From f13f348bc3d268853beab89fdf124db15ca2e9e8 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 12 Feb 2025 14:08:49 -0600 Subject: [PATCH] Update Update dependency "prometheus-operator-crds" for Helm chart "k8s-monitoring-v1" to 18.0.0 (#1210) Signed-off-by: Pete Wall Co-authored-by: petewall --- charts/k8s-monitoring-v1/Chart.lock | 6 +- charts/k8s-monitoring-v1/Chart.yaml | 2 +- charts/k8s-monitoring-v1/README.md | 2 +- .../prometheus-operator-crds-17.0.2.tgz | Bin 386921 -> 0 bytes .../prometheus-operator-crds-18.0.0.tgz | Bin 0 -> 391416 bytes .../alloy-autoscaling-and-storage/output.yaml | 3500 +++++++++++------ .../application-observability/output.yaml | 3500 +++++++++++------ .../docs/examples/azure-aks/output.yaml | 3500 +++++++++++------ .../examples/bearer-token-auth/output.yaml | 3500 +++++++++++------ .../docs/examples/beyla/output.yaml | 3500 +++++++++++------ .../control-plane-metrics/output.yaml | 3500 +++++++++++------ .../docs/examples/custom-config/output.yaml | 3500 +++++++++++------ .../custom-metrics-tuning/output.yaml | 3500 +++++++++++------ .../docs/examples/custom-pricing/output.yaml | 3500 +++++++++++------ .../output.yaml | 3500 +++++++++++------ .../docs/examples/default-values/output.yaml | 3500 +++++++++++------ .../docs/examples/eks-fargate/output.yaml | 3500 +++++++++++------ .../environment-variables/output.yaml | 3500 +++++++++++------ .../examples/external-secrets/output.yaml | 3500 +++++++++++------ .../docs/examples/extra-rules/output.yaml | 3500 +++++++++++------ .../docs/examples/gke-autopilot/output.yaml | 3500 +++++++++++------ .../docs/examples/ibm-cloud/output.yaml | 3500 +++++++++++------ .../output.yaml | 3500 +++++++++++------ .../metric-module-imports/output.yaml | 3500 +++++++++++------ .../docs/examples/metrics-only/output.yaml | 3500 +++++++++++------ .../examples/openshift-compatible/output.yaml | 3500 +++++++++++------ .../examples/otel-metrics-service/output.yaml | 3500 +++++++++++------ .../docs/examples/pod-labels/output.yaml | 3500 +++++++++++------ .../private-image-registry/output.yaml | 3500 +++++++++++------ .../examples/profiles-enabled/output.yaml | 3500 +++++++++++------ .../docs/examples/proxies/output.yaml | 3500 +++++++++++------ .../examples/scrape-intervals/output.yaml | 3500 +++++++++++------ .../examples/service-integrations/output.yaml | 3500 +++++++++++------ .../docs/examples/sigv4-auth/output.yaml | 3500 +++++++++++------ .../examples/specific-namespace/output.yaml | 3500 +++++++++++------ .../docs/examples/traces-enabled/output.yaml | 3500 +++++++++++------ .../examples/windows-exporter/output.yaml | 3500 +++++++++++------ 37 files changed, 74949 insertions(+), 37061 deletions(-) delete mode 100644 charts/k8s-monitoring-v1/charts/prometheus-operator-crds-17.0.2.tgz create mode 100644 charts/k8s-monitoring-v1/charts/prometheus-operator-crds-18.0.0.tgz diff --git a/charts/k8s-monitoring-v1/Chart.lock b/charts/k8s-monitoring-v1/Chart.lock index 1e53a01ab..c50565f68 100644 --- a/charts/k8s-monitoring-v1/Chart.lock +++ b/charts/k8s-monitoring-v1/Chart.lock @@ -19,7 +19,7 @@ dependencies: version: 4.43.1 - name: prometheus-operator-crds repository: https://prometheus-community.github.io/helm-charts - version: 17.0.2 + version: 18.0.0 - name: prometheus-windows-exporter repository: https://prometheus-community.github.io/helm-charts version: 0.8.0 @@ -32,5 +32,5 @@ dependencies: - name: beyla repository: https://grafana.github.io/helm-charts version: 1.7.2 -digest: sha256:e9800b1fa0bd85fd465bd8587b4eb1c9944966f86a209635957cb52df9620c91 -generated: "2025-02-06T00:21:47.546323633Z" +digest: sha256:6a2746425d6dffdeab250b0b400f0fb01461373a5a26ebe9d1da8309a7599d64 +generated: "2025-02-12T06:01:37.578640944Z" diff --git a/charts/k8s-monitoring-v1/Chart.yaml b/charts/k8s-monitoring-v1/Chart.yaml index 1c1f6cde8..fcffe541e 100644 --- a/charts/k8s-monitoring-v1/Chart.yaml +++ b/charts/k8s-monitoring-v1/Chart.yaml @@ -42,7 +42,7 @@ dependencies: repository: https://prometheus-community.github.io/helm-charts condition: prometheus-node-exporter.enabled - name: prometheus-operator-crds - version: 17.0.2 + version: 18.0.0 repository: https://prometheus-community.github.io/helm-charts condition: prometheus-operator-crds.enabled - name: prometheus-windows-exporter diff --git a/charts/k8s-monitoring-v1/README.md b/charts/k8s-monitoring-v1/README.md index 36efaf4d1..b28aeabdd 100644 --- a/charts/k8s-monitoring-v1/README.md +++ b/charts/k8s-monitoring-v1/README.md @@ -146,7 +146,7 @@ The Prometheus and Loki services may be hosted on the same cluster, or remotely | https://opencost.github.io/opencost-helm-chart | opencost | 1.43.2 | | https://prometheus-community.github.io/helm-charts | kube-state-metrics | 5.29.0 | | https://prometheus-community.github.io/helm-charts | prometheus-node-exporter | 4.43.1 | -| https://prometheus-community.github.io/helm-charts | prometheus-operator-crds | 17.0.2 | +| https://prometheus-community.github.io/helm-charts | prometheus-operator-crds | 18.0.0 | | https://prometheus-community.github.io/helm-charts | prometheus-windows-exporter | 0.8.0 | | https://sustainable-computing-io.github.io/kepler-helm-chart | kepler | 0.5.13 | diff --git a/charts/k8s-monitoring-v1/charts/prometheus-operator-crds-17.0.2.tgz b/charts/k8s-monitoring-v1/charts/prometheus-operator-crds-17.0.2.tgz deleted file mode 100644 index 93e0e0d8cb5d71c35b44fc2f029054512ceaf637..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 386921 zcmeF2Q;@D**PXk2w|lp3+qP}nwrz8_ZQC|>+qP}n-RbxH{`{#*QkA4CC#lM+nrj{0 zN6&LG*EPl*3-=E=62L#}n;d{rUrd3{P)wRd%AK9rfKi3cNRioGLy?_DRz-zHTGh%z z-^R#YN#2%Q%-G5r;NsKLcY`IK_4l=s{o1w$(>GK>%RVnH$xU-abBZP^S-CtNeTZChXaYP3^uq3iU|+m#Ko7N5#l2HOmfO!ACBu>8$ax2sBThqZMEm^Ytk4n=FOY7aJcB$ z-r;0b_CMu(KXkr-D7*GF^mHk2x@cyFWHGm3b55?C&&pgd*$}F=f{pt~FJr(eZe4f1Ct8Nb+WPII!o~)-FxYPPPI-I8$dqB;-z-41y z;Cjuw`^>n1U8hWcf8GpM^arMFqSAi3-Awl4>UMtk<^Xrk!BBI56UHAXHRl5`Wqp6D z(wa0_@dqdWgQ24>$HY&9~KAfr;9gz8zM*w_(aA$T-hbL!$SEJmoIFEsJ z+2Tqce;@uyX*m8KtT^8NunoxWLzj<;P_neqTgJ2jV+z)pidU=fMh~|cVNTktDzRhN zLomuV)*^#&;7b6mM%)U-m!I`3TJFFz6F|b09|^-y@{yf$J0~xESUZcHX5fFnh#pe$ z{OFfKm6o#I1DuivgrY7`(ihu`0_dlG9WcVT}5@3_Pw@i z>+Jar=Xum~NDI2``Nn$~P#LNc8@jX=@zRYhsrQ0066G%~r=&q+I_L|%c8D&Rf5+V!*noHJOWGB5O>xs72eOKJ24qb zulZ}up?T~FSJf*);2g)9P+0KoKCaShL1mlTF&~sIF{*iNMz!W@xe)Snp7kC2(O6NW zDD}y@$3!GjaF`x3Oi0!1C)a+hJRr|g?e61CCz%Mr-8N2F-}m_pz9-4J>^chsW5g$F zDe7mlP(=;VVG|2^rQRkMOSrT&`|JRPq}$gwP7l_aF=?|oY-VR~X^$XC5N(2plYb!G zlPwo8UVpt+HV#s;WpAcNKN;YRcHOah(kESTY_6Z$SaUBzNq~HMP7x_8*;qT5-#;Al z`ZIf2J6BHL1iK&dmId60*Mkk4=h%LJf6biw<-1bomz@nr#p?+0%hMZ?%f39Kab)q@ zYHMo?b0u-*X=>=vQ4q$mg$NfDs@^sDGt7?;bqzZy=XEiQZ2`;7C5h*m5Ui&r~;UfOVN*qiRj z?BRBQf7`npey-W>`gGoZjI8j|unzosyD)!cl&o>h6-D$}|5W4A#OB-QLYiil z3jW%ICD;6%bZ>vDxO7Fk!as?PDFyzFLnS1)}7>YuKD*yVzyn79#Jm1EefmC;i zEh~YP9x+`T%0Q^x7|{YJw;|&sg_XCPr{@EiBP+k=Or)%Pg-hc-b6yQObe7WaYISa- z)r^1!h3v4!ME|X`lQ;~NsH^x+&M~_p;>rzVs1V>60l#g8T8mfFvvbw-hsukbY|%z=oXOw$s!ryFT{f$>6v-n zi$jHrN40j*dH9DgEGujA@?1ej81!+ooLVEx^PHo-`@PB6+ttJ2g8h45??+gZT9;ZDu%*5}B{Cz)FM{M@9sONQ% z&RL7AzPgt$uej@c&#$1xoEl8!zYBH|9rV8X-fqBJO&|@HuKN>ezV2V{hGDmTJ6~=e z5l@^5vh8k3<2T~#f@DIs=oe?tR=yWSEggI@q1m|D8TAaJH~Y4-6J@vQL8d2Ry_+97 zu|8gPb9^DkumgVjB*^^kx@iCF_tDN`%TH@qx9x#G_9c9HfIYfcchu$FqGR8#ee(-s z-=*^$&^NXG^SGO$yHjD>=B<78H)m%Q9=?Uj8>r_?gFT+Nhr5T3$NRhF=f`)TFa`F= zXp^AShLt(aA-+I2j4ddM>YX$~K!3oMNPZhdL}Bbn z9mmwX`T4+%N6s3EGGd?8`@%EnZ4MoptdV6v?czFB1 zobtxy^Eg3ptNOig{gLzS_+s00PUtE+(6muU5US6_2+QOBW*fQ)Hkp7sCHwU-Ft}?L z;0ERUtlZ1^bb^g;0-;SJe(h}>suo6Vl8Ox}8~tLPZdV~lU00{RnRg(l``K`E``rI6 z-t%@GdY`cUO!RS-3iF6R3rnu^5ftM<| zcjCJ#x%?23u31<-s!Pu!WmVG6Nzv!(<+?rR@+y`B0a3V|&mNYD2dZxH)9K*@_rc2|Ae*K2pei{b zY$RCl_o5io)|n$qg9~I7txJ(`Ajl2UculT(t9uLvD+a{`8YMp7w63#mx+=+Xd(uhhS%Yw+ z*y(bQSu)Dhaq@&&Vb9`5EiTQ{ZiGox1}>ivQrA&H60a*tFm!6qN?G+*#VRJ|{cw=@ z<9s}rOsdjR9@Qv_IEqiqYX_EH-j?j}5+Fn5Tl25cxpOXjgV}XW0ERtuZs2=bFkqJ;YscJX?^I*#B-P$w}MsI*j5CU0+-kNZD=)@lGP>{)x9n~PauUTw3q_K;jt zkcn&GZfuI+yG$y1mnioAw%4W;JZSESLU5Wa#rL)KPW>KJ^XuC1rP~a=O&&?TnS>+| zVhzhqwFO+7$z(#(;^^U|C!Am$oan z?qVbP(61}XZ^@A%Cu&< z=xA?UPYdb0FqB6^^>_6+JLNxJwjHi!!XAqITOo z64oU{-JbmSk+x#-rMKY3Svyrcl#N7bfh?NJ#Tegfv$oO*ubu9WUM7S^3JmI?