/v4/pkg/common/utils" ) -func GetResources(size *vshnv1.VSHNSizeSpec, r utils.Resources) (string, string, string, string, string) { +type Resources struct { + ReqMem string + ReqCPU string + Mem string + CPU string + Disk string +} + +func GetResources(size *vshnv1.VSHNSizeSpec, r utils.Resources) Resources { reqMem := size.Requests.Memory reqCPU := size.Requests.CPU mem := size.Memory @@ -27,5 +35,11 @@ func GetResources(size *vshnv1.VSHNSizeSpec, r utils.Resources) (string, string, if disk == "" { disk = r.Disk.String() } - return reqMem, reqCPU, mem, cpu, disk + return Resources{ + ReqMem: reqMem, + ReqCPU: reqCPU, + Mem: mem, + CPU: cpu, + Disk: disk, + } } diff --git a/pkg/comp-functions/functions/vshnkeycloak/deploy.go b/pkg/comp-functions/functions/vshnkeycloak/deploy.go new file mode 100644 index 0000000000..1c1901686d --- /dev/null +++ b/pkg/comp-functions/functions/vshnkeycloak/deploy.go @@ -0,0 +1,297 @@ +package vshnkeycloak + +import ( + "context" + "encoding/json" + "fmt" + + "dario.cat/mergo" + xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + xfnproto "github.com/crossplane/function-sdk-go/proto/v1beta1" + xhelmv1 "github.com/vshn/appcat/v4/apis/helm/release/v1beta1" + sgv1 "github.com/vshn/appcat/v4/apis/stackgres/v1" + vshnv1 "github.com/vshn/appcat/v4/apis/vshn/v1" + "github.com/vshn/appcat/v4/pkg/common/utils" + "github.com/vshn/appcat/v4/pkg/comp-functions/functions/common" + "github.com/vshn/appcat/v4/pkg/comp-functions/functions/vshnpostgres" + "github.com/vshn/appcat/v4/pkg/comp-functions/runtime" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + k8sruntime "k8s.io/apimachinery/pkg/runtime" +) + +const ( + pgInstanceNameSuffix = "-pg" + pgSecretName = "pg-creds" + adminPWSecretField = "password" + adminPWConnectionDetailsField = "KEYCLOAK_PASSWORD" + adminConnectionDetailsField = "KEYCLOAK_USERNAME" + hostConnectionDetailsField = "KEYCLOAK_HOST" + urlConnectionDetailsField = "KEYCLOAK_URL" + serviceSuffix = "keycloakx-http" +) + +// DeployKeycloak deploys a keycloak instance via the codecentric Helm Chart. +func DeployKeycloak(ctx context.Context, svc *runtime.ServiceRuntime) *xfnproto.Result { + + comp := &vshnv1.VSHNKeycloak{} + err := svc.GetObservedComposite(comp) + if err != nil { + return runtime.NewFatalResult(fmt.Errorf("cannot get composite: %w", err)) + } + + svc.Log.Info("Adding postgresql instance") + err = addPostgreSQL(svc, comp) + if err != nil { + return runtime.NewWarningResult(fmt.Sprintf("cannot create postgresql instance: %s", err)) + } + + svc.Log.Info("Bootstrapping instance namespace and rbac rules") + err = common.BootstrapInstanceNs(ctx, comp, comp.GetServiceName(), comp.GetName()+"-instanceNs", svc) + if err != nil { + return runtime.NewWarningResult(fmt.Sprintf("cannot bootstrap instance namespace: %s", err)) + } + + svc.Log.Info("Checking readiness of cluster") + + resourceCDMap := map[string][]string{ + comp.GetName() + pgInstanceNameSuffix: { + vshnpostgres.PostgresqlHost, + vshnpostgres.PostgresqlPort, + vshnpostgres.PostgresqlDb, + vshnpostgres.PostgresqlUser, + vshnpostgres.PostgresqlPassword, + }, + } + + ready, err := svc.WaitForDependenciesWithConnectionDetails(comp.GetName(), resourceCDMap) + if err != nil { + // We're returning a fatal here, so in case something is wrong we won't delete anything by mistake. + return runtime.NewFatalResult(err) + } else if !ready { + return runtime.NewWarningResult("postgresql instance not yet ready") + } + + svc.Log.Info("Adding release") + + adminSecret, err := common.AddCredentialsSecret(comp, svc, []string{adminPWSecretField}) + if err != nil { + return runtime.NewWarningResult(fmt.Sprintf("cannot generate admin secret: %s", err)) + } + + cd, err := svc.GetObservedComposedResourceConnectionDetails(adminSecret) + if err != nil { + return runtime.NewWarningResult(fmt.Sprintf("cannot get observed connection details for keycloak admin: %s", err)) + } + + svc.Log.Info("Adding Network policy for keycloak") + + sourceNS := []string{ + comp.GetClaimNamespace(), + } + err = common.CreateNetworkPolicy(sourceNS, comp.GetInstanceNamespace(), comp.GetName(), svc) + if err != nil { + return runtime.NewFatalResult(fmt.Errorf("cannot create net pol: %w", err)) + } + + svc.SetConnectionDetail(adminPWConnectionDetailsField, cd[adminPWSecretField]) + svc.SetConnectionDetail(adminConnectionDetailsField, []byte("admin")) + svc.SetConnectionDetail(hostConnectionDetailsField, []byte(fmt.Sprintf("%s-%s.