-^mE- zE>;WL*-1)GaDOovXd(6J&RTswxw};N;GPr8-U(f5&{h}O0?8)SLBllQsDtpHI|8=+ zLV-5XSgO)4B3|zf2zoHf?}_~4CKY$zAcalDZ3PY~W?J2uCMs%9sm?B^N%OqN{$bAu zC}Jj*=$hPVGX%ooi^4g*kK(Gj)z`fp5DZ%lN75ai@Qun)0#0R|7i{lkO6+|x!mT5ZG z#t+c_+=)fMh+u3aS@=9%xWoa&6Gp-}DzA@#Igo7gbVsyf_<0P;nrEt+i^Zpxt$BkL z+{aW@rXDX$H3m=5+Z?-wvQwcPBy&@%R7sFu4EY{1m!owXIq1g-WK#jjm`L!;N~@=H zB@X8AZ(U<|CkbLUWHUa#fPN{BPBBQv@JZo7z2iW6yF*S}G~dipXWNj*+i z)Gx>wt3*cTMCEuja?%cQHFM}4+f;j9`ohBv5LSW3M7Gs2oDE(#cDt5i0S_(*5D%``?^A>Yo z%j=hlN|B8tNk8ge+}`rPj|TL;%w=-{khEdE36b7wLdfsqrZVioM@AN%V)u?4%?$d*t$THTaloI zv!Vxg$E=zq!$6tdvdsDqo_LF!csylqygidf_Z2ZLNdF>-rXXoBYn2oa=p0<=J125DSWi zeP!8VM%A*Pwr`cFksDBcUzxqBcq2rQw7z_@i`S&U!q8*>>8NV9X_x60sugF+$D6Qq z@5z&XUp$n-NUu4WwM;I4V?tO2P+2K!5;CR5g4=#&p{6cszzsDs7rR=a!^P?QQ#=g- zHT!f5b7t>ZC^gnjOwvywE*#|W^#=91WP0-n9#+oNs)bA;QvPh-A5!7yc`xwkRefp3 z5}^SQ7O3fE)b?U1A#`X|kM#9TG#ReOES=O%Bt*10qSTiOQOXLBG;Q{b(fntr*>&Rj z9v_*CK)e_Jf^fPe3P216rgdp-my;mB_ld@em)A@G+tjyVen8qPK3eeQyuoz4E~{tt z$me`Mo9-L!OvQ&VO>fjzkm2jn)?LE)T{An0^j+@bO!br@kl5 z-01uEBjt0dx2EUwuJe9a*EQSQ_2pu9x7cI-)#A9NCY=PZ3{VgDkBCT0L;kD_V0O)Z zq10NI&Z?S-xebCDMoq}0_%Jz^7bBeBJy9c+nnxH-vXZlqh)K}+4`Xjd0ndC(xb2(P*+e4bnmPk2~RLHFomLp6Be9f{&DCk;Uw z9~bG(#%n%*;9XV(j{#BMOuR8;pLVomWZlvy(H7Ry$hz|Z%9EMH6plBqf?vc$Q!^tW ziw@1B=*mc7e`V63^?K*Te>jjn+iO zK9*@VX9m@41;j07oMaTcay8{|7!ehXW_uoViqZ~A3-dPMsw~r1gfQfJvFWA}QK`Bs z$fY8`V&Z}2oT2))00~qN9!vhH8xUB>%sBGE6KH{GeugH2K?ds|vL(Z#=1}HdA~fID zplyxk8ypZ%b+ZJLBH=Zv{k{s*tu3wi1s>&MtNZ{Ucr->7@enPFu+kYYM)dxwo$-&W zv&O%n&nEHIR(*p6*& zUF3_%l%AGAEr)}fetp5*h*|)OAw~KVK5a}ib10G-HgUJhmZ=%kbaP_!Y_sJH+NSO8 zS@@$I!4vr}vBH#F3!eS;+F)+4w|94y55l^q8(O4XHNY^03?+5KBjTde={iP#?0yBt63ucHzm!uDjyY!hi z34Oaf8E8j;3m_CQ#H4IB*rl3vRua3G&Q=J_u7D!|^-_wGM*u%Dj+X>j?NnNou*LmW z1ztxg>5#$pckCB&+X%>sNFD|M%NQ6j`|1GI?m=+8)>;*ZsLQTgNQf|Cn~LLVo(Y%)=_n=Qs!Z7{LP)1I9pp`p~-6@4?<9;LVQi9!ubq# z!wlC!DME<)Fyed@G&>m(Kar47I#UT#l2k+Z6-s>usR)T%{<>HjkOImtvVO8zXl&`$ z^XEix3OlZ)(-XEz`8K4w$!60T#2C0B2mYzI+=2=PX9+!`hbUX$9_(WaC5E=~ zDjn;pumKk)qxG=SCX&v^ra#&GaJ%HL3iY9Bz;>HQa30%^^6XR6BR&iAI7ht6z`{N4 zJeJ}DmmSCELGpYg4f^Q#={QMEq)5glMA%0`UUE5_j5YIx^tb2Pqo1Q;+-XW++3W4;ysV_BBrD#Z}80 z$#Bz#(@yJINzJ1qVo6$rZXo_r#^%)#`Csr^M3h6e z6vbsNTS;U$^@_i%1|Tvjls9!+{7}o(dS}qPmGZ=st#(seNl0=9fCGm>yNW^S>XcFY zF4--o6PlJ-8BXoy{s5k6khQ3Ku!3Ui@_##5<*l*qu{xS0aG&NtuPP?iqBFe^D_tU# z=_Ik22&C*J`Q+^+OMi-QuK$<5o#e~j27;c#!*L||Tqeu_Lb##H^5;a_I;SmzY*?l5 z@}iYEt)qUzX^*@ygR>)^x`~6>ssZ!RUDUo2*$O3X{+!~%AhP?Z!(DT1BBAf(X|0xuVbZKlr83U@3L=IQwM^|{WP zlAw?sBMrKiJ7-u}iVKX}EiEc_<0LlUgmFP(%@ z8^U{%TqL3CteVE15&fB{sA#Cc)Zw_JzpLwNS+`0Mgig8MyZ*#VcUATLUXhJzl^4Hc zge_j$#vm$2tyekr{;*JiZNCxoTP1v;u!v$b=9gBs)&$m50BWiRRh%$jfyMn=d1_Y} zat%hz{hHQnSPg9Y)$qZ1p)m;!bMv~TIeqFNQ+|G_jbi4u+1kTe7ciIBEx={;F&P5N z``EfHP^T%Nmy)U3DmUy0i06%h_AbsD<%VW(aPoqh8=o=?j!ahYl9GlSlLht0HSkMW zORbD6kD2T|h^;khCzFodl1H!VeQf|eECzmJ8dpK_AqjZL zsQo3%+Wmxj@PGjA8N*nKfPknXJV0Owy%3xdU^pbJ5_nJ$PO_DdfB@_r=D(JH%ei{f zv!tO_IGYVhb7ZIwdm+ZW8JZ`vl&FW}KiFqE9fm_*XNX{? z68*o%6QIym;d3|b@@8GH*_T{lrNm5moYYsw6aE~(M^E#*df{X^=6Zbv@2fZ(fCwhr zI3(0M5oR2KtWje2k(iU5i@a^oGYc9gc#+jxYfLNsLi$CMWM~e@=z;sXI&X>dI442{bFH;kvi@W_R}EdN#Q>pC zo*|5KM9Dfc@VW`rg$N+L&@w%Z9lt8dH%3m`~}B14LM3CJO0Dc&II(f-{+ zh4JjAH@+>!@y3U68X)CanmuY1M2NU%Aj_-RhBCvNd1>I=&kdr%R+bas#V>`B zAj<~209kqO)2AiN`y=|ek|eiXI^rxW)Lva=NJPW|Ij3LtNr)H7Xl_SRrC>)QJl9WX zXGii0lqIgc5A(?;E_oY5J&3Uz*khMhXbdiWV`@G*o6F6ROwvkT_SXqkrax&MvDwy0#$X++iy&GbrcB&s@i^bgN3=TRMC~b)RxdF#U%ow5HSv<#c2cm#ry> z*XjpVLR)wq)Mu-%QB^qo6X(=W*5DYz#rEytPduhK z%N9W}&Y$t}E=V(RMU6;?*3|PNZX3xxPR-C4bkTPj2H9&s;a|9amlcA;z%Lqk%zz$P zSUxaPz6N8JO6(-27_3I8#8I$@^&vFOn-N3S{}+O*BX3`O9Nd-fP(5LD=#m88J(P=c z1i@ZzAMp7?Q|3s5k#$N}|9JIhAOITDb=tRK?|dQ3!gXlYVl5HGkSpGY%|1GiT;-;( zbrv%Yxr};EGcEU6RYxTPjp=7+@32b^Tb6yJ5~5Q1c{nP(4jGm<@Y7l9 z|KJO3c}^oYjg9#_gtavZ1xz$VLV>tT%!@@b3h#@nJ7i;M3(e&DEIx?Ov+Yw^k7s{E zq-`C>f)}wi@0&2r7jHARr=(dj!*TWC{Jr!O{?+lCP8SXyI9(29+p(;j>ncPj$GX@5 zGd8xqP!_({>XGWH4>t^&z^&(S6_Y%pA`u-~y9;zX1ht>=-$RKGh8c9YiTO7AIN}nh z32@bn3UI}Y4{*)!B~yl?In=EU%#dtF;!zsIhkqgk1nCWKf6W4505rllvG@%*ya^Pn>^ru6|fg9hilxoW(#b94P(S!PuY2KM~yb(K%i1z_^ z$939ZVz5C&z77q8{Sy-1F$WE@ndxvV(1`lhhMyzpFZp}Vx>6@mG8@!YW=6m#1jT`I zN8r9r|8*tS%ZiPM1!;Ttr0qcWMs4B!SlbN$xDU0Zl*S!d%aLN|knX`R4oj-7eMUpK zy${t_fw&fjv)T>n%b8ke3$`fVh)mnyS~c@81J(EDV37?nda5q36;%0lmxj-pR=}HT zeYC+yYU;Nu6@u1XH_-i9dGNzGT_sN*F_kH*q+&|7T)2hhg35{BF3l_K{0Rr!$GHWV zG5F{w#T2pvcLLpnvW5g@Ntd(3gU{ROc{J7N1g^o0i^9wiIjN8awt*O z`zImMBpZ*O62Qo8I33xQb^u)pbLycNEXW0GsIwLh`l!+GGyCbYkQ~%B+?T%1%}(og z>LC(o%JJJGJrta6<%y*^sHY}Zf+Xrq0ZJ^g{1loZ{1k#N=!FbOAZ5Slw0As2D!LC?nI0V|1?{ng0>n9C z?Jhkm=pst*u$Xb`H3VD_@zB7lU zPOx{u|L`tsSDQH{8TW4(X_^AF@3XC9PO<* zEdDjD%qne0gQ2a&;nX}|aD)M*|F@QLo9%Ni#nwzGsWSve{}xtL@65Z&m_R!LsJ6G|+3mWhTE9DSU%z5(`_lm_+i zWKnqg&F`Cwd*u?=Y7Z3r$`K0qyc+`O`CgCYFp4_sp&*=C=Q~b#F*#!ns9{>x$x6_z zjm)S)K*f2ssaV09?hUv=_EqO!$G^IV@!`rzCTm63;MJYdCgv5KFdDMkL#+avg=aS zU-7&$=~`+o#*ax=6XJ&y|E(p=A@SCl&TRH8vxUeh<^*3V{yRAl3qM_ZcQNt%e{7!q@)A6)*0S_ltktmG9C4(tp0=D z;IBr`>;f^hvX|>aQoyYS0G@Kj#*1vQuK;ehvT8fnN93!jJ^@J!Dz01#DAXQPTa;!1Hp{M^idO;2HCngUH^8;cY5OJ~D6$Im0Pd%+ zzS^k>=9L0*-06@}JD^TbH|G0<3Y2A)6FKL?z<{D&;)C}g?WE&_HG|H>>4 zj-McIl1pzR(qi6@uT}OwpJr8kuHucEWcRCi(u@bAv?D*&n&V~}{gmWNSr8~Yj{m`a zycC34;T6fo`04@k?EfYw`$e~Ye+Ex;dx*^ zc!{Hae0XS}rgeHB(ITSdMk@>?Y!e9iM)Se)V`qQH=N4%&l(waaEoL%_rfKS);$g#! z59Zncy;%KJj}u(Bz# zezo+L+0m3|a4x--TVyEBvXrL3Rv5vSM6h45b)E&Qwn+#>5^`{qYq%jpm1r_Q3SZ19U zBao!rp$oMK3~^60x=SmHTrxi>)RuXlK_p1{o|%(;EB0u{^s7@?F$-PoyF0AbU^_Ca z2gLzGJJ}mS0kuR#rI#rY6nhYi`>_|JShzjM^|K}<0CMsbY+ZE ztS$2xbT!nD|1cyU!u$;JBjF{Br3EC+si4S=%a9Wv;91oY;=+LHyp;y8Su0xnh{t23 z%u1Hlii|vlJXK~Z$hJ$+k%ewU1Y-E*G8N#E0&~%T2Zw0iBY}kjDWmw09Hk~n66@QL zEzsmiBmo9B`MWHpU+{6HeaX}zBneSi>k%GGk@Um=#NJ{MH7Nw2&=ZHDohNNKT;LH( zAvuVUyo3!(N9N@~HC$e@K_*~-QOc9&TJ(R1NBgn}QVSmchoqQx`H>WJW{!?+-lAI_ z(=hc~)(dWbxee12!j~ta?p0UZT|Qw#{q=3Z=$`|y-{YWV+1J`L;)iFH=nn}XWb3t& zPAMW&B^3%(QB*-#oTcWEw_wzm{8C{dB&*D7jG_4v3)mV5?wHgJ88{YrW((`cxXdly zlr{To-j1WTF#-tDLTF2*+t-$x9%LM>Q8LjTR4pqB zXDowL{&E^=X-hLJ*{MX%Yzk;lv0H+i(tu5Vo&L9V9^X{)KgUbYJ1%;LUc^n2F=V({ z_hkD#5UzQ)_PhcJ*UxMOevs(l>fvzUTvZ8<^VrQ|1EqHY4QZN-K6_jbEk+IglD3oL z&*|cPOHH2fu*4QEJlTr>U`(UN%pbIdEV{zyO{0g&KE3RPIZ=lHr%M=Mh^dp$Gm}OY*ow)|J5&{C)+a0$ zW6_|Lgbco?E|~ag_T9>l_;+Lqz-%Z7!i)lJzCn)y@HQCv;e%bx$p>S#=D;lkVYRyb zV@zK|g?7dMa{Y0CJYlpd9^6afoRv+iMP<4nR5%AIQj1_L;YnJFbIDqX7k&!wbl0D* zmDtPP1_FR7ig8N8Sp?V|CcF861WIX8ChC~#ZxLkVp$!Yh8fT#975qwyq6nm z4ugOa!Sw1yJ=IZ>97&6QjYl|>yT3@Hs2+y7^ZvbI;36InNjFjz)VR}AvfuBt9U{SP zWWFRg8O4RfjdU4?4~KQ?p9v}`rWYG-kJ_7~z?x?&`W<>Ka$I(N8& zQeo(gYLw~p!IW#Lr{`u(k47jY9$~ir;c6Osea+HwiJe-#uYgRPJyFKS00wSdKn33M zxOkD>kU8sD6+*bUq;fniSSwdsD*FWpZ7a51fr=#(-9JnjvHC~tw)~c@W)eB-J{Ou7VAj7U}RdlmriBg)e06xgMC`%cwmK*|u* zlm_jKMfXhn6BJIhkDtr4qgK^4(3nNCUQAaHU1fs-^pn}#aDzTWCO{3K4t6`tjYb}G zUquQCI#4q~8Mf8qi4HEd?q@qVP-W?Agdj=jz@ZJMp33cp+}l*exc zak<($BqBdNz=@gtM1X*ROQybDJur}UIl0|gMoCx{&w&WuO>@i90urY)Lxi6 z#$1%y;L@9qQL5urm2HBGVmTY4Kvb{0LH>s^ z4Yqs)dm6 z89GJAfnc2VyhkxcE}C5#mSkY+?EA=cw$8j+w)IB0xAx=Zk2G<#Uu_29yd#vxnU8>N zhi|oqIf;I(!!DU89&|`cMfxODSUZtYDZP~sO?nRJeTw3C0Y|V4X9wL9y`pV#+mC%E zG3qW;81V`$3{@rnv8ZY3?xQ3VQ#n!9EuCyJU1qOog1{*@mu2L z>=_6HjOmMNhK(%m$Iwokkp;I1K!_*-@C1D7wp)RcIN6iub|GG1rEt)OkE^ykMS}>B z4scSl_y!-@k;2FnuRzKak9)WQ$I2A%;WJfOZWZK}nN#T0m#hnUfn!Lyp--8iPpPF( ziKQPVyugq>X?wXGfNw?;L__JpTV~@=LF4~~I;iImPm#$9J1QCh3ssVE*rd~JQfJ_q z$UVsl2!c+lcYOL7aQw200!URhU8`M#y69@u( zb|7(l!SJjPJtf}UM!&G0ggpct(sbH&_d*YKO6Q_)m34{v^TL=Cm!x#U4MTA@cX@&5 zGDy6L*X+&VR`y-{Ew`|9h7w&C^9hKeawbVQ$K;OJe5|zTHYep*7Moqd>5g>OE|MBX z9a<4cX0eEKtHJFejh6YA9f;OnWty^DUg$8Y!Uq8(ON#~JE+ewjN*4WLQAO>N7mMG9 z4hE8H)-^1(?HJ9~d1;~Ap)O^Mr9V^K-{bU=tEZG>mxmw3xDlw!+_P$jd4?F)ZX@uA z>3u^)()*4S?hFrFpNZe@%P*>iwg;*gZ zZO1f>-!vanFD+Er?I~mPMw+11I(Pf={mmin3jts^f5R1tG3AEQb*##oi~b#HNF}p4 zKu@u?0M4~=OFzv|thd^IFxNb!P#kBoj!zh#oO*3)4n=G#z~~QEXW@w4#G!Mile!pnq;l?(h`lH!P{*yQCE(muFM#5(%wLkv0{4e zyeo)|Vo~SP^Eq3_N8uctpqZ6kuxqDgP87MwAu9+jn|kC z2^xB>c8GcC99m5H!D-d~eHbibcDr=4PFEy&k-z=jS5OMNC0i7KbWwi4$dJtMm@^0; z!S&btGr8MsC#LBndk#PkrHI;r!^ln)?qXng!`8fgZp(pbaKt$ojej5+>8))>Z@!fO z^a`pM%Zc0 zbW_;FBrD(#9A_lG*MLl8YNeiw!sHXBj75AL87J$UqcGZt$d~9D1&xPUoZ$F>p!5juLz(MS!BPUAbHBZ|$qp;3Is|pEozoT=d$m z(1^I!!+dselH*zFa2f3WfZJD*V)*boxDE6Gu z`K969yCiW|wihaq@)c880Ib+}g^5E&re#gffeRB37E`1y1B;%KtQDJ_#YW2m8ws&w z`N1g;w{b}`LGzK2`D}gOGtfWDlZ${6ewc&EzasyVa`JE3 zk)+^U8VAk#y32vXDWlEoM~r@Hmnu7N$IXlIPL^-~Km7H+Us(m44+xfb(D zY~y&Is8Aboi+;8n6tX$@=6tvZ9fJ}PKP_`+BI^O zUMgob^s^YSmY|*F+V=6CWWW5MLK_ABJTb#C%`7_m$#-DgS%ph6L}#%(dLBz3LBu^? zx0jP-rzX=c`4*IudCAmIB=fZV3!y0(4s+>YIjU*imcTxaPkU{A^$=P4>~b{m)Sji` zT603Js&l{JVyGz4`w~%7y?ycxG5f}a@iUO?%l}j}Cs_o}lA?K!JqP@A{A-i2*w6o! zVq`4gqjh2hGe)XOiLM&S!D1ZN=n{n#$5cy1O?d*kw*hW%E3@6>`+hV>g_(3VJIaTt zYzZLX}=cbTOnjHr;v0o3`iqOWAZcdhOz-$C|$$=i7cPAtT1>YQ0cVb znzD2hChX=hOOntM{#UePJWsBXM6-i$TF>5xQn-8Rig;%?0?f>nOEj)_MRm&uVTT)P zr+`Cn{K|cYb|o<74Dwk{cXx||saystY7b2S0HsCqUMvKKeH*3(gGxlIC02`$KXy){ zFdWiF08XG10+JOK2n3!O0OJE2v0ttpXA~XT3V$yP64J##VE%*9AfC}Y>_0r7T@)|U zmW#?t^}f16=vlrlDwTdGfg)yU(b5Yqs=aDjWqYzh3}AnSh%yYFpTMmW0_dIWm0zYG zaL$tb-&|bJ-cp>u&YogdKE(q07VOCf)8SijoGcTeB=&a2zaMn7wf>Go16+ncMRj{l z*L8d932@x!jrZwfYjJJ=#5xoqo8P!tj`?0cpoXiC1|UPIHV;VjPeoWpp&C_Lf~4o9 zmZBcI3@t*&NM7ZP)*G|SK*>P0D2C_oOdfdd8cLR#(oHd2Y;{$=-|t>WwX~i>?-4sY zt?yD*yk?^QMmh4iR$5%LWzmo)j}H`{h{nx{nAQtK#c))1%6`<@UepQ3`bkdE-|#s2 zwhdy2PO#$NOD72&VG?n7N}w}rd-+CZ1P3FLoWo~{5f#eof<~# z?eIq)pbufValuCP)xb(OXqPT0p4fOOQBGV$3Nsxi3j{@MrRa~Y(Wu(;gEevaZA9aw zm>3`O+u#XC&m|Q$lyAMgmJ^lpTqA0|4hMuGeUUic86)S+$mb@^06LiHM*An&@srA6 zb=nQNYG}=a3MNX9ra+2+3Cbm5E8ZdhtK-*2`x9O=9Q$G5Hvxo`Fj=q05=ns~Pf-t0 zVx(2vSWL_b zsjy$+U6c>hbZ$pVqi9DeqA*l+XGiJ{gd?GS2>Z=GK6wvXGlF>_G`1}$rY$JCEhwrj zD3TpVf7wl7deD|My0!?dul5C`Z3v=$0Q^iBFJ)1@-RVt;iB^~=HO`VE+JTt|C*IN` zDj!L=W#TWDemmuvdI~e%!}bYz-_Hb1X4VPZg!M zK~|7QuwW6$t9f%fSXI{%Qw?~-y)qk&6}C?p^Jubd^-x~Zx&3~KAVa5=>Nl}8s9YJ1jp0u zaPnn;R%lP#sN zKjT+@*m%id>sFIhBx$E_3V33E-Y66;^D?VfZX6tphhJK(m)A90v@!3lvS(z1>Xqd$ z3p0iLJf%U*jTql+bz;vdiMx5b{4NO0qUkgap5msTu>(}qpfG~}43DnCD`H9>d_$se zo_9(2k-W4{)_}@FfsK+UAcUuOwPc3Sn&C|Yi`CqGBR6<w5!59u&zdM;veEuab4^!L<>IpVQ$zi023&Cas-Sfy5?45 zw?Xv#`fneWH0iWhP$XM@rm(14Bi|7R_L<@CUU0Sd(uBSjSCvl9Y2i90BFoyvUH!dE zmLrQkAwqH#dv*koNU3aX=Jg-@eZ`O^4x8j+7CimOewPf(SGZj4cDXiZ55z5441kgu z2`ftm!gf{D*dZp@$vKjl^R1i^Pf)gOLJH%;f1ok!J4D1V4#0h-CgSP}p`RAM4BSa3 z4u>yO*YImcK~L0U3gJQRh%JFgQW={tHjF?+*ev{D$-8yd=dW^E!V{7~7~=AL`gy$& z)8o^{xbov|zvQB9-obonH~ z95`%+ncCL%TYQ|)tq-cA{#Hx@U;7!5t@tiZ$Z{-mGIO;9!+&yD&1gUz$IiR65Et~2 zvb*;~#4K+kcnB{yPRw8FJ!dH-8((UWNs4+$%A+Zc8h%1bl5L*Z@3Y#WZ$Q5iOs&Uy}Vp;z1k?@2?xM@>*2NZfbp) zFAZNn4CwNJG>7Ry4RSsJVE`a;P+H8WMT>>x@4eJsdU>8W&uztiJpYphFHe`j)f0RYR_9Q4EjbAjnu|&t zK6UPRnX()Y+(eG9eir$05iYKw#Xc_A=qerynn~%%L~&Mly?couy5iFoRHAG*T3sQ6 z(oDVDISUtQ(aB1NFU3L<>e$0_RD^^msT~gG;6?FiXX0jtD_;j&bt@5&AwQZ-RhxsCS$E57GXb<&NqCK!&Iidm!y=4Ko&|U@F zd4QQ7Or4*#z>21%5$jJyZbVY{4}LbKR6c7aUp&ti{^f;hmtMyA z60#+3zW)%8_-EESq32(-*4hP;R$s$pqAnh1QTK@YmwQz_AR_KQmQ1(0F#scK@Cvr= zafJsCblyJ316^qW5iVeByG?=m_7JqIYBYzu!aS)P=8&^t5GW=Fg{YY4uq9#;L}|l5 z@c{dr(v{C;Ag<22^n6?cXNbc5)}VL2;FUvufyt}$1L)%Ns98G;JYj*hhrrX z=X@qV#=Osj^IbA?yWnp(2wMkgFu*c{*@!9gET7JF@N;**x*~&VD%GKf$SQ`7Z79ao zDEI5^H9x?dKj+i>XB%MNW97$X8yHhb0ttbn(gMqJE1`72cz%=FnJneTcdz!89ALOdS%esBG{X%_eBn3Tmsg!AEnRj`CZ3iww~NhdO6fbJ`(g zoYyeJ9oOxn%E6=RG~J--GzI+0Rltfr09CGuI6bkTqo|G5kon5rN3Yiy^0S5ou$X55 zy4?p6cLTHF(6PAR@Qi-g07acmMbyQ3yxre@>D;@U!p|By#QTutyVJbzO|vJqAbp*T zc4L_0v)|)raJ5w0NbA?mPqGt=bas0Gff#S3YmEl<77f+!2H1hweFJ@sEuduWP!AC4 zzECbYagnOgp`Z{G2v1<=jz_ohnm0V~-i`4#j=}c_(=m$nd;0n|Mz_gn(g~evUy8=O z1z1U`jmEwl!j60Gp^zU=iY?-7tcjakK{&13XHx{~lU2Pr@ee|6!j}_8GbQ*nouxd_ z?M|c3*(%c+9u^8zU4R6d^#?M)D`vDf%^!LIHO}FZH2|;sfvm z2GR{61rIO`v&m1Bi!1&DX(^YVEtsRs{Y-V+L!20=!!fRIo3wc+Y-zwtr?3AbXBcrD zjKwDn!I+CiZv|ZHM6~~1CFP286j;TWoLjCq;pU;KLMIcmJ0$>Q%ynmO$%=#dz;Z+e z?M@Q86mn$t0&oZB+$jtixs}t3PO4ch^asfgUt#plt!=*)IrhnCypjt1ze|`mHqs?A zg_+-=H#B3z0hI`J^YmP)`P}#=7GNew<66V;BU5F?wJ<6al=0*rslM3j~*6b~qa2zly4#S5ZRAk9FZHC*| zVNjV3TWtxh#==m#Y!5zv>|9x8Hp%hVV<{<~UZWk0+s$hvZ|CP}1l1ndsulm18V#&0 zZLIa-D{aL!T7{Y^S+3xDc4-dvV`X^`Dl8j?lQ^uHGBX|818uarN&36>=1$t=F*e>) zKXan-`eoJkXE%x!j7jpTH0YJ^nw=s$F6KwM1(1MPFkV|$gk8`{ianzUN6bubTZZ)d z7MtnCU3=rtoNM8I(S2*m*X#+i%>Far__mbp>Cltvvo@qcV|ShGU!kXLaOcBm32Ac> zfi3BBM07#3;HU5|J|XI{oos9N2(#h&bD1dFSZHeXiVq-|HMsMT#<4qo4^Ie0zj^Zg z7?IF57oL*EA?C1Hc+>DT8kIZ0grpa&+#m0H4NbCl&RR>l)3&sxMUo!hbY)5X3mXj& z$2NctEd%^U^pm-wF5NqYR1=Z(8I%i5{gs2<_~NbRnp1O z_&|}^XZR1}if$6!(iall3I|y?!fTO((ItEGF_nouc2T8b)I`f^d7B95;=(q`)RZ<# zQp!?KMAF|!Jn*8)s09a)yFSY~FyY&>sTipZCjF-Lt%4a!OQ%HDQydscSL*IP7>L8A z8#LY~JBrK}`Nhi$(7quFlCW4&YO$462+jEO!HQaZB~pVR!C|K&pUGzbRMtdB{VSV> zJzc@wwlljm7mQ4%3RU|}^esrcoL*qsOW2t3Ss^erLx_2i&3Ys1dHOO^Sn1?_V==Am z?`0M8Gy?^r44WU7LBxH0Abn!GKs{0&sLLek9Td^_E!EYpwf(WBIE!G#=v)BHks4LU z(o&5@)6ztJqZOqExthWg=cFngIY%>rQk2X%G<9Br!`w;GIMlK~-?EGYg2W!?Xdox4 zE?i+rfCbpCSLufsbcEfwT&x!MKrnpTnF+hPJ$({2b!e);d<)`u<*CjQZJ|QmC@;nu z{6fVP0SIE#Sjq@-{B7K34yn|)jlSmz?Q{)#Q`v>8>14)H zQeYoBUbH@+B|SoX+giT&UuGA;R?)AXl%vu-@^_`zJi_TZudAIDBa^x}2fU zykP|2(*RpHE*#Km(8C6|8~pcIA~{_Oxo11a~G zMTa;4PXknm06SoSBI5&$M*n8-F-DH={&Npn)09&Fi&`fdkTozML@N$l9jgn`Eer_K z0;VhoO?sS)nNo%qc)6Mv_oYV@G6#pIh-w)P zbDq-YC_DS@t5=B2@8e=N&LRc^_Z^70b~vsak0g>E7)JNcLD3e*uIRm~66bOP zOQzloH~4?avk%3#jCVfowI4`#8kJX1cWTzu8AiM^R!;w63q2%}W3=N0gAS_!&z)fB zbjFcj_c|`k5fmN-*r-!uyjz0Q7=OtR;ep3Ur)KJU= zJo7^!d$*IW2U^I1rdcOBWfriJ^SMgb|0%wz##XF*#r#KrRV?U+9uQ!)l3zJh{v*KJ zF!aB`gzSy}H<(b=e_=w2q7vwN(Q?=%l+bO{lDVef8-m|(i7zKk-k$8Ybka=ol=--^ zEdr!tzUKNMc|Eh^Gxf|7%Pm<|)5uh=uF>NzmWD9KLl$zjPUC`RAi#->GS12r2byc! zzPP*jyl(lfuu+eTy#yr1Y-O!xxe=_5?qWxzCL%TmHnBw1c$@0;3$##E)Rvx{2;@|8 z4OrBwZ`giYa8{O){kt8YBL6-fwIB9c6JTc z-Lrtgx0AJV?>{yjG76CaNX9hFXV|op_N=xZ7kVHBmF{2MhMdu$BfJkT{{QFDy z&PbrDbIoWFQnOK#+j7W^3qo549na90Z=|%qgnH*3f}n>E2#Th!{^pHEd~;#XhjhKuJo zpXj~#8XT<)f^@`h=(tYAy<%*NHEljZnTA8rY_~_%YzJV3wp;OanlK|zfpwZf_Adc_ zuBA!F0B-#lzs0!E%K`<`d{pq)!3cQdIn=aW^Yn4s6W&=HBtL7%lq8u`1a_!&;-asj}Msoatic}tx?2S4nS@|t#d-U4CPKm&z-~> zwaChb`=C+Tx=_%}KNt6nzV#En4HEExK{xl~fnJe5C4X#p9QHzG-cqG9=@gpnD@!20 zo4`zY86=k;&xj~zYi)`e-h|(8-V&69>XOuZI`E1_ZpYOW!ZZE=YQMyEQ#6o6Rk)U~ z-8(Mlt1YG_=jYxS$!x*sSH^t)T)J=y|7>73BzP#yAx336Ok{QiWES$`099WB+vZ$T zSGmxPf2Kr~r=?4xRdiD#e+U`#VNp>MWXlvVN4<79h+x_s^GD#e0=S`*VqxO2ciP7o z<}cHSvyhfxA&-H~FZ#J(!n2i3we?fJxuWomE(E#DgC}qlD2^|N1zy5*K^~0sF<>GS zf*w%$(gEbD&v_0`?gC&R+fYt%(OW7*C6^jpA_GMwgt%!Ne8Ef{DBvga)nF#`0bUUp z!eqXFHcN^1dJZ9_CDmqifu@KTRI1E#ip+6}%yJ4qH0&X}MN!`Ce0ST0`WQ|O7oi_( z{ViK2GW#dElU7E)Op$`l5lw{+Uzk?O6CGGm? z_l6?7|Io*Lol&Da@ShC}PL$gZ4GT7nes9)7$t?!J=2PpQ)G9ACKdoAfg6jNYBiSxp zIsDF)%M`8{wjWk%!X(UfS2MgyWlcGf@ul-m@mxk?zXufUs{`6tZF)ENI(Otv&y&Ms zOP)+l^^&{VIbWgewBjt}Xp>n7t1AYLMG{cTlglVHZ^Kr^_oQ_{d;0>5P?NV5Ce9f0 zH!96eTL*`6mP8E&uAn7#t`_R@k+t_!h9bO#Si0a7tGp{N;NT~?Y$`ZK*cRFg@KRxRY1VYAX)Z!>zcpwjv z!0|dj-O7+9>zdKbC^NZ%oeh+0?viFDb3D~~9VxD8GjI~>qo0$>jcn7<9QkSTOi^EiT(-xdIA!hZONa9=G`x6_P8 zl)Cqby+!y#irW!)GAetgt%l1ciQSMAnR6rMI@$DT)JFKU#li~yb|GlsdzP8B`q3vg zO-p{_r9ZmaBgW7^4GDjRjp>PuEW9|OJbC(-l!jjGeUs!k(|8yqZi*>dxl4QNun8K4 z|B@Q9d>GvAbL>gDzrlKHhvj$`(uf#Q{~jhayg4pqLS@MIBrd}(ZO!i+%03ya9eZrq z{C>o0CVT}Yq4_=Mr<+(_87=N1#Tqy1Fz{4-GgiE-io4?{$XuJQjc=7y9N3Xd#LznE zw)&P3;;i~OanbqM$f7gNoB~1ag0sq^U-np9VC|!0CW#M5vtQ}^y^4PY^5qsz7!k0s zv_-`67S=pSF_x%ld29sjv4Bo4{CD0&l{d|1{6i<8Q}e&InTY5;bEHe-hguSuk|Qpq za7k>%<{l1e%W;`fmdSDH(8}uuJTa9_{A>)|%Ztr3=L*8(D}%s~LvMb-jYIb`8-Wpy z&IG);xIFj)xqB{;>;KB^17<70e)kcNZy`JuSMk3w+cY8@1HTi1>YuRJQ4|3&KqS(Y zY(o71vbn1tyuD=riDZhqz~R?V6Kai(2W$6R#ndqTakO>hghg!SUo%pf-BTd(H88!; zK!4ud8#D=2hv5=6PthTjzfnM~PX#Cp*f$@2buIo5AHC3}>r&Ba4DJ9Wp7nACBc25V zo~Q6<(2w>KOCtiWy=7Y4I!;8!b;Qv5H+J2{eX!jzA5){pWn*W06A7-LkGl@*npedo zS7Gi_W7n+EV|Oj-h)pUF5Y!j<1Jx-!l5}OCV(~c?T?d>?U!FRMMZWFE zK1BF zl+<5a%xgDqL0_xb8)jU3O=lLuZm!b1TefePKloQ2!qQoGZSR}{@DPEag;(0_ax>`1 zpG`T$+K7 zvuTn4HTAr;`dU5s`nuh+814E9&@5^d-XRO~A2+%-`N5Vh0RJtOYv_N6H)}and`EoR z6}=kP#TDEBuY!$l;XMJyLhcTs(v zy{}Tza%!dc(N@?i%u9j8fs;pTSVOTpV!ofButgoN3|_1)scm(7`7mQ9|JeBs#$cb$ zTZm5RLh7)GHyuLDmvhp9g9l=l%q>?W6Mn$VMD?naUq6#tuDF+nKy!uadyeaQjzqSN z;tbawv#xJDI56i3iD`o4_M`B^;_svK5;-w2WSdDAXqltNPj*#FxjfU=Tj#GOjWo2w~84DFQ+ zFn3R%dI4+HoHts#V}K|Dd`N@H-an+#RDVS)wo_^Wrfp{|822tJ;l)Xu;>qUMOo06O zgq<+Ga0SkaVDVim+fh+CIhy)I&O851j`o*VoG|@9a7h>2tM0dwkmxSWGNGX0gP&B- z|3r@MNoD1XSEu5PCppKqMruP9%t-4aRO#qX4`>3w95!