%s.svc.cluster.local", comp.GetName(), serviceSuffix, comp.GetInstanceNamespace()))) + + err = addRelease(ctx, svc, comp, adminSecret) + if err != nil { + return runtime.NewWarningResult(fmt.Sprintf("cannot create release: %s", err)) + } + + return nil +} + +func addPostgreSQL(svc *runtime.ServiceRuntime, comp *vshnv1.VSHNKeycloak) error { + // Unfortunately k8up and stackgres backups don't match up very well... + // if no daily backup is set we just do the default. + retention := 6 + if comp.Spec.Parameters.Backup.Retention.KeepDaily != 0 { + retention = comp.Spec.Parameters.Backup.Retention.KeepDaily + } + + configs := map[string]string{ + "ignore_startup_parameters": "extra_float_digits, search_path", + } + + configBytes, err := json.Marshal(configs) + if err != nil { + return err + } + + params := &vshnv1.VSHNPostgreSQLParameters{ + Size: comp.Spec.Parameters.Size, + Instances: 1, + Backup: vshnv1.VSHNPostgreSQLBackup{ + Retention: retention, + DeletionProtection: true, + }, + Service: vshnv1.VSHNPostgreSQLServiceSpec{ + PgBouncerSettings: &sgv1.SGPoolingConfigSpecPgBouncerPgbouncerIni{ + Pgbouncer: k8sruntime.RawExtension{ + Raw: configBytes, + }, + }, + }, + } + + if comp.Spec.Parameters.Service.PostgreSQLParameters != nil { + err := mergo.Merge(params, comp.Spec.Parameters.Service.PostgreSQLParameters, mergo.WithOverride) + if err != nil { + return err + } + + // Mergo currently has a bug with merging bools: https://github.com/darccio/mergo/issues/249 + // It's not possible to override true with false, so it won't merge this if the users disables it. + if !comp.Spec.Parameters.Service.PostgreSQLParameters.Backup.DeletionProtection { + params.Backup.DeletionProtection = false + } + } + + pg := &vshnv1.XVSHNPostgreSQL{ + ObjectMeta: metav1.ObjectMeta{ + Name: comp.GetName() + pgInstanceNameSuffix, + }, + Spec: vshnv1.XVSHNPostgreSQLSpec{ + Parameters: *params, + ResourceSpec: xpv1.ResourceSpec{ + WriteConnectionSecretToReference: &xpv1.SecretReference{ + Name: pgSecretName, + Namespace: comp.GetInstanceNamespace(), + }, + }, + }, + } + + err = common.CreateNetworkPolicy([]string{comp.GetInstanceNamespace()}, pg.GetInstanceNamespace(), pg.GetName()+"-keycloak", svc) + if err != nil { + return err + } + + return svc.SetDesiredComposedResource(pg) +} + +func addRelease(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1.VSHNKeycloak, adminSecret string) error { + release, err := newRelease(ctx, svc, comp, adminSecret) + if err != nil { + return err + } + + return svc.SetDesiredComposedResource(release) +} + +func getResources(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1.VSHNKeycloak) (common.Resources, error) { + plan := comp.Spec.Parameters.Size.GetPlan(svc.Config.Data["defaultPlan"]) + + resources, err := utils.FetchPlansFromConfig(ctx, svc, plan) + if err != nil { + err = fmt.Errorf("cannot fetch plans from the composition config, maybe they are not set: %w", err) + return common.Resources{}, err + } + + res := common.GetResources(&comp.Spec.Parameters.Size, resources) + + return res, nil +} + +func newValues(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1.VSHNKeycloak, adminSecret string) (map[string]any, error) { + values := map[string]any{} + + cd, err := svc.GetObservedComposedResourceConnectionDetails(comp.GetName() + pgInstanceNameSuffix) + if err != nil { + return nil, err + } + + res, err := getResources(ctx, svc, comp) + if err != nil { + return nil, err + } + + plan := comp.Spec.Parameters.Size.GetPlan(svc.Config.Data["defaultPlan"]) + nodeSelector, err := utils.FetchNodeSelectorFromConfig(ctx, svc, plan, comp.Spec.Parameters.Scheduling.NodeSelector) + if err != nil { + return values, fmt.Errorf("cannot fetch nodeSelector from the composition config: %w", err) + } + + values = map[string]any{ + "replicaCount": "1", + "production": false, // TODO: we can enable production mode with proper TLS only + "auth": map[string]any{ + "adminUser": "admin", + "existingSecret": adminSecret, + "passwordSecretKey": adminPWSecretField, + }, + "resources": map[string]any{ + "requests": map[string]any{ + "memory": res.ReqMem, + "cpu": res.ReqCPU, + }, + "limits": map[string]any{ + "memory": res.Mem, + "cpu": res.CPU, + }, + }, + "nodeSelector": nodeSelector, + "metrics": map[string]any{ + "enabled": true, + "serviceMonitor": map[string]any{ + "enabled": true, + }, + }, + "httpRelativePath": comp.Spec.Parameters.Service.RelativePath, + "postgresql": map[string]any{ + "enabled": false, + }, + "externalDatabase": map[string]any{ + "host": string(cd[vshnpostgres.PostgresqlHost]), + "port": string(cd[vshnpostgres.PostgresqlPort]), + "database": string(cd[vshnpostgres.PostgresqlDb]), + "user": string(cd[vshnpostgres.PostgresqlUser]), + "password": string(cd[vshnpostgres.PostgresqlPassword]), + }, + "extraVolumeMounts": []map[string]string{ + { + "name": "postgresql-certs", + "mountPath": "/opt/bitnami/keycloak/certs/", + }, + }, + "extraVolumes": []map[string]any{ + { + "name": "postgresql-certs", + "secret": map[string]any{ + "secretName": pgSecretName, + "defaultMode": 420, + }, + }, + }, + "extraEnvVars": []map[string]string{ + { + "name": "KEYCLOAK_JDBC_PARAMS", + "value": "sslmode=verify-full&sslrootcert=/opt/bitnami/keycloak/certs/ca.crt", + }, + }, + } + + fqdn := comp.Spec.Parameters.Service.FQDN + if fqdn != "" { + values["ingress"] = map[string]any{ + "hostname": fqdn, + } + } + + return values, nil +} + +func newRelease(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1.VSHNKeycloak, adminSecret string) (*xhelmv1.Release, error) { + values, err := newValues(ctx, svc, comp, adminSecret) + if err != nil { + return nil, err + } + + release, err := common.NewRelease(ctx, svc, comp, values) + + return release, err +} diff --git a/pkg/comp-functions/functions/vshnkeycloak/register.go b/pkg/comp-functions/functions/vshnkeycloak/register.go new file mode 100644 index 0000000000..bdf9c82acb --- /dev/null +++ b/pkg/comp-functions/functions/vshnkeycloak/register.go @@ -0,0 +1,15 @@ +package vshnkeycloak + +import "github.com/vshn/appcat/v4/pkg/comp-functions/runtime" + +func init() { + runtime.RegisterService("keycloak", runtime.Service{ + Steps: []runtime.Step{ + + { + Name: "deploy", + Execute: DeployKeycloak, + }, + }, + }) +} diff --git a/pkg/comp-functions/functions/vshnmariadb/mariadb_deploy.go b/pkg/comp-functions/functions/vshnmariadb/mariadb_deploy.go index c080fd4a54..e5d2ec9bc0 100644 --- a/pkg/comp-functions/functions/vshnmariadb/mariadb_deploy.go +++ b/pkg/comp-functions/functions/vshnmariadb/mariadb_deploy.go @@ -2,22 +2,16 @@ package vshnmariadb import ( "context" - "encoding/json" - "errors" "fmt" - xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" xfnproto "github.com/crossplane/function-sdk-go/proto/v1beta1" xhelmbeta1 "github.com/vshn/appcat/v4/apis/helm/release/v1beta1" - xhelmv1 "github.com/vshn/appcat/v4/apis/helm/release/v1beta1" vshnv1 "github.com/vshn/appcat/v4/apis/vshn/v1" "github.com/vshn/appcat/v4/pkg/common/utils" "github.com/vshn/appcat/v4/pkg/comp-functions/functions/common" "github.com/vshn/appcat/v4/pkg/comp-functions/functions/common/maintenance" "github.com/vshn/appcat/v4/pkg/comp-functions/runtime" corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - k8sruntime "k8s.io/apimachinery/pkg/runtime" ) const ( @@ -66,7 +60,7 @@ func DeployMariadb(ctx context.Context, svc *runtime.ServiceRuntime) *xfnproto.R if svc.GetBoolFromCompositionConfig("slosEnabled") { sourceNs = append(sourceNs, svc.Config.Data["slosNs"]) } - err = common.CreateNetworkPolicy(ctx, sourceNs, comp.GetInstanceNamespace(), comp.GetName(), svc) + err = common.CreateNetworkPolicy(sourceNs, comp.GetInstanceNamespace(), comp.GetName(), svc) if err != nil { return runtime.NewFatalResult(fmt.Errorf("cannot create helm release: %w", err)) } @@ -87,7 +81,7 @@ func createObjectHelmRelease(ctx context.Context, comp *vshnv1.VSHNMariaDB, svc return err } - observedValues, err := getObservedReleaseValues(svc, comp.GetName()+"-release") + observedValues, err := common.GetObservedReleaseValues(svc, comp.GetName()+"-release") if err != nil { return fmt.Errorf("cannot get observed release values: %w", err) } @@ -97,14 +91,11 @@ func createObjectHelmRelease(ctx context.Context, comp *vshnv1.VSHNMariaDB, svc return fmt.Errorf("cannot set mariadb version for release: %w", err) } - vb, err := json.Marshal(values) + r, err := newRelease(ctx, svc, values, comp) if err != nil { - err = fmt.Errorf("cannot marshal helm values: %w", err) return err } - r := newRelease(svc, vb, comp) - err = svc.AddObservedConnectionDetails(comp.Name + "-release") if err != nil { return err @@ -138,38 +129,6 @@ func getConnectionDetails(comp *vshnv1.VSHNMariaDB, svc *runtime.ServiceRuntime, return nil } -func getObservedRelease(svc *runtime.ServiceRuntime, releaseName string) (*xhelmv1.Release, error) { - r := &xhelmv1.Release{} - err := svc.GetObservedComposedResource(r, releaseName) - if errors.Is(err, runtime.ErrNotFound) { - return nil, nil - } - return r, nil -} - -func getObservedReleaseValues(svc *runtime.ServiceRuntime, releaseName string) (map[string]interface{}, error) { - values := map[string]interface{}{} - - r, err := getObservedRelease(svc, releaseName) - if err != nil { - return nil, fmt.Errorf("cannot get observed release: %w", err) - } - - if r == nil { - return values, nil - } - - if r.Spec.ForProvider.Values.Raw == nil { - return values, nil - } - err = json.Unmarshal(r.Spec.ForProvider.Values.Raw, &values) - if err != nil { - return nil, fmt.Errorf("cannot unmarshal values from release: %v", err) - } - - return values, err -} - func newValues(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1.VSHNMariaDB, secretName string) (map[string]interface{}, error) { values := map[string]interface{}{} @@ -182,11 +141,11 @@ func newValues(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1.VS return values, err } - reqMem, reqCPU, mem, cpu, disk := common.GetResources(&comp.Spec.Parameters.Size, resources) + res := common.GetResources(&comp.Spec.Parameters.Size, resources) nodeSelector, err := utils.FetchNodeSelectorFromConfig(ctx, svc, plan, comp.Spec.Parameters.Scheduling.NodeSelector) if err != nil { - err = fmt.Errorf("cannot fetch nodeSelector from the composition config: %w", err) + return values, fmt.Errorf("cannot fetch nodeSelector from the composition config: %w", err) } values = map[string]interface{}{ @@ -195,12 +154,12 @@ func newValues(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1.VS "replicaCount": 1, "resources": map[string]interface{}{ "requests": map[string]interface{}{ - "memory": reqMem, - "cpu": reqCPU, + "memory": res.ReqMem, + "cpu": res.ReqCPU, }, "limits": map[string]interface{}{ - "memory": mem, - "cpu": cpu, + "memory": res.Mem, + "cpu": res.CPU, }, }, "tls": map[string]interface{}{ @@ -212,7 +171,7 @@ func newValues(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1.VS }, "mariadbConfiguration": comp.Spec.Parameters.Service.MariadbSettings, "persistence": map[string]interface{}{ - "size": disk, + "size": res.Disk, "storageClass": comp.Spec.Parameters.StorageClass, }, "startupProbe": map[string]interface{}{ @@ -239,49 +198,20 @@ func newValues(ctx context.Context, svc *runtime.ServiceRuntime, comp *vshnv1.VS return values, nil } -func newRelease(svc *runtime.ServiceRuntime, vb []byte, comp *vshnv1.VSHNMariaDB) *xhelmbeta1.Release { - r := &xhelmbeta1.Release{ - ObjectMeta: metav1.ObjectMeta{ - Name: comp.GetName(), - }, - Spec: xhelmbeta1.ReleaseSpec{ - ForProvider: xhelmbeta1.ReleaseParameters{ - Chart: xhelmbeta1.ChartSpec{ - Repository: svc.Config.Data["chartRepository"], - Version: svc.Config.Data["chartVersion"], - Name: "mariadb-galera", - }, - Namespace: comp.GetInstanceNamespace(), - ValuesSpec: xhelmbeta1.ValuesSpec{ - Values: k8sruntime.RawExtension{ - Raw: vb, - }, - }, - }, - ResourceSpec: xpv1.ResourceSpec{ - ProviderConfigReference: &xpv1.Reference{ - Name: "helm", - }, - WriteConnectionSecretToReference: &xpv1.SecretReference{ - Name: comp.GetName() + "-connection", - Namespace: comp.GetInstanceNamespace(), - }, - }, - ConnectionDetails: []xhelmbeta1.ConnectionDetail{ - { - ObjectReference: corev1.ObjectReference{ - APIVersion: "v1", - Kind: "Secret", - Name: "tls-server-certificate", - Namespace: comp.GetInstanceNamespace(), - FieldPath: "data[ca.crt]", - }, - ToConnectionSecretKey: "ca.crt", - SkipPartOfReleaseCheck: true, - }, +func newRelease(ctx context.Context, svc *runtime.ServiceRuntime, values map[string]any, comp *vshnv1.VSHNMariaDB) (*xhelmbeta1.Release, error) { + cd := []xhelmbeta1.ConnectionDetail{ + { + ObjectReference: corev1.ObjectReference{ + APIVersion: "v1", + Kind: "Secret", + Name: "tls-server-certificate", + Namespace: comp.GetInstanceNamespace(), + FieldPath: "data[ca.crt]", }, + ToConnectionSecretKey: "ca.crt", + SkipPartOfReleaseCheck: true, }, } - return r + return common.NewRelease(ctx, svc, comp, values, cd...) } diff --git a/pkg/comp-functions/functions/vshnpostgres/pg_bouncer_settings.go b/pkg/comp-functions/functions/vshnpostgres/pg_bouncer_settings.go new file mode 100644 index 0000000000..35e1429222 --- /dev/null +++ b/pkg/comp-functions/functions/vshnpostgres/pg_bouncer_settings.go @@ -0,0 +1,57 @@ +package vshnpostgres + +import ( + "context" + "fmt" + + xfnproto "github.com/crossplane/function-sdk-go/proto/v1beta1" + sgv1 "github.com/vshn/appcat/v4/apis/stackgres/v1" + "github.com/vshn/appcat/v4/pkg/comp-functions/runtime" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" +) + +const pgBouncerSettingName = "pgbouncer-settings" + +func addPGBouncerSettings(ctx context.Context, svc *runtime.ServiceRuntime) *xfnproto.Result { + comp, err := getVSHNPostgreSQL(ctx, svc) + if err != nil { + return runtime.NewFatalResult(fmt.Errorf("Cannot get composite from function io: %w", err)) + } + + if comp.Spec.Parameters.Service.PgBouncerSettings == nil { + return nil + } + + bouncerSettings := &sgv1.SGPoolingConfig{ + ObjectMeta: metav1.ObjectMeta{ + Name: pgBouncerSettingName, + Namespace: comp.GetInstanceNamespace(), + }, + Spec: sgv1.SGPoolingConfigSpec{ + PgBouncer: &sgv1.SGPoolingConfigSpecPgBouncer{ + PgbouncerIni: comp.Spec.Parameters.Service.PgBouncerSettings, + }, + }, + } + + err = svc.SetDesiredKubeObject(bouncerSettings, comp.GetName()+"-pooling-config") + if err != nil { + return runtime.NewWarningResult(fmt.Sprintf("cannot apply pooling config: %s", err)) + } + + cluster := &sgv1.SGCluster{} + err = svc.GetDesiredKubeObject(cluster, "cluster") + if err != nil { + return runtime.NewWarningResult(fmt.Sprintf("cannot get cluster: %s", err)) + } + + cluster.Spec.Configurations.SgPoolingConfig = ptr.To(pgBouncerSettingName) + + err = svc.SetDesiredKubeObjectWithName(cluster, comp.GetName()+"-cluster", "cluster") + if err != nil { + return runtime.NewWarningResult(fmt.Sprintf("cannot set cluster: %s", err)) + } + + return nil +} diff --git a/pkg/comp-functions/functions/vshnpostgres/register.go b/pkg/comp-functions/functions/vshnpostgres/register.go index 9e99427260..b72058dbf4 100644 --- a/pkg/comp-functions/functions/vshnpostgres/register.go +++ b/pkg/comp-functions/functions/vshnpostgres/register.go @@ -61,6 +61,10 @@ func init() { Name: "delay-cluster-deployment", Execute: DelayClusterDeployment, }, + { + Name: "pgbouncer-settings", + Execute: addPGBouncerSettings, + }, }, }) } diff --git a/pkg/comp-functions/runtime/function_mgr.go b/pkg/comp-functions/runtime/function_mgr.go index c642b87ed2..ef01a3c2a5 100644 --- a/pkg/comp-functions/runtime/function_mgr.go +++ b/pkg/comp-functions/runtime/function_mgr.go @@ -77,6 +77,8 @@ type Manager struct { fnv1beta1.UnimplementedFunctionRunnerServiceServer } +type KubeObjectOption func(obj *xkube.Object) + // RegisterService will register a service to the map of all services. func RegisterService(name string, function Service) { serviceRegistry[name] = function @@ -306,30 +308,58 @@ func (s *ServiceRuntime) SetDesiredComposedResourceWithName(obj xpresource.Manag } // SetDesiredKubeObject takes any `runtime.Object`, puts it into a provider-kubernetes Object and then -// adds it to the desired composed resources. -func (s *ServiceRuntime) SetDesiredKubeObject(obj client.Object, objectName string, refs ...xkube.Reference) error { +// adds it to the desired composed resources. It takes options to manipulate the resulting kubec object before applying. +func (s *ServiceRuntime) SetDesiredKubeObject(obj client.Object, objectName string, opts ...KubeObjectOption) error { - kobj, err := s.putIntoObject(false, obj, objectName, objectName, refs...) + kobj, err := s.putIntoObject(false, obj, objectName, objectName) if err != nil { return err } + for _, o := range opts { + o(kobj) + } + return s.SetDesiredComposedResourceWithName(kobj, objectName) } // SetDesiredKubeObjectWithName takes any `runtime.Object`, puts it into a provider-kubernetes Object and then // adds it to the desired composed resources with the specified resource name. // This should be used if manipulating objects that are declared in the P+T composition. -func (s *ServiceRuntime) SetDesiredKubeObjectWithName(obj client.Object, objectName, resourceName string, refs ...xkube.Reference) error { +func (s *ServiceRuntime) SetDesiredKubeObjectWithName(obj client.Object, objectName, resourceName string, opts ...KubeObjectOption) error { - kobj, err := s.putIntoObject(false, obj, objectName, resourceName, refs...) + kobj, err := s.putIntoObject(false, obj, objectName, resourceName) if err != nil { return err } + for _, o := range opts { + o(kobj) + } + return s.SetDesiredComposedResourceWithName(kobj, resourceName) } +// KubeOptionAddRefs adds the given references to the kube object. +func KubeOptionAddRefs(refs ...xkube.Reference) KubeObjectOption { + return func(obj *xkube.Object) { + obj.Spec.References = refs + } +} + +// KubeOptionAddConnectionDetails adds the given connection details to the kube object. +// DestNamespace speficies the namespace where the associated secret should be saved. +// The associated secret will have the UID of the parent object as the name. +func KubeOptionAddConnectionDetails(destNamespace string, cd ...xkube.ConnectionDetail) KubeObjectOption { + return func(obj *xkube.Object) { + obj.Spec.ConnectionDetails = cd + obj.Spec.WriteConnectionSecretToReference = &xpv1.SecretReference{ + Name: obj.GetName() + "-cd", + Namespace: destNamespace, + } + } +} + // SetDesiredKubeObserveObject takes any `runtime.Object`, puts it into a provider-kubernetes Object and then // adds it to the desired composed resources. func (s *ServiceRuntime) SetDesiredKubeObserveObject(obj client.Object, objectName string, refs ...xkube.Reference) error { @@ -728,3 +758,94 @@ func (s *ServiceRuntime) GetDesiredComposite(obj client.Object) error { func (s *ServiceRuntime) DeleteDesiredCompososedResource(name string) { delete(s.desirdResources, resource.Name(name)) } + +// isResourceSyncedAndReady checks if the given resource is synced and ready. +func (s *ServiceRuntime) isResourceSyncedAndReady(name string) bool { + obj, ok := s.req.Observed.Resources[name] + if !ok { + return false + } + + unstruct := obj.GetResource().AsMap() + + rawStatus, found, err := unstructured.NestedMap(unstruct, "status") + if err != nil || !found { + return false + } + + status := struct { + Conditions []xpv1.Condition + }{} + err = runtime.DefaultUnstructuredConverter.FromUnstructured(rawStatus, &status) + if err != nil { + return false + } + + for _, cond := range status.Conditions { + if cond.Type == xpv1.TypeSynced && cond.Status == "false" { + return false + } + if cond.Type == xpv1.TypeReady && cond.Status == "false" { + return false + } + } + + return true +} + +// areResourcesReady checks if all of the given resources are ready or not. +func (s *ServiceRuntime) areResourcesReady(names []string) bool { + for _, name := range names { + ok := s.isResourceSyncedAndReady(name) + if !ok { + return false + } + } + return true +} + +// WaitForDependencies takes two arguments, the name of the main resource, which should be deployed after the dependencies. +// It also takes a list of names for objects to depend on. It does NOT deploy any objects, but check for their existence. +// If true is returned it is safe to continue with adding your main object to the desired resources. +// If the main resource already exists in the observed state it will always return true. +func (s *ServiceRuntime) WaitForDependencies(mainResource string, dependencies ...string) bool { + if _, ok := s.req.Observed.Resources[mainResource]; ok { + return true + } + + if !s.areResourcesReady(dependencies) { + return false + } + + return true +} + +// WaitForDependenciesWithConnectionDetails does the same as WaitForDependencies but additionally also checks the given list of fields against the +// available connection details. +// objectCDMap should contain a map where the key is the name of the dependeny and the string slice the necessary connection detail fields. +func (s *ServiceRuntime) WaitForDependenciesWithConnectionDetails(mainResource string, objectCDMap map[string][]string) (bool, error) { + // If the main resource already exists we're done here + if _, ok := s.req.Observed.Resources[mainResource]; ok { + return true, nil + } + + for dep, cds := range objectCDMap { + ready := s.WaitForDependencies(mainResource, dep) + if !ready { + return false, nil + } + + cd, err := s.GetObservedComposedResourceConnectionDetails(dep) + if err != nil { + return false, err + } + + for _, field := range cds { + if _, ok := cd[field]; !ok { + return false, nil + } + } + } + + return true, nil +} From 418fde9ee22ce6a958166be8f60738dc58d8b450 Mon Sep 17 00:00:00 2001 From: Simon Beck Date: Wed, 24 Jan 2024 14:41:41 +0100 Subject: [PATCH 4/6] Add tests --- .../functions/common/password_test.go | 8 +++ .../functions/common/release.go | 21 ++---- .../functions/common/release_test.go | 18 +++++ .../functions/vshnkeycloak/deploy_test.go | 63 ++++++++++++++++ test/functions/common/01_release.yaml | 71 +++++++++++++++++++ test/functions/vshnkeycloak/01_default.yaml | 20 ++++++ 6 files changed, 186 insertions(+), 15 deletions(-) create mode 100644 pkg/comp-functions/functions/common/release_test.go create mode 100644 pkg/comp-functions/functions/vshnkeycloak/deploy_test.go create mode 100644 test/functions/common/01_release.yaml create mode 100644 test/functions/vshnkeycloak/01_default.yaml diff --git a/pkg/comp-functions/functions/common/password_test.go b/pkg/comp-functions/functions/common/password_test.go index a04b94357e..b61204e5ef 100644 --- a/pkg/comp-functions/functions/common/password_test.go +++ b/pkg/comp-functions/functions/common/password_test.go @@ -3,6 +3,7 @@ package common import ( "testing" + xkube "github.com/crossplane-contrib/provider-kubernetes/apis/object/v1alpha1" "github.com/stretchr/testify/assert" vshnv1 "github.com/vshn/appcat/v4/apis/vshn/v1" "github.com/vshn/appcat/v4/pkg/comp-functions/functions/commontest" @@ -29,4 +30,11 @@ func TestAddCredentialsSecret(t *testing.T) { assert.Len(t, secret.StringData, 2) assert.NotEmpty(t, secret.StringData["mytest"]) assert.NotEmpty(t, secret.StringData["mypw"]) + + obj := &xkube.Object{} + + assert.NoError(t, svc.GetDesiredComposedResourceByName(obj, res)) + assert.NotEmpty(t, obj.Spec.ConnectionDetails) + assert.Len(t, obj.Spec.ConnectionDetails, 2) + } diff --git a/pkg/comp-functions/functions/common/release.go b/pkg/comp-functions/functions/common/release.go index 176968a89c..87f4eccacb 100644 --- a/pkg/comp-functions/functions/common/release.go +++ b/pkg/comp-functions/functions/common/release.go @@ -16,9 +16,14 @@ import ( // GetReleaseValues returns the parsed values from the given release. func GetReleaseValues(r *xhelmv1.Release) (map[string]interface{}, error) { values := map[string]interface{}{} + if r == nil { + return values, nil + } + if r.Spec.ForProvider.Values.Raw == nil { return values, nil } + err := json.Unmarshal(r.Spec.ForProvider.Values.Raw, &values) if err != nil { return nil, fmt.Errorf("cannot unmarshal values from release: %v", err) @@ -28,26 +33,12 @@ func GetReleaseValues(r *xhelmv1.Release) (map[string]interface{}, error) { // GetObservedReleaseValues returns the observed releaseValues for the given release name. func GetObservedReleaseValues(svc *runtime.ServiceRuntime, releaseName string) (map[string]interface{}, error) { - values := map[string]interface{}{} - r, err := getObservedRelease(svc, releaseName) if err != nil { return nil, fmt.Errorf("cannot get observed release: %w", err) } - if r == nil { - return values, nil - } - - if r.Spec.ForProvider.Values.Raw == nil { - return values, nil - } - err = json.Unmarshal(r.Spec.ForProvider.Values.Raw, &values) - if err != nil { - return nil, fmt.Errorf("cannot unmarshal values from release: %v", err) - } - - return values, err + return GetReleaseValues(r) } func getObservedRelease(svc *runtime.ServiceRuntime, releaseName string) (*xhelmv1.Release, error) { diff --git a/pkg/comp-functions/functions/common/release_test.go b/pkg/comp-functions/functions/common/release_test.go new file mode 100644 index 0000000000..e6ca898231 --- /dev/null +++ b/pkg/comp-functions/functions/common/release_test.go @@ -0,0 +1,18 @@ +package common + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/vshn/appcat/v4/pkg/comp-functions/functions/commontest" +) + +func TestGetObservedReleaseValues(t *testing.T) { + svc := commontest.LoadRuntimeFromFile(t, "common/01_release.yaml") + + values, err := GetObservedReleaseValues(svc, "release") + assert.NoError(t, err) + + assert.NotEmpty(t, values) + +} diff --git a/pkg/comp-functions/functions/vshnkeycloak/deploy_test.go b/pkg/comp-functions/functions/vshnkeycloak/deploy_test.go new file mode 100644 index 0000000000..b7e8524fad --- /dev/null +++ b/pkg/comp-functions/functions/vshnkeycloak/deploy_test.go @@ -0,0 +1,63 @@ +package vshnkeycloak + +import ( + "context" + "testing" + + "github.com/stretchr/testify/assert" + xhelmv1 "github.com/vshn/appcat/v4/apis/helm/release/v1beta1" + vshnv1 "github.com/vshn/appcat/v4/apis/vshn/v1" + "github.com/vshn/appcat/v4/pkg/comp-functions/functions/commontest" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +func Test_addPostgreSQL(t *testing.T) { + + svc := commontest.LoadRuntimeFromFile(t, "empty.yaml") + + comp := &vshnv1.VSHNKeycloak{} + + assert.NoError(t, addPostgreSQL(svc, comp)) + + pg := &vshnv1.XVSHNPostgreSQL{} + + assert.NoError(t, svc.GetDesiredComposedResourceByName(pg, comp.GetName()+pgInstanceNameSuffix)) + + // Assert default values + assert.True(t, pg.Spec.Parameters.Backup.DeletionProtection) + assert.Equal(t, 1, pg.Spec.Parameters.Instances) + assert.Equal(t, 6, pg.Spec.Parameters.Backup.Retention) + + // Assert default overrides + comp.Spec.Parameters.Service.PostgreSQLParameters = &vshnv1.VSHNPostgreSQLParameters{ + Backup: vshnv1.VSHNPostgreSQLBackup{ + DeletionProtection: false, + Retention: 1, + }, + Instances: 2, + } + + assert.NoError(t, addPostgreSQL(svc, comp)) + assert.NoError(t, svc.GetDesiredComposedResourceByName(pg, comp.GetName()+pgInstanceNameSuffix)) + assert.False(t, pg.Spec.Parameters.Backup.DeletionProtection) + assert.Equal(t, 2, pg.Spec.Parameters.Instances) + assert.Equal(t, 1, pg.Spec.Parameters.Backup.Retention) +} + +func Test_addRelease(t *testing.T) { + svc := commontest.LoadRuntimeFromFile(t, "vshnkeycloak/01_default.yaml") + + comp := &vshnv1.VSHNKeycloak{ + ObjectMeta: metav1.ObjectMeta{ + Name: "mycloak", + Namespace: "default", + }, + } + + assert.NoError(t, addRelease(context.TODO(), svc, comp, "mysecret")) + + release := &xhelmv1.Release{} + + assert.NoError(t, svc.GetDesiredComposedResourceByName(release, comp.GetName())) + +} diff --git a/test/functions/common/01_release.yaml b/test/functions/common/01_release.yaml new file mode 100644 index 0000000000..5c76a6b840 --- /dev/null +++ b/test/functions/common/01_release.yaml @@ -0,0 +1,71 @@ +desired: + resources: + namespace: + resource: + apiVersion: kubernetes.crossplane.io/v1alpha1 + kind: Object + metadata: + name: pgsql-gc9x4-namespace + namespace: test + spec: + forProvider: + manifest: + apiVersion: v1 + data: null + kind: Namespace + metadata: + name: myns +input: + apiVersion: v1 + data: + quotasEnabled: 'true' + kind: ConfigMap + metadata: + annotations: {} + labels: + name: xfn-config + name: xfn-config +observed: + composite: + resource: + apiVersion: vshn.appcat.vshn.io/v1 + kind: XVSHNPostgreSQL + metadata: + creationTimestamp: "2023-03-21T16:52:31Z" + finalizers: + - composite.apiextensions.crossplane.io + generateName: pgsql- + generation: 13 + labels: + appuio.io/organization: vshn + crossplane.io/claim-name: pgsql + crossplane.io/claim-namespace: unit-test + crossplane.io/composite: pgsql-gc9x4 + name: pgsql-gc9x4 + spec: + parameters: null + writeConnectionSecretToRef: {} + status: + instanceNamespace: my-psql + resources: + release: + resource: + apiVersion: helm.crossplane.io/v1beta1 + kind: Release + spec: + forProvider: + chart: + name: mariadb-galera + repository: https://charts.bitnami.com/bitnami + values: + fullnameOverride: mariadb + persistence: + size: 50Gi + replicasCount: 1 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 1 + memory: 1Gi diff --git a/test/functions/vshnkeycloak/01_default.yaml b/test/functions/vshnkeycloak/01_default.yaml new file mode 100644 index 0000000000..1544af290d --- /dev/null +++ b/test/functions/vshnkeycloak/01_default.yaml @@ -0,0 +1,20 @@ +desired: {} +input: + apiVersion: v1 + kind: ConfigMap + metadata: + annotations: {} + labels: + name: xfn-config + name: xfn-config + data: + defaultPlan: standard-2 + plans: '{"standard-2": {"size": {"cpu": "500m", "disk": "16Gi", "enabled": + true, "memory": "2Gi"}}, "standard-4": {"size": {"cpu": "1", "disk": "16Gi", + "enabled": true, "memory": "4Gi"}}, "standard-8": {"size": {"cpu": "2", + "disk": "16Gi", "enabled": true, "memory": "8Gi"}}}' +observed: + resources: + mycloak-pg: + connection_details: + foo: YmFyCg== From 13ddab1711f42760588a0f79fc2dd0f9c210ac2a Mon Sep 17 00:00:00 2001 From: Simon Beck Date: Wed, 31 Jan 2024 13:03:09 +0100 Subject: [PATCH 5/6] Add clarifying comment --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 4399eccc9d..a36bdb35b4 100644 --- a/Makefile +++ b/Makefile @@ -91,6 +91,7 @@ generate-stackgres-crds: go run github.com/deepmap/oapi-codegen/cmd/oapi-codegen --package=v1 -generate=types -o apis/stackgres/v1/sgcluster.gen.go apis/stackgres/v1/sgcluster.yaml perl -i -0pe 's/\*struct\s\{\n\s\sAdditionalProperties\smap\[string\]string\s`json:"-"`\n\s}/map\[string\]string/gms' apis/stackgres/v1/sgcluster.gen.go + # The generator for the pool config CRD unfortunately produces a broken result. However if we ever need to regenerate it in the future, please uncomment this. # curl ${STACKGRES_CRD_URL}/SGPoolingConfig.yaml?inline=false -o apis/stackgres/v1/sgpoolconfigs_crd.yaml # yq -i e apis/stackgres/v1/sgpoolconfigs.yaml --expression ".components.schemas.SGPoolingConfigSpec=load(\"apis/stackgres/v1/sgpoolconfigs_crd.yaml\").spec.versions[0].schema.openAPIV3Schema.properties.spec" # yq -i e apis/stackgres/v1/sgpoolconfigs.yaml --expression ".components.schemas.SGPoolingConfigStatus=load(\"apis/stackgres/v1/sgpoolconfigs_crd.yaml\").spec.versions[0].schema.openAPIV3Schema.properties.status" From 98e8ed9ea5056f2caa3ab2eefe0137a53fa53285 Mon Sep 17 00:00:00 2001 From: Simon Beck Date: Wed, 31 Jan 2024 13:04:25 +0100 Subject: [PATCH 6/6] Remove copy/paste errors --- apis/stackgres/v1/sgpoolconfigs.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apis/stackgres/v1/sgpoolconfigs.go b/apis/stackgres/v1/sgpoolconfigs.go index 452e2af34a..c297383767 100644 --- a/apis/stackgres/v1/sgpoolconfigs.go +++ b/apis/stackgres/v1/sgpoolconfigs.go @@ -11,10 +11,10 @@ type SGPoolingConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - // Spec defines the desired state of a VSHNPostgreSQL. + // Spec contains the custom configurations for the pgbouncer. Spec SGPoolingConfigSpec `json:"spec"` - // Status reflects the observed state of a VSHNPostgreSQL. + // Status contains the default settings for the pgbouncer. Status SGPoolingConfigStatus `json:"status,omitempty"` }