{0qtD<+o{;&9h)|NS-)h)+2sXbO+nzdzJF@nMDC@*50w%xvHD198#VD;B8J#s4nbhIt z5=0ZmzHLh1JFlrHmUT3I$Q$bp&nVNbjHK1TW`Kn>;v%gJM~C5;Bn(xBssjDz!Q7>z ztANDJN~*wq6hx|N~saL&|9puStd*3W8+{k#q~2p=iC*dF6AD$ zRkT*;vA2|wrN;=$Rbzt>(Tg8XAAEJY&+3fxo=@;glWQWqn0#Jb3=_a|%gO*h_U7gx zox`4ip8x0lBLiVfj4be;&TO--y+gg;MXrhln<-g9R|x+_sD(SZ>-VZ>#s2QdJ3UooKlTT3UW~3VM)D6_h2^j1(1vmgVv8 zMfzP+GCBY_6&<6J6cr-T23#;GGjK05qQiD3c9{;<+&aq~M2411f|_cyCTh;geM?jb zE|QuczvDjNunQamN@u<13m;_nAmKhML?CJjt7b*)n5Yp`@krr+LGeQ^rC0lrwEOGLs))^w{_c+2>Q6vXR%-RtV| z`Z*LJ(D{Au&K_|qif7QP`4PHe+;GiJy5G`v6f4g{xC$IwyKGxotF)1fQWnSf(e%cS zZ?0#SZ#5PdzUwr(fk|WTW??d%OZ1?w%ARhG3gRyGPYds^a@6p9H_B>?`+-v_GXTS_MWRd%;x9QcBsG8E z2f$>M#l0R*oc=HwA@GS08^Re)U99wY)T?yT@JLet6|4816F~zs^+Q-XEJZn zM30(`e0>ywsCkw=4l96_HQqmz#UlJQ7N$zdpQ1Z%pL1*LCjvWtLo8;w*s0z6H&lf( zNuYM1%TCSL5EF}z@$q!J`w^t5*vu6V`?;mOCf{?|Q=!cO3*r5fF!OD3x@Gy$z`6L# z#1xB=r*7t#A-kd$EtWB|jw{+AjC82`yF%8p8)!A4wztS6%}7ndU-+t`h$>hW4fMM3 zlMwk$fyWI&FexNvzDogiWIEYgeiZ>NMj0GqIz03zO`_G36XgZG6kll6#R>tf`sqPr z+5$|INsFe+948kX)(q?#Zw?R#RQ0eQHOR{5z+oENWu=*iWAN^p%broX&yOjiqK8$e8lPM%b-vp!gxeg05v6Y|KH- z0#-ZOrSd4N;<(-Jg_cs7_ZsB$#}NGcj~pYmd5quNB{|}wPW9exQz!r~4yBCkGz!4Q zi2%5GqKy(Y4LF_G?g9i8Ek_t;pA!Rka03uXpEiV_A#o8L94t8Csb0$#e2_O|RiXVh zTpi^7y+j`0qSn~$UBE9I@&z0QpYb!WEB0IThL$9po=Il6GmxnFh0}7%RN?>MgW_T5+aMb_))V9Jn}6Rs3_TpFj_&Ol4wua`N2E% zbE!|So)TZ-Kpu%%jFR#oD?1Z(D=5*}rG$e=NvgB6Lj%gV`bxuLdu$`oNQ5O$c*LNJ z)7-}?-7ZdL1~nm;sOI3=q@5Y~17r&#dfM@(`aE-+P+RyeC6(y({I!I>hyi?zYbFZ1 z^Q+KJNk+(=L@=MxY3baz4n-B7`T3tDR#qYEC^8!8+EQNPyaU>po~i51NUD~>@-mFjWsCY&t>lSmfkBCBbHD*l=&30v5zSr=%p@Q+ z%N!Zy*h*y@IU>jL@lJgY70)XX_E@pTuCqq18?g-Li|UaDd(~NC3CvjDqErf;!onF! z7s8#a%1JN0gX0Y`Pj3Ux%*=^5(6wuz9%?PUmk8xcLjd6SE;2~KOvG6X6dK+UUbxF44`5}C1!;a z3#ITh9Uhd`eT*0`EG+U7ZsUruY|zNV|F#e>DHUceYZEc)d>q6KtyMSVk4bc{s+(ai!Ny1hEV~$q<`JiNd@|b}#HwqP z$lbeF^ivjBsv!`uoFq*|8oqVwfqFiqa91xu*u-`q)DnqoS4e6i+T$~Jv~r6)Sf_(6 zE7p;Rv}c28wDtHk0w9tbM^too#(WcG05H-k^SiDu=yzQogkIr$U0)UY@47x5KwaOm zwLz6%2LS3u;OE)oHtNlQTK(Ve6Z2-+Va`elToDji-Hejc2wB_t?C-vHfJ_R{NvZ�rjvgOmd$He5%52kyRVO}B=txd25_vp`>>v3l z%~_;X^mT>=pQa~QO&;FX`nGcSjjgptTarTP!mc+1-6xouv$iG2KYigT&^x}TsyT;= z&m|O-#)Vu!c;G*+xf8jK2{|P2B!hn5#{=yW$zDnSg$ZZ8(#Z&fyUg7T-XuzX!PE&M9+z(ND$U&Yxs%&(_#~D zleqwl3456Wg>^>Osi_ZE>;Mjq)OHbE6j|#QEJ5pb&Kn7@OU~E+S+yW>lq}>jXg?}< zC>w_Aj;e1LLEQ-hWga(CWYgGL&o&BK{?at&?_{?Cfb4GDf?ely*kka=g(P=5DfLHr z#jbg$NQkRDx*t288ZiM=MVZHm^zn50u$-yr>t%sC1sON&tZ`Y0xnQutERyVMAd+l& z;L%Yxamqan9L2)~51zQxVuF2hp^k_bOsc|bio$7%!fJ}bXvz`#;{+vM^UK)?sg4SQ z;j$NO=VyO@F8@=+VcUl|`VM|%Ilx#^s0!t@6;OeZ#Gl3?ILoRKdM*xqyLL`(M*&WL za}qXW<-t%MS7dJ?d<7fV`vlJ5+`PjTv3;L!@0phDEVTbf_-1#6&!9}Q1v<7*=o=%5 z`YshB$tI2Ae9N$M9v)y9XGiY1$4Q-#Nera|;f(t5WvBfs1AYW|l?8cf1}{fQC|tW@gfQ138Yp zFjIoi+`dX4s(QzkL~@b$eO)FBv$V0Ht40#`Sg=u+!iG2L*geT@|WZ0xboYO6~G;^;NK>>(@Dd$<4V=So;$pEq5Ka;_HgR;Hthi z_(lVl>D|?5Y^W*o0Z>Y3z+ZbrrO?sIpp8o>Y>iumF`f2DpZ)0#t+j0oJd2tyoDp;D^s;`N56J?G9A0 z%lH}6ed(@F5;D*nrULB~20Q_}GRpA9qF%eKb0^CpSg!E4h&xn}xDH|MsAt_l_v4)S zM)unr)xt_vk1csQ)FOd4*ycCvi9`-8Gq669sP3%Hmrz?DJa?=o-Jm5(Q(JEkaWY^j1lpJHMZn{SprUh?g=w)9Yt`F-ShtROKEoheAbgG!6{m&93nGadkq z<3a|OXBgne%gWRd8Z0meH%>#R>btwUMJ5k5{A=>>Cfr*DoeS30Hjz*rQLbU6`j>LEPf{qWF1=o%ScC z!Y`dup$mbx-hX?G-+D)AJj{+gv89XI3#GE5ejcE}darQf##awa8YiYD4kUL`!0ts+ zMCwIBqFFJ*!=KpwRwt_$=Wp=wS3LFG>uma}Ct zli|;pp#RKJ4>ulu^C=A*T%K^Ub9p>H|{m*NM`-v;|9FWk^BS26PLga9P-N&Xo?gcuG z1Yc79vyp3LN&&T`*XI(nO|R7$pD|H`a1|~rabUa2N^^S8x}R1i&4PJgWozi(7&W_U zSFW3yA8@d70v0XgO=uiPD4pARJ&vdu57yBkE`HeF^R2okbbnFg6%5(?93J?n10Nm# zrAPA%aVbkV7cXKk>?5P3YY_UphNf0f5F5Z;js%#?S=_MJDwaC~#SPV~@K}YLy%c>f z2Ht7(aEoq+v4gOi+6-_DUWRh33~*2npf1f>M|R%G<>jW(1P+gwg|6)7J)psOC@YF| zl+{b!dVGZl=MBKPCRG7|0%&&{l*PV}kg`>klZro9DS+AMZAOS0in|x=9I`9Wm^8fB zMZpQ+sNR?7jn^o@xn$zsT(V#CZ!Xz7=r@-f4B(Ozg#wf$f&L`-IJBXP90^G4LJV{=K1%|@M z>;%HcZcrNtIcvl&o;{_R#4bGKF#>bK*&bZnSn^@~aS};MCG>dTWF}q#;?dAb{R={0 z(B^Un$MQ1YG*yP_Xua`OK$IjLYjKbNuBfDZj5rY0%~e-1j8S&#E; zI9YvcwWpV>hqH&5OXJp^QWu_XMpmY87h=)TmhQRh9$Z*ig1M~I!!-O6U!<4(Yo$KK z$Y-N|hmr)ch;pAExroiP=UD&bIMXMA#}d?v7|vNI5laPU>D$3dNdz!5@-wZ>Y%MP_ zaD_r|Wf5yXdY>%JSjUdSNEz3I;gsZXk~HLrI8Qrd_3;^==NX&qA?28;St_EP6~5^q zUgA_}PdkD~y&77EXU?26LGE1uLNUub&E(DcGo}E>78crER`Q{vs~B@_W=rN1;4DJ4 zDOcYTjkR%wMasd}9>Y;6JQiffJC`Agr3Cd-Nj;`@Y4n-4k=nPuKuKzVy!?phTgLQM z_OdrC<**16SGP$9FEArILtiJtk&q7(O|Rez!GSxY^f2)XD>>Q!VfSR`ej=y9(i`of zc3TBQ#o!ZC9Zw!}`sDN}isr+H+=}=3+6p{K{Mr{X2`gS%$5-fm+LMDYIof}^l(D8XvCo~ig(3Cn60UyoPNw^=MS?B zEgJABOA2hM;Dhldmi@BzPX?(WXr*-ITw%qw*jJjVgWes2F|U|wVf-+Ia|XQdf8NZ; z`nR$V&hx*DtsPQ&oPMR)JzQl1Mn=B>V(M?^PsQxlSl%(q+(W|_Jj)b@(bcTHF#Zpo zojCrNns^s>;#jM1QBbQq4Wi%+!TcYXcCW#{x!CN&%UP%E zswQ4T=f~}0>*al|rsMES^!GRM`g7<7+;1$+9)7V(IIwLX##fLzp{BNzlx72R0)viC z3bhb*l&cEDxqu4pL1j>kG{ncTU<Vz|( z6dIp(-!6j1mzLQhDcAB>LZKPrmn%mCMcO^R0(+ynHgO8Em(V>qh@sb4YwXd1NyF(2 z_64WEp^45eZxYfF#EyqSIe1V#?mXY`!!XmcX>5h06rEC@qc0e1^HLiA)jw=P8pnf(Lu`m5YKN-C@UUtws;Q9Amus6qgv^O)LoBN6i%`Te{I~~~!H@^np^$eO z)8x$W?l$$b{3vvL*IjJMIgc@EFtH1LPPUqkWywmE8K>)?Gt`#$H!vFuAoe$KIYFqn(oNWuI&sV9RqvF zH|;=fFdt_%UCxwcu-4ZXbQ4S`Le1Ac1Q<~`oXtktFRgX}XN{ky4%@iC*BrkU2Cl7N#;3Qi(0EA1ZPfPpp0*rRCr((fEzY~k0QHP2^L4$xB^Giy`J_)CTN`o zuz#h(q+#!4R5#k+K92^YyJ{WJ;wZE$bP0>T|8V*MzBcxRAS8sP7jtlXySPvY?`5fS=SX^sx|$Fj_)U z*a|~Yi1pq%ZzIXRqC>>L9^xb9ky(#&=%`c@^9PMndXH1Oj#Ju>Q<{$7!Mq)!BCLOZ z*hj9U3SqSA1mEHn%EA+RfZT8NkV@9e3M~ZmgsD)2wOsY6!^#j&;1XG;QHr|dfxXy* zADsY1bg+(EB1QU&U#I zV}GA&hwO57$y%C*n5RlpirnNZpr`gt#ML~A*T(SRy2&k9eEF+T4w7Sh1csd0?K*o5ns?|}P zQIyu`)>5KnPsNS>2ugmfLAOJ>mr_Te+nS_)9He%#k+*5}A=-2fb2(k+;Z@+pyn@{B5%*g+}<}G&fyirY}2< z+s3Vye4zU__-!Ks&vBDo+?u%455VqjZ^rp|W*iKV83!wY<9g4GBLOnw(v2Sy6a6vV zUs+-eTcp~tl02yx%fXSb7MY>oV7W{UG(P~IHE|V8w1iRW)(afpQ75W)v@2`bX;q(m9;w<2RL=N;tr4Q=8Po=SvY=uuiZ@`02e zzgPZn6Uno-!5xgZ^+)axOqQ})GU-Lz~gN`V9C3U5ot##7B{Ht^fchAI%0x$i&g2;x$6QzwCN-^w zrsXE!KPNNsEj^$t(V%g(lIOQ8&AxHM`)%JivZi<0{-b?^Vf{bbH=hwMFknOwRs=Ctepa?nG#0AFzeY)~ ztwrs(oLs6mm5Iq0^5_{7+^_4_FF^+HovgGARKp`8mG6T4%X#{D|Kf+Uyo9CE(~6kj`;plbib?J6aK|>)u)3F%2o10sbI&Bn;nN7%BQs#cFbF+`vqqQ-*zxCs zQ`R*Ee?V7PH#C&9qUFt_hMg*!>|F&Mki}$0SMCNH3^*Wb#DQNks}MGzK^H6k#=mJ1 zR)kGoGyV}4RQLxF{^e22M}06FYb}4sZ$E-8GvKYSzYvFrva60kpR-kK#FT(~+IB;% zoDl(n+neEm57&Ud<9i?F0yNqzW2%%)34?HE4TrE3dmmsw=WuOhiGe*?Z7OSstBK1;VkO-2VC$tN}}J(zA}BD0KWO{P`Qh?R#R< z`<@1=UQ6CED$dSZB2VOu&&H|wPZ>QO{$@Am=)9?qOp_Q0x==g}M0?tuQ_ZSH(UG4^ zLjAF4NOIrSYQA-zNBBIF263nb7fU5g6VD`LF1en9O7i=!)k^9(e-A?5;+rdevX^l9 zYWcN;3unaW&N|P!A~B8;>a4?YLG^4fO{vE%(#w4H1!rTiKWWXAC1#yM4_Wi9pBtiz z&)MCme{L4dOTG)DQwTlGgFNQ?m)sG1kzWq`_wx9Vr#73<>DPPs(yh|*UF^dB#(&M~MV z8Ur`f%_`+grGZ7KQ5r3drEXo}Q5cXRCG(*>Zzvpu7OcdxikAhf^$nf?Q^i%vCub;$ zZE-|ghCC^*Eo-&U zZIVL`J->-_*{@2-4bdLIyhE@?-l6c5qa=P7U`r|)U7$dIaVe_h`MBXfv=WOO0CBRC z03c4Q(+p%YPU&W87ikFZw3U6AmM4Ojkg;o~By%}{9oSS?lNy5&kxX}^qnn5@ivssh zom-Qq7l9gp%E2N=BMmePRE#t)J3IJuXBA)cZ+2EizW;4!6_j6tjmI}FC8pa|ke>}6 zJ!m&52FK_YH%VdAq#dc<6}lJ)3&3|EjVqySh0df^9=_KhRJ)Fub0P2gVGgfxpJ#8i zO4;E)oW92th_s%RV@ELrV@H#OVn<_DAWGoC0jCj_n?xvUQCavE34mfJrT0e|wj=`x zCm_JyDxkX>@KwP<{@vAp-3U(K?Tkf(x_6(z3|zYXv4Sg74-7yfp@#!B()aQxc)=!z zdsoT{dWV1>#Og;NsO!UVi^}#M11Ky4B;cR-;}SM^d)Md%%iRT;DM`9d3YJ6m=Hh9Fo9A`B35_yKv#K>zW3@v+QR}VCPYMY7xoyYvyjY@M` zC)+5*)1#&T9vZ`BY3M7_eIixt(1Ir%G*&4VqO9+87p$zWuUS&1xZ?!SJ3(XbdIu)? zZ+ZtN`CaeO=&-+)0M=Em1N6LqXM8N({!hk7>!<>&Uq2Jeo6m{dMF-*^vS-ZcF$z~N5?B|mZ=|PG) zcGNy1ce4APMq?4<1T8J&+jq$t5Ps%Z7wdB)R}IO5#WyzoOZX>~=={sN5MXokrt0lcLGTm7_uxwdLi9vNISoz(^$ z(s zN!4&&z@pjtdKv&>v7;kNPs@CTzBr^UT+oYhb5K_xA*ZW-y4DZRx(M$O=n&w=^S*17 zD+VI@&-@r>2+tRV|JE3eSuaD+K#{#R(Fe)$8~_iOFgRY28Cyar?KkA zf6;#oli^R@JDAba_B(OUX0*7n&tqF2%maf6+y&;wn^GaGKeBT81_n0>0;iN=II;7Y zQKvdYsFbEWyR&zcnzmdjD#%>bbmwJWOEX;>mH|)?zhKwR_<+HVJqdX>=VDmh2phnv zcfIIgSbPX;J?mpASWKAR_k;J-S%iTp-Ty<_TL#6^h27dokl+y9-Q5Wu+}+*XWpEGf z?(XjHPJmzogIj>$?#`J!?|V*t|GppHy}Nf;PuFzqnx1=KYb}|}fTlj?nkFMeLgu~r zU!m6A|6Zq#SpbH0h|9#@1g1iv{W=Ntg#Xwj03h^ui4(TIz+48&QwXZo?I(mCSogWJ zOG$faC^=3F)_8`b5&z30g8!d9qHfuLc|`hj|K$;JKtl2Un-&9CZQ$VIah;MMOC3f5>mUo$YjfF|b#9Hnm)_!^sK0e`l2trz`W+z?fozPMt8 z!)?!d21d^V<&Wr9@?v_pyZmleZ=SevXH0C6+7Gro2|1XQ;~Q>3y0& zzMbTP@QUQw`+6M%CZH6bN?{AG5m9puN)S>Uz|WdXK+E`D)wF1(=j7MvhH%Ua!)-8j z>i9`t4in2ycX-}#G6cpeH?;7+`n1tPoiy#i?fu&GLV6o7^Q!+`bx?1%A9fLBn7Slp$Rk7pyuX5gc$n0DptjK&mKPt1Z}I!#bu*rzWcM;tyOKhk37=5YV#`ZBJpNN+_M0)>0ZWxb7XJi&#d2+L`Y&C z-B%^kez@dwBtr?hPIvnB2BkRTG$7wRzKcZ#uEKnpi#JSvV{Hgxs0s+Op$ zMZ)*$k-cnDSI9E=>9cNR*+B>y)EbmgmKq-Vt@-Fo#-XVedh9lW7dc3jc9W3!udq45 zVS2xJS9hCP(JBQl`jWDY;*n%>8T2zwl1%@}TRHjkcxjSn&56Ysndx{dqw3wk7C5s@ z11@3CDjgpa-X>#jWY34A7!OJIIsRT0sbP}4-???c(N={?Be(g?`qoO^Yzo$D@=jq5o!#7^2fMc4 z%UjZw3TK;*pPQAXP}wNDabv{m4Aa)Pux@j)$rH!}v*BAP7HVxBh|)WseI|@?FElcX z2dOlk`Q*x{!;LfEv$O~9<2pujx(cgoCy`%2quO`2@}rar+{I$4vbh4JrJ&6SZL)0^ z*U?0Z&di?~HI2OuD2qQmms?h#UORl)xIZw}A-~_%ZJqL;y;VG4gpK--#eC$lzw_F? zwpqUGoxUBpx5;4M{z)kI6y6%D5-g6YG3DniV0nW#lCiBn8E70#G1n!3TAzD8Z@~_> zc;jg9zpU5C-5q7!c)|!}p9A{?K5HJ=H`zbpSgr$`%dbGsEb{o>{>*^fR+$ znsf&7Q@y+f-wHoC?5TF0J!uQ{qLl9-?zG#Uxopy0YtO_z&%tuX&XTKS4s>nSeU(an zQ}P)an$!-LQT9K`{h$IL!ywwfce&D^>7x=^7srgmJ>{fE&ktEyFt;C%Aw}5>Xadt! z63!%1%yL~ypy&3^`#m92ZVMf$Z>6RlAx_~sZMm{-PIAYkxCzDh>^wR$KgNTpE55(( zuK7P5w0V;~h71PFTDj+Es?U=%uogBe?rtUFld6lF@u)3x7J5$2?@XUTnDx^JMhQpS*iDKhp84a58Zc zz7ASfc}eq!3kdFRY$x~*bwx~T?1U{RNitIK?jSYKM-tg4Cg$@4x738ii_{9pHg>X9 zXYg_L(6{vQ@_cu)_|fb87Pi&r_wt;#`TCx>)$_iaOcK`74dcPq!aAHTC zkDiGBaqIQB!(8y3EpSWSSx$&hT)dSAih(p&DpQJKpZ+@;{0FBm|MP)AK@Wd%=qE-m z@tm5Wf53s*tN1r2YAowigM&Db0}>LFpNR85{@V{{aUzPTg}&j#`M$&L!lSG$A7iao z!dMv+PcO3#3aS+1=d5JuLQ{M(eaTcOvf}WEzNd>10cNL0L+(FT{~1tSCeQ{s{Ju`;Q{&9gSH2F&15b~83dbW4{K z(lx4bqV;oXOA`@e^-(K)Xp6eAqE~tC)7H>VSarh)icU$z#!Vrs1Ac#y-h3Z6`OH&H zGUWB{x`M@T+|uh}dP&wMFOdeS?)ZZ{X{3PS{jaH3n45k_T;LbhNW^Sjm4rk|hSpo` zuQiQjvJtdnd^GdbnMRDz^S!mA^-zQj9}1VJiPRW=#mu~o3Tp;at*`6PYxouh%oggU zCfemRCbZ~lDv1h%q@<~`yf;l550!5cYz@!mZLiZA@X|YFwVo6SCD>|iWmO|G#8)a~ zuQ$75d~A5+@7HA;9~Q-+Z2u4U<&MH{Go-1r9u^mM_kS`f)*&Xp#pIp;@?A_^soYXZ z;=X2$gsTMSZ5RcUTWu2F_VQ;d_hH&CFvWxmAH1k_2EO~5p9aeQkZ-OSh9srm_;I6Z zLy$Hl_!nwkt;w1U)NM4<&B=j`-LeX6%~!TE_xEV#qE^TM90<9<-EFtoq7x1l@e8&Z zi7fN?@~l+Rw-jq<)^0ZusU;A}vi~ zRj`r81GAJI)~u9EGoEWZT>eQ(9F4g2hwhDd23{j_MGUG`@;6 z6f%AxsqjZdVlX%r<_yG-d6w#IqyE-uGQL`y3#N=B%VnG_?twh^y#i|0Y z`50>p6if2QPuC{{cOZE^>+|e8`*Yr}NpU!@6d1LN(p2h)R97UkJTQLK*MT1tVQ8IQXI z)4Y>#C`~e63@W1>eNee`(*2DKr7R6js|$4i^U$N>YHN|`u&`s;-xOJj?HbRaJJ*G> zAXnt%4Ta+6ubkSbzbv<>$FuL0m8DBcq142UcV}@h9+9X!z^^=*)JKTWwE1uiw{zj;PDV zFQGJsroh!1T{Gn*+Yu8Io0gMIe*Y`-#{c22KpBW@uW<@mt0*s7lVhk+IQ&hc*;~=$ ztK&lo8LKOA=f z<2Aq66YQotM6K;qFH3!wfrTkTm}FTMO9+zR zH$Fef9~W!NU{GY^f6N}$W z%8IUWSNFZC;`SXvaP#ll3J_k4u24#bZ!6<66^r;Z{YMt@DWnk<46i24Aku#g7??qM zD1(Cf-G;_Lf77GoCMNmrqZ*K=SBJDikhMeW^hId~MmX|%=SDg4(3Ij&a|g42a@BcH zo~~b!QYeS9^qkN+vk_f3V>3(K<{O!v`usNRoID6zarpg&=X#vF^1^i>(8!m6P1Wp! zA@jcJeNt>fxtU6s*K$eGOG1^dX36i13?_61VPNwlSBYq>@JC#2kjkMxjH@)8*0Fw< z>jbHmk&J{8GmY0}5ZZ>tg(tFu4M7Q=w}6BUIAc`&lnhP!db95PIGLw)4M{jOx$t2*Lu+n zJUd@u<8*xsPlne!q%mLc2C&5BACU zt8)8yQZ}5qY%Uyqa^3>BSVXB6E1SOvsf3@0N3Kx-vK2k&&VK%}@l7sAcc^^K>!{S! zUp@-LW&8U&i%zD)ezFd|D?+rqixm@SQU~N()k6Jb3zVtDRy^A;P10``IQd@D27s*S z!Pjbea-d+ym95#3#;Rro8@hc#L-}Sz%_V=#-@_K6qLo4ZVji4vqrSlzvlv~qrS$Vf z8!Pm2(Gatu>1VTzh_!5?*?Gu)CDgP+p1h~zLD^>ofGO0*a&801T4U!#1Y?lenbxK3 zTMJ0LrhJyu$rBNl;pZ|j8&)+?WO->Fiq5^u9zAKR_zk|Eli7D$+q~Y+aB~R~nr?Rk zH!{6-&~}p=dd3R-Bzs*xx|P;*n)eqpl*p+f^XnsGlf;0Rt#W-x=|=874ff)}8c~GJ zkGxbj*&$;3`^*urrUm zY(IrMDm;Li9m-PLnH1^v(@~E&e56%n@)y933r}-ZzX&{=HnC0sseysOfip>(+xbZ! zjk$cfgumfyX=uh7YH{g8_GIY%R_nsL4)GWJmf@^{T0bWTEyNqng+o?zcKzcQT@GYx zY!6ylHzQb%3LBCo(f-(m%kxCp#-533<}W>4+Ige z@TDO=H3VgnV2Cvv*FIZq)tbP)8(YKfrjjDALngR9uCb83re|2rBN?VwkXKz5l&s<| z(xzyMi1?fRcfKT!c9h|BZA=9@;+hfYI^BHO6~)$IcD~xEE`V3sR7-I-=iKd%Zgkt0 zWpmzbG$8Eu?>KTBUdPaID)s)UXrLt{MJ7&Kpgm(qnlRS^(yeu|i+%eKevWR_W33c4 zKj@d<28hglskUfw4T+r8T^mBzBk||-L-#7yF|);T_to@S#T>0L25Zi;=F8~F&Ysy* zNCMwrbD=UCQ0p9huAFYA1Zea!7 zjSTz0D`-e?mlv!D6%^!C~RcFz}(JUE~T-oZL~VoY`#XMdmb>Xk)qjc@@tE zyY`vAijo~|`VeTLw3D~&&D*j<1^|?{$-(nA1Kh#0bV}-6>`G)mv+PN3wSW5Pyi!R) zLm8@VvOZtQwLBwY8%H{(s{F2E=LS$KbIjUSEn3~NxIwI>etN#8)|QT1v;{Ow^5v8QCi47r-Fe3rwyn)%LH(+FCd3-6#Tt&=gY8oB(9n+I@j;$;Wa)n<(n zR`q^ypBFg9Tht{+^XhY@!o~M}XouCzIL+@U&b659HvVD8K5XW3$&ky5x3N(N@KJA> zpH;dq2w24r{$dT^-xZ)eq_$dJycmL`XJRLkvS8SHWui@)_!kgbXLpy5oiv;?g=RC4 z(1L_2$3vOX;o(J@Lr2f<&FrbRx^7=t!mSe`C1#>?V&S6Pf?Pwe_Qee&OFp++r(KLs z=e5Vh(qt`5nd)G(iDt_Bv!TZ68Fzt~y2lZ|JH|k1R_6;GIoqK4!7@B#g1?O;=;IJe zj3$uAqRiZcB0aD@jM7bK)s8oQ zvyMQ*GPB3yMcFpz(izPsf2&@J_yiU3l3Qa}JYmbQ^U|SW+Df?J^M-OE7vk=~L1Dgo z#LPsIjz{y^^OA`V!XVJoyR64UrRS`;%V#lohHZ*swzp=s7f{?{OIAXm*q=h3?|wXi zdpdI>ueGAzIianh)|yq?xQL!&Smcgkd;9jk%YZnM?d^9M&Sx#~VpxRC`CQj89;dK- z$*-{{zqPD>JjyfAnM+}|%f>5l>$_gsD@H(_5Zul6Dl>M5p1V|x|-4xHw+JX5laR~~}51Q+@p zgwv8|DJWc}a4suQI*V_Al*6@t5>~56f>9d)Zxk^QAPQ)gwJDL+28dOmbUuN1Q2(b3 zgAiFy+4}Jm{yoh4L*`G3>I-^leNf2S)kK#Q)i8 z0^c5e@GOPdxXsKGMM;X;wP%a;m4Vk`8tQXNupdoQVl?7dx0Y z<;5kYl3j_!S>aN0vWMpH`zr)pOKu9so=ivx4slVe}9ZY(x&}hYS zj9}kUw6<3O%{^!;lnS&sjZ7B*%*@(3iuY+0X>~*RCwe+UT&A+AaBTs@hz!MNUn6N?zIPtLsn$X*_l25ko2^1vMDy zwU+S}=(dDB;0JZE#Dgv|gWHI^q5jwr{@3Jw%tgDa}Y-OMHGD9-QVtZX; zghb>~@VFlM8~|}b#=qeHeA)Kw&*?<#XjP_(!tmG`v)eFC51&DKW%<6pEOjoT$O)J;Ka!koZy2EC2 zIy>ySj5ukDO2`kdbFC+TJ!Sd-aNV8OC!%#7u17n%QWtgV#=)2>u|s|3LvdNu;ygka zphCPKrck_J&@CH8m84(^7;$k!FeJBkWD?)ehl?)$9GCzp-e}m_FNrB^NY2*ekey)2 z!Czyvd8xq8rc*B;b5Tm#!dr+GZ@FSP^-2u-a>~#$cZZ1BV1etuX4k_ErgimB<7M8J zAZw@N$-bPxI~ms73v2(cS|`s{>ryr6MY%uZ4z5<_tJu{j;`K-%-`vk@LntynqT7Q& zk*6(A&n?WSO~>2^pV#T#;XhB=L~$bf=P%b>d=5ibEq=M7`xYXeD+C&0Pm!b5io9n7 z`MoxME3=-NYe73KoMNErk@mc;|LELvfs19m@kg@(BJc2aqLI!Plg&)Y%bP0ot|6wvP9&-7?tftwDbBCzRfjIrYaC$P zp7@lbbj(S%9sKNx&P3gxP#;k-6yvUHonYG}iQjYX;8-{kXGo`y!r1z@3F2B!<7oaSw!K-VaD+Z(cQ(AAvj3y&W zQgeMb+4imJ26WUf2K#{0=F1^t(umb}XCuft(#ut!uWQx!e}`wKFV`*asJn%rpt02q zOT1L7ur;=E5a{cD$>6JPEdwpMTKi{@odv|P`e8~iBCh)N7zU6U`vTe!p*c12CcAc@ ztZT9dDn~_5&0Q9spy__#9t@1W_Iaq+50n0JlE!O|Qmej0N&ig`N%=Fl-_)F*h_D?V z-<&w?Dt)?~AA3l!x^S=~84fwGX>OAFIAwkvK@a(SpBv_Uf7@Oka$p00eTuCfZnr?I zx+~WJtoDY}L#p|G0&s+`ufBI*Uo<0&#?#Dt$IEa|gcx_pR8v!E>A_%`Q_!%`T%xvq zQ0#@k4o$MSBIz%EgJE7s`;>J{6|jY~B>8<`OPuWK=QJ%?qk*?dKBTxtbfltYuJ+sX z-Uug`fHs{$5#=`~1B^L5Ib@RbVUDQr@vL)Ulf1|*jD zoxx)>9jt@Lo!8f)tC&q(+P$a*>ehT{OV2%U^^~ZQhR!1u96eH6VzAE7v5A~>Sz4M~ zQL#PI6qgsU2p>d4gN;L_+Fy%$=-<=b`8XqZVe{vG^-V-7`2cI*z?;boEG-c-*(n?3 zva~x`?Dhb-tEjUK|ZU#AXpZQpAU3t^9;Q5M@&FlBE^vyXaWZIJIsM2vkF9^L6l6FZODfT`(A;pxDj4gNoW ziGLC?yssE>?f<<)u=|pCNr{{=>DBl4w#s~1HK3ss%n`~vFdJ*$TS>S_`u0T*uXO*;(yLA%mK|l(79Y)l{GhfGgcrq?82X` z#`QCJ|kEAH2kUncii}2H?qBL{U`!KoJ`zb=eNTqN; zwdZ@*IObKq!ySPPbY&9BAqQj+CkbQ^>7OTVM;Na+xS#qe*N;)gNiUOywszvR%WmoCS2{m07eu5b~~7+*(iG+pq;B0s~G z(XWl}H`(rHeIQ{B!5Q7yFb8@a5FRbYOnrjrM+|lZ`f6~z^7{$(t`}j5LQ;ghgeT$9`OFDZt>$KNG68jwX z%N{Xt83#6oEFwn_7eY$+T`G_qIuToP2Z0Yw>i0N5!;Z3BStvb4c-r}$y>@@RAf;VS7lt!Q?1X!F<^zd{ygcn%@p%=!OJcPIQCEn}Er&ks-3sEI%B zOYE*p#K%DS1ZAu->57 zvr{EN=4Q-=ScU7*MZH)Ha2FgG5&cR^*Yf)+Q^o4)X7FM1{||UrIe4}r??6Tbi{?Q$ z-P_!`ZJ$gMU*37b`1m4yF~|$C*f}9hAt1?vALIi7l3#-3q`oW>>BO9Bl!O*1C(Wmu zCrS}DmTNevPQWGynLRjqy19Dw#?F^5x=4ZbN@8(a1upy+SX+6yC+vnjjR1<^Lfv{i z*FGfI9xrTDCq@k-_o_Yyzw#_V7ULpAr$$(pdfrUUvD41wxvGEe&;EouJd6wB5zLTd zorBR6e(KC9*zBX?_Aw0!B4mNwSCaVEAJz~Rh{bN7A(gA7&J=<$u~P_yY#-hr^#bO3 zT{!O7?re?a#ahV<5-!B`KI}Q%XUfwzH-DK_hBudamNuf&ko#&}E-ZSn-dZtKWzLfS zfk;yep^!w9wb6E0nE9#WEdw^`SkjuZvWEvZHdJYXa9W z-tl9VQyEOmWg382PTHJFe@RXf7oxd)j{Sr>28Cg~r8O}|?FL76u%tb$6dm+qkeosC zOIezIx8GuCMo`VCW7nEkOb%%Xs&bxUB=~0^3p1Y55TUpy2&p3%BdAGn(AWcCVXqlL zeeFeY24ZrBK6bQ%H-|%Xk8+;9l>3Z;HY$8@C|C@Q0x^w~{VdnKc{bX0f6DEw(JafC z)&h#sFk{YkA+p&qJtgm-F@%Q+${}2ghoCq5{X)t$C**j#KQC^~U!KANmL9+t| zONu3y<5~wmRgne4jq&_Rgdz5Qi}O&jSd87~r6__a$^D@{p^Q~i40dgV$~;V@ zrrTdt9H5{}k;+ff{0f@*oNq-WjyHC))0_Fo%4m4}26i2h0+B}el27!t+Kz(o3l1$ot; z)p&4{e34xlQIb5W*|IjQmZKq?shKI4=X#ycOBiz9&5!w4VR73FF}hlwqD(Y-*cxvl zj91lr(gCUm4PXh4E7e#H4E>{EsOn&klinyTN#UajDX2L21(-kVzUq)tGvBo~>~gqn zr|-l1D|?{6WF}Um$TY@($(ilWxAxw7$lN+VBykTg6IO2gG)FKjOrw~HDRHIRU?db5 z-C^}>iGYc4Vx$^4#%J^`X}YkaH?!RW#N8mHbvts9JUYl4*bVk-(BU;2Wov&vf1K*; zeZqR2%<3Do*N;WRJnN9ctZF`%dQq2ar8tPdW}&?h?`{{&{>9Ese@=Qg`zhFOCdBZ` ziqeWjPt-@}&^2x#ed4P$Tl|rb zA(GT=_if6sNFZc*TXur4yEEOcCUNqFDFh+lf!2!%MQl*U7 zQEc}SE#{O_VfUaS$fFK>BO=_!W?(fyl6UOZLC4GrICC=_v7+)tN<}8$)dn6){atO zc;u*lrChK|ZnE1G%Q|i{jnL`V@rP>P+t^v5r$eUrCmSAHzy324aIOTK%}zb8I{viW zAC%5{ACobffvCfI~z|gfx-Oj>hW#1D_Uo;ubShX@{1QdLQ$d?tGeJKO_NfmXgs6rs-0d%EO;k4mIu;I$vd*Wa9O{^)J5H~9{ zNv%=kMAx&-R%md68xb>FcQ(9{hQYASsy`e)_dr^PSxZiiD`NR(w+~52 zlrdRf+c)-DN_>>Ih*>&9eFihSG7NZ8WyETkX4iTapRAkPqSPhoYeNt8nM)rX-AlYq z-{7xsszj_twr#P@DsHuOA094AQ(G9zy=>n^kpr5vj7$5FS`&pAKhOsyV?IR1s>qwN z;~e1;rHB<&8ERC`k;}(C`Q7g&*(Tf#UKjlgqRbv{ZYLNRNydblKdfmJ#~WuIhXeF` z&_G3R%!0OJS%tYlNTtld6QE_O_PJ#DaF%Gt5GbJaxQoh3~!(sC;p-Py6yGca>st zl%0Sz2mQRjM~FoIOn_{pclJr+kfxXFdK%3XLfqV-4`mb;fq2vU4-XUU9Nt515iG~o zt771D28TW?+OJ*Jz`r8zws@V~GBwJier+!|bD+8d2_nH$tr!Zb4AffL*DTvwV+r<` zAu9ptN=B#2w<2;jt!y>F1HXA)e5El4&D1m?P}oIvEE3EFC2q`nKvH$9Mty8t+zP|v zrYVIfDJqe;hx#21!^ps;{Q4m#>iiHPM;~4$n>hB+FYXFi=eP8Dl%fv;;@kvPQDkIU z^$v>VcU#A@1|eJ9<8nO=Kz>ymQ5d~rJQWeTkorcYO3!t8yr#dVwGsLWoVy4&tB%AS zv};Y|t-7_^M?`mu+GhX7pWx#2^)V zUgEFD!fD1GWmPPLl^a|5O=c}>UP^r{i?#l0!dC@_@aBPJ-w#j^$zr5O9%!{oS@vXj z1hThu-=3~_ZeJ-C<9`Tgqfkrs9L=B56{d%}@K459{ zMAUdRQydVqYR)3etBXay3`jbMI>fegC9soaP46iUG)NuIVXV#Fd^UqR~<&9Dvvie)P}{>f*{ zw)hrybi?V8`>`CcI1u8sui0O8*=`9y(sByIj(yaEdC^X<1yF6SzJ>3CYC(?Nx=)njSB#^!{{)%K5 z26%_9nuA}D+%yZ$y~?|KVS4vFPo}o0Llu7#}~$MJNCy_y|t`Mq8qd@Mhm*xhhVwL}Z`UVSpo-~p2C zvhXj_&3>TQ7&5*5ByU77g2lSNZG5(v-d*vp=}Cea$LUPw`E8%#+Y~7Tu2ORd5%Q${ zP5cFW&jag0ou16YicHR+EJpO8(>tRv&(+hI{aL}<`2dsm6Vx%s!<$-oF5&)bLxxUk3nThIq~d4 zW{h%Z!mj-mrR201w{RtC6@5OnkK(7`Qt1kAltiq(+;a`I^rcGw3@ja)bpN%(!9})o zK5pX`y*6NgyM)e9T3s>!^o@#~-PEOPUw~r^sd1q>WGJ+Vh(7bPC8t_s)ba`>L&Qol ztp2t@x~T$II2yt;Yi3BjEO2CwY;x<$^0f7bs`KZl?&OY$9GQq_tS=FM&*?4&9Jbzi z<}fdK*`u@JdM{gBue9MPBJxZpAXtgk9S2Zw4g4MWbVan@Pi5oo`MuxwY- z%5?z%>d1r;VC9heWDcx^)E9a-TWQ34SLg!zH!{X$@sC6lk`0SvHR)@qE+#VEd0VC6 zqMv!7bdKp!p4>YT&X#1t9Uvqx_FTWishsBlNUE8!A~Z>Vl0K!jRAsz{*!t%4WEAw!)DqtU~$0Ux>b(gxT zMr#Ue*%3NnRT{@ap_DhJPE}@Vr>a3Blm+w5!jmtU(5+t_0S$*ky+`k3hYr+_o=Q>P zWWHL9H(%i8($QTX{B-|L*jBXUZ4K}uoZ@LXR*dU?g=~%ZF@jCr7U78IRu?NHT*lsz zNSmI`RAY72h+ittz!Z?RP#eqqa4%s)A-<6tjFxnx4rX#g0)l-D9Sh<8iaA3$?ahUl z045KcQp_f58lt<7vxuA75pYD5t{K+Z@@(~5lPi?)dwPDQD-E`* zXig=$+6O02m*SA8q@HJIM@llY6WyYwrx5{;);Sk;3g<*ckKvc)9l-#mrLBo+LN>f7 zgOvL>W1@i_AYyr}nrLG1Xg@G{G+L5^IDI;-*seMpu2OI~g+4Q$Uf%MvdoTrm>>~G2 zSh3gyt6d56xuqSf(nlnz{^6d|H~=B#t>WRHrhT@$uA!|--xHgP@0mRRH@S?ho%y>I zJRhu{_A6-M(njg+KnM_owD5c9vh7ac8968Ole~3F9Q!pb;Qmj7IEK?VuQdQ=q&m9n zK4!fi9TO1c;DKc}FSGTwEB-v)$^BU4U09BViBg9pcr5xU0EZ#&*>EQ{B(Se2Tvf^Z{KVFHQve2R z&8?Q$^IlaesFa+VdVcSiFMYu~c0Bx)?Tz z(V)~NHsVwU*LE;Wg3`_~yYNfh-8t?TXwh*Z6|e6F9QZ+dOsX@NfR)!Y%E3O zqj>d;PskbCL%$9kP9RIm0XFz-1>xem3094FKX2bU7t?wEg(6C709xCr1=#Zf5bG9P z>(Eyey>EY>Ta%_P4P||;n_o#E!t-r?eI90P$N^czL7XR^h?t^9z-4Bw*^TMlY~=9H z?VnT?5@p(P3L+c@a6qFaof>LDiFzkLW@f8J_tLtt7Lx&KL4m9Zt< zl+Waw)bf@Ug4r}1o?R)9nkXdytiXWmDjX$XKa&SO@n%`=4cMakd*X8P3MomXgqhQ5 zx^hK0m(bRwYUJghU@LFK553Qssq9_7qX>y!bi{8)!cV3a9tiV!9p$_42un<6W?sa) zjBXxoT)px~zVbypkc51H-3`_m(Mi`{0{kl&vnY8wYc6TQ2GET#eL&wVpZjtd&LIWcm>_^9?4T2(egW90IQ3I5}C_=A+umI!k$aed`^L0{taCdrt{C2%V+}9&9(4k6j1p%fvc3FCK`p3^6zrL?00_9abZk{CTK1!s2JVFPfa6 z5FOR&MMTq}ov_?N$i%_eQS_FXSl9f<-a`k!D#vsk1XT6E@yo$2PL*T3k)S0radKlM z(up1Nb@Q*(hzTwyHWmhipgsR8W`;1h_9z>TC4GE=ilE+WHq^ZeXH8=9|79q9p+$-B z_EHMaDemEuRRtW1JA!BzjOUj~^$l!ZDkdYZ8K2pwjBZ=gH+?|nU798xuQFX+zYLAq ze%}U}WX4mW#dwdg+M&}7Z(0H#G!95T<~$sZQf7LOAr&oBarwJ7{pZbF|aKI-`o7(3J0dQ`R}FK zGti63>AYN~#J?`H2T-90Pv0oO;I}mKixmxEYTWY1Rw@)U#c6!Mtk&BIFm?6h<=+FFNvzZ}`RUVs302#yu!AU2*CS!oB{v)u+!d06uZ)m3@8zakE)pkTG zkloqqQlb0EtbPSb?A|WFf2ug&cra<2ci*K?pfS3{tTMJyaVcD`Dj!k_fWUIQl%AXSrX3sbNHbs+4^YV5NM1Og;SFI_uro1jaxeLv_Ik#gneu1odAstiM zxTs@{(^1v<`1945Cyt8!*%jn4Kc=h_UB1FONOM$eN7cD>!U1(6p?-bbLr5oWzI^tX z330(sR8Y9SMBk@lw&m=eeLi`8L7PKR3dvLW*j(-*3R&VpwJQiH&Dvq%tQ;%xO#vCC z#PQ*feR*Xh9b6oOs!soxFMNTXzKf{jYI6{2+3vd?mxb*DlVX*72!$<|K7rZ-HG7#r z?FBV4EQ5IDc}l*LDf*vzg1woMN1KKR!Xk+m!p*ZM3ytfkLY$^Bg~ctRDz0_|Mcn-; zu}JEy%K@Z^zUL=>-%4)etB%?|2Va(6bp^86usDF;J18b4N#aSh;awHk;21O5GyB7} zr&r}xz=&Kr`44c$68w$dQo!O}$JI_sb|eNmQ|yvY6CE=^)lDHEpFsFJHIh%Jo04-E zz#_wTv;PI#ECAfcQe}*?WptQ z^4mu4zaXD7Of$2WxW`rYw<8zQ;$O&e(C-S&U3xA!;}EtTsWm+~=AvKudNEOKr^^aW z)opepr-%FyliSouNFFs{zQf1#uC#g9`a`3ma&6IHBm|>u_s4=t<}dyz;Yi10^+=08 zpM$@%Z=GfZQ{U|b-L)*eNrlMHj$eXAZ=KOjf9cios8{YwgVe^UV`7xbq@CwI4c*NW z`EcagQUaG_{7OWpOB1Zn{sdtxBueW$%3MUTPNILV!?U#-7oDxvF(a!H6G=DqQ!yE+SrEx+$Nu{X%%nd~YTY{Z$H zmOQK^DsYe!(Qh@)xvd-4zhiY`kUk%$47h$=0a_+mr+&*}Lt&{t^ra^ZYduKlDFG>M=@_}_2# za67N9V!eI%!7Y#j$VZNIaW2TYoc`LTwVIDAc@ok}ndBv(!gfE=51`XjVv6?H+R9qmJtt`7x{JgH&J6->F6mS07`G=k!65TikfPRF< zQ|Mj%{MXixnI{*2m#YEf2JND`-kE6$`t65M#Pqt~xRz4p>u|qM<(q&oa&8-L${4>~ zZe+Q()ew@QE)XIIvXe&sI{fmj^V2a1yy`EIci^TZXwvj_;oI@h0# zH~H@nU!2G6?6z8~wIF|Bwz2;BG^_l}6>ewfhl2T@)zs5-aTHA?$0jYTsD-?e@QC9d z*77IS)g5U%EClv?m4vb?>XOt5{Bq8{pSiX2FT0qdXP}NVd`#%*h|TQhE6`KJ5h87l zZZ49ygD}n83h3ymiGW@~)@o^#VWH-bPc3FC{f`_UhN%0x0b;8u``q4#~qXVW~q?L1%megUrhi>d#%hBx4| zPF*0tol_S7orvuLZr_8Cy7u(UATA$3FMzL+{{lYnf0%j)AjyJee|u~jJGO1xv$Mk; z+qP}nw(Xf6+qP}n|9CO+-QC{TJ#d z>&e${^E$9C`~v@{xSf@i-6O=MS7jB=}7%hFkjUdVh8_6c#rzn zOh8LZk9a7Hp$h8rmnFaa=Ou+u*I*33VViuypY0pQUyeEQ`D~-#sV;^9^$L#OZ{rG$~)gYYLy+mC1QrzkfYt8KuiA#G6G}4UqKz zNy|TSFFvC+RB{N3KTs6RR<|S3v~1gYKPt_DeyMuu2nEm0eFS{IHLohI?9H`bkM24=Gy&=$ixpM=}R zK_jlX_z2oo$VsP*JvCxcvRS2MZa9REEbn3TLA5ecBx$2kmmUIBV0+4^=U47e(2Ibh z9zODBr=VqcJWs2`RjqkMk?r9BjUt&zld!=0_sNhr+XiSQPE56 z`{Q>8!z-xgmy!{QgoN%-x9i^*#)z0bWLtfPz*Q2*K?e^=9QG;WVCNcCnp*ciAcjRQ zx*_jAikRVi&MB6c;jbJ*gU=Bggoc)s=OhQr(y+XlE8ccuM$^r6ZFk>r%!07Dr93mc9}JKD1CXk#OTP14QYZ{`g5h=6vH|DkLtcj4A8>pVTuJQD>H` zyvQA zcgx2!rW9**+T}S(lN=3T7hf6!qAAm3DC3iI6H=}41=fEu>kH^itUo$IHgI4k;FGZ|-V# zcdRw4P5DE@&TSOks%7#l9BHt&I?r$J^-ww*=on)CZp(?gzrH(4bn$@;Ir+GLPL2fVf86iSx7I#I`ZWv!u_$&4!1x23qN3 zY1;~fY319*OOczyIArrRP&tO*U9$s$KIoaMVZ8xaci3eV808?>Iul6=WMz16v&mh! zG(`jTrENXStyLd6BFzeIFm_y22=X0NYc>EsrXshfy4jELL>@eKhUYw6+L*A`#%6CI zj5yD2;n%0`0KX>jG&e(mL`<4_j3x&Y z=7-6XDIAasi+f67VoEgz84i`0I%SOBTG>sV4G`YC1|DV!Sp|Y6HN#|0VfD^QX%PHA z4Inwt3Z3#RW&DjR8sOg8C?*wL^K=QIj4ru&{gHQd zoSM&7W;FPZm=#h)BM;0nJWX~kES~5jYeAL|?;}!)J&ONDUX_@i%S^A;E0EM!*n;LG zke2l1mPUv}GHz$BjRT^lq;i-0zQmNmH!n(ss>O!A-u2HFdisPA7?Y%Fy{PY;HWC5;yDL?l$Bc2 zLl;{T>yrHJHkA{fKfM0~mSFzSFNsE|o{)vVs{5keO5+tT_qa5;K90{YSn9?sGC}le zem-sCz4*r4Z)OkH{ix{4+=8P#9mK3k^ObG|Qyr(WsmCYjixcpf#<{>dyqVVckW!S+ zk_?!*a+XlD%+gFU>5@4y1}>SVz)4R!Fpf^HVw$Ept<5w@iYRHARpl`OD~Jd-#UaGY z)5m%wgYX|M8TFI21#>aLHt7~k$`4ueSo!Oy1t~$$D#2 zW{dE&>}D*q+klpfi<h&tVxwZ%FN($>Dblphp^yK<=gzmj0cBQ_x7kv zqU$X6^h47I;)h+e1KScx`BQDXLk z>PV3hwgK&`qkDA6D)4O8#UirRRrxSj+g#2z`we~f!}ov+RY(EfU_2Oy`$d6P|dQx3#x0Iub9S<^xZwwXunCF6E5KU>Fs| z4CA@wSN5%eKSeX08%bN4tIQ&NaHsIOJvMRJ^=6na>%?l0O{^kISthAszD$@6;1lo1 zTSrojkZl>((lmiP&~lD7Xsb1=R#Zn%dX1r7fP&5u42zC3&!{Y8B>iH?h6X}h=o;z+ zvWujW`=-Dj`mpY6l)+Qx250n*g*=^#?5>trONL!oq92?buwYiLNwN`u|>Ne8`^^1z_ zitKOaLltTutLEs-#bwlV=}%lu(DW;(WFhLRTYq@{fG{9bRFD&Dmj(#8ptl0jRNkM1YkX7u{Kfa@;% zutDGa-lx{@l;C;d6jV;-wZP&+zYraT9(uEhNVZtzOjWex1M+IDnM2zguDx92C&e&@ z@9Al8zg2^@Z4Yn0XLP!OcjfH)#DWjaY8waqFb@Q;JJ zl;gl1dc6#nA#BWD6tL$rw%%5H0AZ%RoJ03tVr>+dw#Y#)Bo-+p%6mAf@TSSBE8#>k zHM6613`)6XWLI^ry!(!`>qtm|C3xTU0?hwJ4ePm`0UxVssM}5NV)uCn z^yPm|Gv~h=?>oT;2K=`FvDJ^ybC~1HNXQm}kA45_8Nj582VBbBdO!$Xz{r0sd&X7~ zV;vLG%Jcu?Z8b9Bo8|sbK*66+h^E{yyQ(BtkjCL_J;;c#XgGKjJ<}zxX=%NP**o#s zAV@~XsyfYumT#((Sm3h3;ciz}OBQ=z;3bUsy?}q;w#jfvsd(7p1K_mHf|;zkNmi7{lU3|Jq^tfw z76##-nLucsT@zd`eN&y1i{3uh2MnA*+Qt2{Cg33Mu&f_jp48ycuImff!df?kW@+Wd zb5CpGm+5PMjiD05y!tP^0_|vN(%eh2onlX> zxNGjthWlv)3N*YOC6ROV%ovD4Tb0%42&V5BOM3NWGBk5;N`^@dY64R|BMky=!G{;? zeBr0CFcWpw=>$WqY2YE`$(#GQO%CJ+``BT@$HXafVj#5_?9p|RRk#Qkv5b2p_bj;- zgcMFNZ3SGU?7uszxMYJ1DFLQ;D?5MUEclqoX@ zZ?c{7;CDiu)MDC9!irYfCP0zUTV@k2Hnp)1~-K;+A&=nLB>jM@nO)-Wi5ZMsRn*fImvTdk3YVylI!o= z%D?D@b+o@gVUNs)8s3;Xmk|Ssaj(P&| zLM$pl7pml(UUKDSyDmLqJ#^0DvE1{B*F=mtNJ98qPRVmbdYQUhkFFfk*Ps2W3CS;) z3rrusm_n|+)PA>)IZx{HZuGT!gxSALLO?JktiW}c`oXW&vmZr-zyx?=K-sHWrx6#7 z2vV3NS`8fTRt9F*k!nRNVmLAVT{pcfsA|PK#>d6R^pQyP(cdvJkM^od3Zx0Jk!YQ- z>BS!8E9uzT`(jhs%JND~p#uulbV5D);LkpEG*I%tOH|kydW=tihI$A$^ z+1B+L<#1u951sfYGwy3z4a|1S?Alv(OHp{(m`8m|G+J$$$(H8Fk3!GK?*C7VVgRrl zCy!q7N2pm<>#|4@S^RX663c*}ug?`~!I4e!tEhXjZ&YmpDln2lM@~453P?rmoxFm! zJj{%}fD8v#R~==&wD%oK=GzXrzWRy@xz8#Qv2X1Ayco(_)){-+wm5EB-f8j1(@fG` z5Ccc}*NsDAG&>wV^IpdXyNTuaQTCY!@s5puZ~u30gE8jI@HVb&*z2 z+d+8xYi@1qD6e8oBr-yk9IU={i*<{NEvAhihmRz5bsCtQ=jK?k_2S{Z2CKL0SF3pK z4Gc`m&Hfz5MbB!&Hsk2YF*Y4b7<=2`S-g5NG%ClxBw`LD2zQcWQlV^3a+H$M8^j)- zc0aRHl1Li;69p=@C(d7{vzsEgu)4PquK0PYg^oB1D-e{z3@%bKK4!Yu9gMtV4(~P(JiWnsV0D3Ao3ru2 zV<&r88{R={QZ`*d%W?+g3Z;w(Q`0yfZ`5TvpXXm>=E{e)BIU;GD0a)XH-1^{l1%4$ z$DAG9cgt2Ryo>?{m4}yEv#fM|eVffB(LuZ#Xxq8a3arZYc4_{Xpm5(yA2N?s&8^#( z(c|rIu=r!OqZ8F#M4)g*7iF!c^W*%Y=@PT#Nh+Rlyj9EZL*d*FW*BNv3^-x$_-lKZ(!bILr-zc$U2s4<7wwg2Y zK0(K>Yhxh>mvJJ?al^fMR{4f{meQ0zY62cwgX)C!sULbJ77I|9Adf}S6IeAS^BX^L zW^**Ga1n3^GoC$dvn(0*iU9^qvMJh!P4G9p7*fui(cLtb_@MIbHgi&Z8n3lOp@oTyar^7drmye|4=|~TfMDO|Dx-` zBI`E9)4;@|dFbk+JWq+nE74|EZu`Wb8FeRWb61FaFT zDLQNq?0RbGM%}RNIy!VX=iZgsy1hO$^-<1JrbT`eC;v6Vj;b*Hn1kO9P9R9Jamr$y z-Fzg3EVXLXO?U(0L}Cc23RHf}iHWQtuRmiyGte%3jq%8qkHod7>{%zeY0RwQQscxW zHN2hSH?#Z_p)OBqIXBdft%duY1kG{DPv=Dlt+9#YuvXDb)S2cmn3)Z6Ff!3Sv>mD| zZQCosq;JErN-YGE(G1-c!9mf{a`%C;Q5}Kx!2UFla0Vn+ z-|ltgU5bzdcsYg+A9+RrtODJJ;u=c&jFn(TMuLo)(@|9qM-|wrZ%x=dmOFtKb@!*q z1`!W~@$_SYN`x2Cpq6@qC6O)qIC_n7yZg@MU!Ls64ia$Sfm;akslr_nh5p z6(Ho1dbI+Fv!NmL8vRbtSk2k$md#j9;`4(P<*wsW7xK(kF=(jk!8us0k4zCv>b*w* zt)|8b_Nf|izj%&*Ux0lZKp37d#~TP!SpP|U>8QxhnT6b~!nA?L!^4FaQH>-kqD$d& z-bKV-$irG?Jg?zdvz4+?cZJH^+)S{px!}K8Vw5zk5;^epbJU|)JfN|J(0xllK?3q~ z-Di5en}-pS0{n-OnLz8?Ej<}NGpSJ z)_aebpQGgv7VMW60a=UKOi_G1Y>Jw+WOH4EH*KA%b~Q7A;1YUQnDHmf`KgiNB^+oN z@$;{?&&5^G!*s6JY+`H;cyYEK8l1+VPQC)8 zPeB(f<}yVrRch_$^SGQaXK%B3uWRpL>)>r8V$x^rhmRSLpU|*4m>cJ&kXx`6o-s@^ z4QS;j$FGjFeTTX@E%1)?dup?hC{bax?=6M%yam=v|>vldQ>32~JI@I;g}|7n$E!>HhMi@Ar(JayB1EF{?-e*Aru8 zl%?u?6fdl1dcsPHEfo6m2U3yo%(*rv`#wG0Le$gYO22t+J-AmEO6P&J2zNo82M)m> zWEw-WiW>Mzj+J%N;tctK#`j-cRj8V5hQe3aWwya5J&h)P&`-AZB#t6q;S`NWR^aG7 z3KV21fBw}(n)Lyd9(FA{*Avf7Ku|k1HO8y}*n)5S@4d^frJTS^F3E#6$2gCL+^|4K zdq>^tyX6d%^#IkC_&XBj3w%C>EvWRAt&lWnhD@#bhC_N4 z)S0f09j{k^Po|}TtKI3oZj`# zL2~KpdcU32FocN2AHCoTU4nOm2x#2^8cD^)TIgq}c~%or!0JGX#o)OS#sC}e9O>Hh zno>=_N?3CJUZg&ZGVnRZrm4R>P;P05<>I1smte^rH@V6!Od^t5-`8vo@j=KYIE>e0v2w=^!L48+nw(35nuezN2*VF8#>k@NCr_j)I679*)>lr z;Ln8!Zwe`5n*1w7KYhR%pW>P6F9F!}nje}1(YLnFP>fHWsD;&iT5mN8H$S8lT6Ot7 zft@t%v#BCWeyt^>KoF!wIA5#f2v3&>2ZfXYQ&Nuf&OV!Zu(&3(lh~run}als(I=&m z_pGek_SJOAv}-IE=Gg5a2|#V<52pRoObLDZnpXJTnp&u$>&_jz*_`{o+p=Ow>4b+! z0-5Au&Q_Ue$F!+O<3EY$GAX#lCIwBjMC%jIez|YHd!f-pRzA@kbx+VHl{hMTD^WuX zOCML#4|rMZTFJUg=HlYW^^8hPylG(fAm@eq!<6(EWi^oeB<@nxF*p3g@=d#eS6huTQjZuGZ^dhCZznv_I;5$K(Km| zON`6K{r>*)XP{H+9Z%RH@6K@l=r>*>eGhRq4ET`nO#a-yzb~~5>B6!voHH7}qT%X@Hx-p4e-tq8 z#db5UWgQZXgJA!a$bx3`aoVbn(ZXfQiFPuHJhS!TJTViRB}WF+Sq1!u0k+?xNpW&H zD?aMb!%&eXSI}q{p8zuR;E}^BE?J?K#5|8o8KYLMU4z?K*NwzYjZag>y7VjPYil7G z=dq=n>nH-D;2WjYQ7gqWqqvTLSU=wAI^n5AfBSO8!3`}t|8cSe+Yd5+K zF;-P1OPhwwNJ+uxlT5*Xt7&X)j`LP9(9*&C{5wu-SWJxFV{(X2!`wb@4QDM)&$eWx zW1K4M+EEYrdtR?XfPZdjYI)(i^W`>B56ak1M(rGHVK)|6{l;FUu@1QZX9_Y*yPtevstZH zTtc}p%uq%%_otsi?+jyFYvq5#8r4naRgy?u zn<>vuV(`+GIUKuYTZ~?>Ft;@wWuZC0QPhPY%2SX;j+i||<#XNh4&B;XFLd0i&`SdD zi)E;4g?7jMT0Ap%zW**RrSgHx$yLRkcrHTESNZqB;@6QJGblQ zQR*FI>La!>G!7ML)2OI;U; zaf-!@hqt?LeRCnkjp}F<c9Yk)AxDr|Swq*X;3Va4s#jCl9BHGvI@8~QUQ zLL3oE;X`IFcxtqdesfVUERQo7eTMMqGH0BTK@37skqa~`3LE6t^$a?(>1Dy?#$V^_ zud#cz#5t~XMj#!+?|g(jZHpLzK3|@nf8v&iAdu|F9%inn(W98RnLrYO)0{M1mP489 z;`V8zD8kE|7z)RG9o>k_fun&Z5rN4}vS#MfAru{4dP#p1(XhN?XJc0{7l1r&lwX{r zpIxWxhqq;;fg1q{WeCTpP-P5dn!uII*`UFj6K3TjTEV|LclNAGE~(@wC$d z0rKxS2!_f{nB|*AMoL9ezi?`|K)TET^%fe2*N%Eri=`>A7_8>zkFuT7-2gToIc9P{ z7C)}))bPHLAtJ}R+Yc}HvnhveG{GBX>389F4ANgL^p7s=x9Z{nzm(D4-7v$Wux!U8 z;pfV*>u>}bJOX8I?jk2#j6jULgfQyd`iAK%%BN!w2}{xzbF29^*{y2Pp@8_*k|%+m zv)?~=rK2rgM2FZc%rk3aABny?KCUq4rA%_0JbGv-^aX9R>>GB_)uEDMs^j(Noq?gz zn$@#lCJ19Oza?m6GlB4~q;*uW4YNl(uFY}or!e82fD^by*=)NbsuAV0)M1C~W%|_X zMI)U4-MWVFa2a><_qFt4@%gm{M-w5#NkC#ep9qL2D*qaYET!V<)Q(S}pVx%Pcvs_JjY&D<7ev`S*% z!8Hslf5tZ2PG*YAMZ${h8#Wc|=Q_g9Usr(~sH4@qYpe-h-?Ba}{ArM(^Q=AiBadcPGZ4&d=&0V{Od!4cAI2Ay z{yFi1#g;e`eg|SWxq@1qJFrAgnh(-eN+k~+_*Gk_!N=!MQq&RS$pJUpC|oA=C&>b| zMppL3NWXoXIbx~DQe<3`G95NyRvk|bI=dIb5Z2~7R!9$}dB0?zH2oCbAL#6HO(7Gj zzF>z+p2g}7;@f+>Bm2{m!vf&{5WXnt1eQEY2gpi+xDYMim5J|D2r_*xlTE&XcIXH+ zz@YN#;%ZpYJSQMg#Kqhh+dE%NJWyr#*WDMJRFp5`iAS?+9WTXC{GPh&+o>%8kN1DQ zD{u3?#+PDe_PUp1fG<*e<82Ytw?Ofra#7A;^)}b+v`=`>*CC> z)}g#`x>};J#JLYASNr3U0fa9PZGEd?(Srf4fQNAD&;l22&ba!WLQI5&y`m@%m&9i7 zT}f*76#XBo9S9gLI+>Cb<_kVU!|4?sdN-Y;kRO=jCv!dp`Wgv_>CW#6`M{NHH_c!~4P*)~7LXsS0?5 z5M4ZfE;x5Cuvky5y=q?WTYcEOm*d5=kolLj-_!`;GMzfc4+RH zKk^SrCjAMSuos{B12IugyXXH|*vYK8Jt64MaA1@r;M9cnk4510FTtrPg^WWVTj?52 z%G}aXU8LQlbkB|*dO^Zg6o#&1q=Ge=16-Tyv8rdiNHyWF6TRR(3dV?pY?=qGqwa&P z*Uo=r4mIh7p;~QtTrfr7>yjwOPmH?VUVAtm8W)hOmPsCHoe5W#t93@YS!(JFZ9x#F zZWHqpIEXJ~k7u!v=v4LToWDE&gZY*So@g)0T?jbnJ1$5GPigiZ=7iFXr^C2ByNvn!UDfRc?xfNRUDK6z#vG2t1L@t}g>$1nR%w#ZnQ9+qY=d zoi>?y`_{Ie3IT%zmPA8&v^eJN99hrLCd25L#9U|z zl2A((U@L!Rz17VV#x?C(MHkK9ON@qDs|%}t^(X{Eb5Fo+38xLJT!h4N6?RZ#t1Ix? zMQ9wtY3+PhACF^h)CL)Jsd-p|=@r@aJCf6UNsdolB~VN#&>nIriK>Ej7>VpQ%Ecs~ z`Jny>TU;_tjo#|5Tm28=+Z;=zaliC2;oHskR=Z-`x$+4}@adm-5u&}q-^P=5=?5i9 z-}O)Ovbm;rf-Ulg{ zcD!hcv5FoNm$Ltj)mJpF)HRkLSDg5Io7GF-vKGF7a5zH|N zAr}E(p#-fzBZ|KgF%NAIV?N;@vjko^FbO`9D%o(ZJ}$imL40gi{ocl_{8NmEt9vH_ zyRgx-Ml047D*mz(v0Vd95XX(~EIIn2o^a7W+SFg$__Zcip&hlq-2NPRAvAv?Se&@A z!Y4>WP4x=?BO@R@-cs7BV*u36dbXa(5Cbx@rvU{6q6?NSCFF;DG!oBQ&Z_<0kyh~c zpgKX&=@^Yn84i;^FynVIT}_iipCBj?x_d{2qDA_szl8|@>DhUcfQ|m9PWHyMzJ71o z=~Ov^ZZ<*YcHaEh(OKOKdD48Yc6N@yM&JEll8g1G@K(gM(vn*=_V%EXkkiQ5lAesX z(l_PY4?W}b3nx81VJZi$7}Z?!ps0qVO;IKQn0@^(Y75|Fy8*PVAOM~H{x5&~zP3>LFC%zsj zbu+-!=l{J8&+sfy=H%OjReZBFW*n-gn(f%+5?t0omSzJfcmx{q1(PQf3C~DI6=P6(lmW8iSbU zfgx~m#mTq+h~Am{>*vRs`%aK?vK!J1VjF7@G;%T!-<5tVG%<-xcU{^$>;XrgI5}HDWM*|bf^B2G(%s}#RI8-Q#&!2T%d{o`TSW6vUaa|lcI96xvnuu2aN8c&0u>c ziPlyj33Rh4I(hAzQ&nzK^nfm|E9?Z=IWu>ZuV>kogyi%gcl2h#V1E5@N9+pXNGNS z{q5zFur;52E;Z&wB2%|r%O-1dmPMOCx!IKEv_ZIzQH(8NL-qiAr0di|$CJ;!J7nef z0!E*{tjeIZL98*egA1OyAnFTa1fNN8GG9d?XgPU8dxqT3EY}f*K{{pB6JOLTgj$7rZ9xu*fcc+bP{GZUZY+ zG3uqf1cI0JG~?)Z+nceW1!sBh&hfuyKKX%W@is*6z(G4Jzlh|>Qea)|;gUB-K$U9q zJEu0bm{h?n^xjZ%&tuDmwjced0Ie!XZ_A5*{c{C zdnN6`>876BfPfBtS*TbtJ+rFMyWM-XU=Zp*OZ8fRSox@!XHE-_>t$_4?+1tQoakXl z4^@xZ0h~=t6;!NG&-VR26jUzt{>DwM<@*sbW5hz@gRjo_!F?`8?RIw8%?qB)l-8Oa zLk#J5zpd&JPe_TPTwfeGGy!pPYZpzR*YG8J;g%XJT|^>t>XAFu3GW44SWNz6vq?7I z_275=F$b1wm$@3^D|G0o?t*O3^lTUapG|Dme?*-Jy%wud;ZB5}0?IaX;~B*WnR|K; z97R9JNHk=Ow6 zy=&GxNn0BHkid9N@P(Z>V{(-UZ)ecg%zd4-0`h zSh+WYpwt<#Q61IE^}O5`qYxHWz2SYJ=_nVk@b!2N!{F-#16+g*r4~-isbCLd={cFF zomb)9U>=%;NYglYG?SE1HDe?p8dY)$>?kA4Eg-$g7 zu#}h@j5(yz_e+e~u@>=IDACi7FZgKYV2KS^((+6^w3msZ?zdhC90tBDwgYNJ`Cw-R zN{dg@2s<(sflJq=gpHv^V_`c?b4@KS)c0^251cyQ7?JHK212+@a7ZeW7qv79j0!s- z^q@Eeg1u!&dm8RqbimY**m}6!LyrFiKt?90o|sEI@$Hu{?#WRlgl-th3{2@XrRN#N zuc2Xewghru%ciZ=Y9>Tlc1UF#X&Dei5+VjWfl3p4UPN*NVOGvW#Xbjpqb_1xJDMU= zN>^Z4*}^NRt4N%&z-Sti_Nki9In%jB|yxn*u-{*=EiHkSq9zETqyDRLoxrM{#s6BR3S5Z$u+kUOW z!?M7%X3v6+okkh6>w+}4h0q}sO4`b@HvT%}X^%TCD)3P(37@f$FYJO)TMqs+1C4et zV=lkcOV`On;Yi1E0+zaS!ct1vm~0?L{9rJ`zd{3d%1Afzu9nHL&<6yZ`TIB9y-KR` zPfq|1P+H%6m!4m91B@L+^aL|hwFVFz^+p8pK|3YMl5$iRn**>70`d(4xM&D zh&~I~KU;Lg!*4+=eEo%;>aK{kEvW4Yx!JL+%>9rGJl!KH+5fWAM2g%0mMJ{tsbg42 z+b;0^5_|vGDYw=YPRFu1;J1DIb^(!&9O+_TOXnc=TZTn>%G^c$5z~=Kv#!c^TRVr< z)30)^q>1@8dzSS?+W#tIDn(HTk==7u6U4sYRhX~UNPsDkmsrb)pBy7eDLRGXXxVM0W24V-x#wIXviJ!_HqEh!fFLzr;0QByb=Z zyrGUfdU382ESj92jvRbU#gSXqCyjtMJU(VXPnE%}Uio`&SF21`<06-rLP~>!Vf4TA z=SC#MjM1eeMTT`yaJ(dP)1Wj!4r;A8v|z4PH;b9lnneFxEmF$v!wZ%-SBRT}} zSFT|8@K)k5x>IsyCf*2kfxCTj0=xKLa$n@2K}hSU$qU-d&SbIK{U=H|vB*+WSUG;_ zB6lXSwCrNdVAYxC0xxG%K{a5nke)=6&6DN(bxLM|G9|JG6VJpYNKR~S(zB`ua3sJa zsFEq?%}13~hR-YG+NUOiQrBi)cf0L&yAiHoB5qbb0Om z*XoY`s{zPJ|BtlonyIbPn+8z09{|2~_3b~CczgWsvHueSF!KLFyKkT5#`ysDw#D>+ zgU#{*6wm(+_&8%L_z?~@BJEDWXnBd?k{7l*I!g%bqB?a_1y%xuXA36h2E;M~)5&Ii zk!$dd^+d)N$F>J)yi!%HuE#0iIX3rfPg2l{k!dwm)w}?XOS>AK&zHjJSh)}%YJSm(rWJXU zrs&i+?P+yU4_Ub^*LSO93z_F;8eNe+g;cA6F=a29-NpHK*>b4Cva0WQ1hTW?L2Sd~ zRn;ih38kNTERIA4VLpYGo}4u`mL+0@HK>6{@(X4tz)Kq2TNj4nsngu)<*h3_l%6Jj z7AO=&apg6OmM~;ueAw6PZbcw*ZCopz@WH&?{Fs{v8x^*3zn8dUMuLQIoPiXrus9Ke=+9`uc-`nA zZZ3#ARZGqzYT*n71rlv;%bD}57u>C*NIW~~HqImO?eE(Dw-A%HDDoAx`)aK+#C>P= z@dmEvD4g%EszEl@kGu3$2YtLYdK>OEA=6NsCWIE;+W4t;vdfs2jv~Uzs7eOPbhhC_ zVU+LtA%dR($l%e0&m(ZK#tK6t-d^h|^t1)q3zpfSqVE#SC)d!T>KnPCIpV{mC4oAH z7**O#0z>+cm1#g3U+%i9S^)tQSCH-K$%?El0}kF6UYi40Q?9YLfW=gG@wyh zT{&*7M(Qr<>u1>o? zIb~{%d=53@c~ypDxz1SW0g<>*<#|G^#^G5i)tHqLwwd}PnJ$G;5qrQn8L*GB%OZ4h zuR_c8FHsr`VFng^57Uo(Z0KLt$J_6@vYuf+)1@qrLdtNp5uds^(Okh?`hVKXs0F1o zpaj~N>%rWSm$_O7`Y?b$h?PNVSYVJq4zOSz9z7mKmN9A76;Y%2=wo6~b20)R#+hP8 zuM{EPq?AK81AJSARm}_i!v?rU14wcEuq2!i_)KvK*(*fHw?2&;ZJ(R3qfjqHiUWtX z$0Q`W>ju!Pm=u?utc|+9E31{X_z;b-v4exX}!h5OG zgiCaaAyv6(jS%kx+o-Zn6uJyXlYqlg436DI`gD8y#*A{toEwb;cd|!k()=n}>!#X--tx$M7Tqp>%dsWo;S(IPK*kBA@?-Mg9vJ-QrYav0(oz7UjCDR6}oL$)qKLnh#%cpVO+ zq9}~0$zP7$%jEUFcLstxkmpz-#j><-oqOFTp}tUeLR+{1#zAHZWSNZOaFZZATMMBg zgRiN~%vc!7b6svBTk#<5V{eVcA?)gxUc-Y8y>lmj?M(#m=7hcF<9kh>-Wxr>b^UiF z-5GqKmrc$bbD&wEOcs8+N(Q6-fDDy`h)EoWfjr7$yD_nT#OL>IXCiEv3wJ{siVH%r zgG%gxJ;W5>AwLQSWTTkfP8(M`({b|f{m3Q#81(>ys~|d42ykuC*ZC!g2nm5DM%^uV zt=kE31Rr-Pu(P!v@uNX%(_!dyaz5-pB5mmndk?4I6IKTLed)!r+q!2SzB(_`)vUovbR3O7P z;{h?5lTfY%d>9D@IEQJq!?~GpJK|-bdYh9Ny9_*Q>gK&z{i?CHnic= zbRYdjMEX`J%V6AS@$e{1=u>et)7rF|^#~Tc&J-E%sQ*}aZIrnua?syDC=QpQ&WVOe ziG0bf89yi;hXkPxx|5FF)MS;SqKdQUc%mTHajYXHwS>Zq)tlLzekW*4ITO`3JKWko z@deIB3({NGLLN0*Sp??ApA@V=DM3f~fg~wprb?@gL^>+}geRsW-}5;ilK(Hu=S`wh zK2ty8SV7mKV(s5JeY(%eX05;E*tbGkHxMV0lFJx#+Yozrf8WjA<-e8J4Nn$U$_sQq z!c`SF25qFPcG)?_@&q!OO1S-`j#u>y>pu#Px;7#!7y;7|vO;j+&31z9+XT!hjmc}| zM)2i$pfT#BEs=V_P~MW&-Coo6$l&V!RjkI?3zN?5F`lg*rSxfUps58k1_o|SHClY% zbqYLCEi&#h(>**xR0p$4klZ0U>bL{pUg4W$)fwvIFlDZ0hrX z!s8E!k(aBiw1DF`F)5&mod)jl>W6ljVn|-Gb`*?3=7yE9gp)DHM_FDSesn*gC@{$= z`biqx1Bl?HN=?6lw}f=XL720ho4%n}4ioVLFN7G14Z3sFDXv_I+yuecE$!21FTZia zs(FvTseTDj+lm~UDBQjz#l3Y*@Suq2?+ z`ic#sN~5TKJm@ITx=M^aW)CTCg>dAq}$tpEL3{F`-i*DD9aHGY>;zc)g zW5fh0+SZ{lcl%yPyQa-VXKQU+elYQ(`m=!kq6gl8B?biD&QW6}R1#xei(}6x!68Ed zq_Pl_pd((hmCc;VX+e~hWt~G;G9{}ru|WMfU3G`7ndO@qKBieIXhyU&vKYkK%aYkx zcU^LJ!w4;BT$i+5dAMfarmG(5)I9&HSh+&2M}%rx;SV_64Y^GD9E4vh^mf^Y*7AVb z(|{_)%E_YQDSIAlZV#L7G(sZZ`)tVK9W6j7hIR}UAWH^Puo(htsKT;bP{Ds@mXB(- zkR|`Qiy#hFA`81!ps*eJ{Q$6S^y4e5%K=cRz1YC-WX1W6m0kWhY#Gq_cDBX1N89Xf zcRWMfb~F;EE5ZL&1)-GyNLA2;P05+BhHc3mWGb_T?y#z3LNmRT)uPJ|t7OjV*Wp|P z!Wp41yG6?y@NVh7kY-7;-8QEI z&}CpIQV^c9ypWoS#L}7-9{NJN0j-etVMj;XjmHuVhdK~*&Pw$=*r^>0VWn|YgJxsB1Zv}@Yfr8Um;kbxDnR@o9q|85~C(|T$*t#7!*wfE|ePg)m}`VwFdRQAfMa)gdcaM0%GmPk_B=7 zje3P$aS$C=qxQ`8?lj0(D?xLfT-dRmWUjQ_n*FD56g~ul=Xs^Ueof9$MgXT!P*!fJ z;#F_paIhGTq+%$bVr)1?&uGR)QQ&=Ye?_Yo5-JV~DhdLspxP+SUy=Vl{PBxlCP!Z% z9{%uR^4FifIQ(%6|M7>TuaACl|M=qQ=nV*^}VsNP-tm_FN-E8!pgCgpQ$hQ6WTi+t#@vGUr-b)ry9NYPfF1 z!rDUtY0MPvv7iV`9f{TDhN@$ar4bZ)USuq10!>vDC$NHHXIhWX8p7FK!dPmD@GCf7 zJwKMto!p};zx?vWrd1@u%?wp`9RgZ2@M=i`7X|XLz}GRC?z9CFY1^4m*vqXa+vch<1U`X{cp}ir6HTDYAsk8obngHxWjq0 ztPko@9{jfo|E`X{KH5C1eY&-*G&?WZoZoHh*M}xZ0c|wbykrZmpo|$nXJZ;jsc_|; z&QvKjud=pf=W`o{``TKoKVH1Gp7x@YcPosexh*-^)u0O)i?Yelc!at(6qNtOsPB#T zxgtvQEVH>Dvr7AVA})Nd){9%3hM*2YgPLyP`b^0iX^4iJ!w(FnQfNRVpR79s=Qhqj zqgYb1wu>ynK!Tql>Y7V|_kR>MkiIu=I(YqoutGfhE~fyGUme(8=e;&4rrn}I$ZMJ` z?Wka+X#=rf+!0pEHVI!f3sY`MAC20UOPQtM0H0uVqw9iDtxGl)v-=C-XS-QMi5IVE$2@_UyleyQ5p3~(mvTKt)$DI$n@6eC;4F19@W6(STu zYtA`Slq?9bZ8R>i{$5Xm@0z#09bp5)7rPs5#MPa<|kj^JZ8YAw`lggsaUTYF zf|?G^AmP$#Fd12xcCGy!r~z2u8gLjmNqZRIrObV@n3;(+C%~3{Tg_O8u^-72aIOJ0 z;MO#}Cj&HxjZxz!E zo|2hOt7V!T3U-SCA3n~mnI`A@@WZqnwMC1Y=RdHgf|WT(O=QNc-16b#zy^twx0CXA zGMP-e=6YtKY>ykO?bBm1T4Qa^4M(fHMX_6~>^vUzb{huS9kRjLqj3tf)dvk1cT8HE zvpy+R2PVro(lP|WbgZhoZ+hw4mKvEc(-ONYBo-6{kHEQ1r=e>IwiNCmb5K{^*}{#3 zXr*|}v39c~Gio~WLqA+2h|Vm>GfP=e@Lx#6Ab8U-byh4{&Ptj!ySIpmUs+A(*v1;< zwCD>v0f#`!J3S$IDcMjOb6%c(5EoMFcU-~U{|s7rb^^e)&!#O&ckZ_#tdR#H`k}hK`xrdeLYJ!o@(|VmyM}PqKU(N{09ti7?huN0OU?g{g8$oB{NG`n z|1MqtAsbW=yXHPq-UyWRUc%Y94=tT}!O|nQ)szEryCE@9+=UbqsP0{QE8oQ5Dz8)QEf>|@uH?X$=DZx}5Q9U2iObjUK1LyfsS|Z;r%gHhzz}%! zyj!C>(+&x#7O{j)kEDh>p+IBBI@dX3mAS4w7hHQSUaA7L8U*>aB9#Y}de#}u6ubj4 zPKuNaR>i>(W|>u^q`>^X0A8^ZwWyOXaAgDMi83lDlqRF)!U^6AT>-YjaL(_{D2kHb z@Qf{N&PpYMKS1iKT2i0L2u5@()XLDV4knDQMQALYgWk(B!ZN-9RG@Iy=tr0!ydJyL zpDex-nq7M5?!(mVN-Af9qb1uIzBO+8KR1ZBhZHR^P~i}bpfXHb2Q-%v%iGn{YqvIT zU9jZhM3;<_H+)vIQ&*Hhq=a9dUY^yv4F07oBf%d#y19iEKl5H%@*99M6taS_H@6_} z#LQOC{Eh6)as}92bd*~g0PhM9IK4c3g}wNEA}le~n4~YUF@def0L(5xRf{1qU!KK= za-gmVtk_Nq;X%WYMDT?R3*gi(?KG4pgtdui@px^31FF{eeo_zH*4h#9f(u5|?@O-P z2a&Mg%=KuWAp?WZ0;6|_TNV?@iD``%(4#(=pg1@03b5TU4jtHF%e5<9mTeciWu;*- zXqV})!5SJIpo!nq_^IUv41w4n$pM1d6Dr7pX`*zMT$_=4Xq;1*JE3$>MW?6GvF+rL zV(t~y3@%5zp^1~ZWMEz2w5Rs#6$8jXt|pI1b}y+&Wxg>6L%FQGUQ8|Kjg?)yOj#Wg z?LB1IE@SYTMElgTYlMfc9e2h(P5c?~&hkK_gg+p!ShLgjIfUZsQpQBN%4nD3g+$LP z^@BGbKjGL%xYw?%XRjVR_|%?m>{X}AyfJp8T{p)LTJ2MfeZZNeSdz%R*nv|Y9W~I} z-htoWW~&1~NVcI^vL$r4KeZd*T%j;yCQ{Jas9qj}G6@wiZM4ZXnhy_D2+ZY(qK;JP zf<)Ww(|Y~eJpK62`wv%PHV&XvVG)*9(c^ypT%rNi*XDk~06lNF#{%q%=HlW5)}sSP zbg&*Ou-U@kialApK7a)5!VzRpgM;EV8 zTIy+FCi4m$Szx!f{>wu?CjoN1kxsjglo8K2R>Kags#d5Rz zE`Lk!puj$dvAG_`G-ZY5>UjFMTJlG|#(R@0V`>EtCzFiN__AMUne!xy4cy-_{wgqn zZ$=U+=Zmp*L0gJr8Zt|0me_K7@y2LYE|@h#U+R)4y4|yH-y5(t9iC*xk{*$d9xfWm z#M@J&7zbFQP}{c*q{pt*enEk}&@!AbPq2Rlsw z9=HxH74FFB`8~GgcyHnp1$JZjbXvw{NwNdAVP_06(tA1?aK1l$ti<*lBdPCcy*l1^gx9+LlDluXXo8w7>~hkSYwQRjNUwl+;!5Ea3qR>hd4zQfLewO!E#TF4dx zpi%i8dcmZdc1S!!m{ha$E7+$4=;pwg&M>J4mm}p1raaDO5Lu#(%H+8MzWnjx?YM2! zvZRac$Pzzwv=}5m%Q+fW>>tvIG^lcYrG#cQ|M$8k9yDNB|ys@U|Phm~|+GmtgXS=lM>W_fMfKxp(!i_R<8_h6u!0kP^v zqmbT4*n+%aCHdqNXFkDk_;j-g%HDcN$#~olOI6Qp7}N9LxjdUK)ry>@ysgyDxFxS! zA|(T?VI#x?zCHM{07Ms$gMH13eKfg7Eh?h!Rlecq)gUxd$TZ9=#ZIHV zl>%wdf&L!aCXR?K$vc)04Df!t*}s`2PKsCjX9iF;-J9AAnG_3}6bYL&hJ^gk9aq&- z(=31+0*|;SB@goJ4Xy6z52Qg77k9vaW(b9bF_%iB-6MfZ(6pMvjz`eXRe;fjtW%2S z*Y)6ToyHSlD&e(0WBQh{zFNb;y8JrT_aUh4&P1)M+$@*v--3s31RDC&w z3mn8`lVpk7kBsfp^U1fO^zqjthz`iG?M}f>X_e(Qr>V7{p-}|!N4L3WZ>%0 z8cy9xbX*aZ&ln&K1?m1htwa8^Qv%MvJ3S_R%BJpLz7bd4O3MYh^?{1|n+8V}3_nyf z!&X22%}fjchbDgu;Ew+D6Pi$a8vnHReyGxV}}bOj%1~ zESX^<&IN}^dZ6hU!CwFtLT~+8;*4L=um$Wht8qB5VYQBlmXc&rEcy#qp9sS4xPk+X zD+=2|E!w)n_%q$DBS!SJ3iJGfkopgvm;8YYG3h|A6gOQ}SMxInA;@A_WFu6#(lq5iDU! z(Q<`$3hpYYScE$8r}Ryo3WS1(fJLm_0$WUGrMzasgUk2PWD~->u7QunTZ??6{NV>Q z-u^knZ4i^yqY-D9-vx@F^?DPM7ZV&W~IyDUcj zj;@@T*;UF4PIz6mv)~~t-T8N?13fg$dT?#%&PH&;4!V>qG}D{TYfHxeU?Bpmb2!jX z%|!b#i6V+?n@9D!?a1hb1|`P&ZY@~7<#*?8#U#BKOpcQPG* zb?ip2HSbQ3vn?u6bMXa|`x2|o%&#RKDn^gbmeOrqp47>(zrz7dU_g_XgI)Iq$%Ido zS)uvzkYI$*=x~ehFVazK2p&?~iIa|;|EsazKtcn~e z`-iFB=IQlcfCieccfntEcL#!D>-mjo>&)Z)p{ij-{1R+)u69~bAjT||3%S$F&_@6s zJ%m*5LWT|>Zf_*7{RnpJ#Xm$_5^Z4$?LEdE#qV9A&J(f1C3+Q*L03v{Kq`JDYgeh3 z!CMz>9y5J&OEx}=YaQ?6#)s1yuht6jQ6AN`-ETC~j4WE~uZBwN7~^oS@wWghRl$3} zoz|c6%)mS+=VurwZ&gDKyG+S&REQPa9Th~T&FCtf>-m!<6 z-BA2z{cJ{pu6fr#yV(uJbJouUb~)m;0mDZ)$Uzw&pN6E7(_%Y8ZcGjNsHz0&NLb683|#~`Xe#rK2(ch;&c+Rs+?FjvovCfB#LY$<`b`6MzgsOB?nCUA^WPAHOy z1Ko_k8ZB^zb2$u_W{-R|EE|L0tTJlWQ3_|#&e7^_&X#i@;_VDlfnD9` zW6>_OZM8hXirCd|PTox|kWHe;dWG&%h;l9&BRn_i0~OlWjz|D37QC^fZ*Sr>vG13V zH(R%ZmPJIg(zmjXz(>qgId_$SkDJ{^U8lBP!$!>x1|0C%oVHt*W#)hT_+W2TWzW1Y z1PpO~to6+%fE}i#EDCEi&yTj5m#bopNLkn}qDI;3yHNjtu(FgTUP|l37`ArdGfH0> z*j@};Xx~ovj{P-iY+T^Zx|0^QRfqq@bdW0N`F0~$Zcqztq{&5fyOE+-GYA}joUg4& zV??K=#HzRO$xa8i*ZB4tU&pi8_&&$k0SkD@^Y=cKU7EaVV^zk^H_RFXQIdArwQ_YTCMBPC_C~{ zrR4Qze`Nl>j?4pAYF>Yyq;m86^9Yrk*PmYzw;1uVVj1LHjT9E$XSQZ7pp*WqV&w`` z;rfxe8$$)8e8p2%0ts1v$*%1-;3j$P3q?or!p4->n`oBng(ZljB)@o}IEvwK;a`m8 z8EZ0n|0?zXM@L_gt(g(P3|c_+&6(o5`Cme`XH^?>$u(QqN&teGou=;P=s{pyH8R3$ zhHedPKlaFvqcME0SqCOt`_ouqGfHc7!1XhKaH&-z8VyLSMhlLeG#PJ}!N={=*3%zB zU}1luDhhOSpe(ek6j03%lHZ}o(|jZW;N!4Tu{+c<&%`l#FSYrf*AVg!B2^>5uP=_KrtR2JFeeltatbAf z|34!sz-j&eNkMt3rsRYuE*2SU{AMlUK{L@EgHy^-;0?_fCRb5Gn8o>&^9|YX*j6So z_qPuYdUnlL&-ze_*PoEBJv$T6j(ucCgE@KO3B1kE;J0V(;^Y`X@u4)1`vt{WQ{`z! z(I@Z_M(*`KT7iawcWSSTgC>1^J8fbH5|Ml{;;>@VCt8<$R%xalbj>?E3o-yxivtR4 z{9W4zLBb)%Bomj}g}I5Ik`4X4@(- zFYqw(FbGTtJ=j3rGopV3f>X=p2q8b!7k`hWhXDP}bKUkpDZsjz$x2w#aVQ!0T?8{L zm%8gawj>v%y6vx~u=c&pMhZM*$CzX7ijx!SCl)b)_(i)HPRXR^3lm_|EXw8=6{^+F z1-o71FoU(eUg?-x%*?`hZu2Y2CwSH=w2JX!5P^V~;)khG$Hzl*X`Fo+CfP z;9sc;7fDuGcP?@#0QuehT5fUO)*m{##l@h9+51u6?@g8mq0^oqBiA*0)=^UAuqrr# z-RS%|60N)Qg=p}Vaa9;xCbfg{U4w53U@8Lyo=)xs8QxTJrZl;wD+h{3ef?N4yLzzd zW?*<7|KBCSa8uR>LuP?20vN+PcgZEw}}q+y(5-$@!Usu}p)_u%JUM zB`R66oTBK@gU}c1fF7xc$Q!w2rD@Vd!z5DNuu?;4$U^X+eLo)J6U^5dT&s}m3ZmBW z09LFKmo3IiC4#nx4WBKS+=6Qta+b(EuLRet=OBET>qeI9dCG2B_FVDBgqF#YYnGUs z=Q%C-1STlJ3Omiyh)9wMKG7e%8NcN&nv*ugSiiF_O!?yV!!S35&yV~d+v*%`4 zxR^6n3B*DBFp(mvFxRt0Rq8zc1Gf89e~2xb%K(h@Da~1SO8Y>YYP*_LdWm`&_b&-5`EW&+1U&+qz&wY2I;8qyQA9|GwYGQWt#z zj}yvH0w5Rk3se?#2P*envz5~hX#tw4M;Z!`6m=j!gPv;8hkWY4mNElY2`z(?Rx(|3 zcEboQXIz&QKo@am!5+4mAy6ErY&hD;2nKy#N#1hGe;*=C*_P5~|rkmi*@-!a7um zEbLZ;5Od`B6CjMhxa;K`g+br|4+__Rt&0z7_t*mfl<%BWvSEvMB$W(j5RBVKG~!tY zS|#|uDpps5@!{uFau(=qOp)aU!*GQaCdy2v1pFNDVp}&}ek!4r3`<(vl{cm0W3_AZV^roh;p; zY6if$X8V`2H&=Rhmi~2PASmJ8D;_C+#9~^FJNu7;W%VRDR#8s(k#>(^|M1p+;aJS7 zal5-)tg1)EsoE7r)#Kw+JuWuYXM;=iSzuBnM&mO*0XEZTip#XueD<2pUh^3-)<{gG@n_)Su#omRNa6E@7)ZZnB|8%9 zXdK-?IL6Uufp7Fw*hX998a+0qQM?cmi)FNJl3g?)%Xl!B(LgMpH3-YS0a(UgkdJ{? z^mNE0qhRM^@rm}w;J0@S9tnTw$+3qX8F%PcaPnhI-bLXIZGkZ~oXavEUnu_SACD_E z7E{PCLj<`D;|awkfJcK$Y?I6X6Lk1d)3N!){C>{-H3|Zha9tmhPu)|mcpl$JJ z9tHX5VNriZukARrpKVw6QBi)L2;t}P(S5c+_8E!lvjw8hcr>4T!_tgF@rgz78HL`n z1*XX(R1_VB*0ZhlG>SsTvyUf1=Xnxjo~J|Q*|ki*eTdRH6rOR^^f>4{kBht$dHA+O z+!?pNPlmMfR46-7i?H)~pzC}N$U0Aks`G$|I-duc&XXeP#4XfgBj|h%=sBaf{xE9J zHf;XE&~hFUDQDEWjl3S?&~YL}!Fwa)>?{ou4sm26$b_4>IVtO5ipG{hH+Xiqk+!bLdO)K6uIci1;1g!oYv`&;#+2;Xa`!I zO9YuQC@eTe6j%%!jXD1Ov`ARon~DA}CfA;5`(KmVvF zPA?!s)Co7N3!Sm*ERy0BdpNC>mSK=lUa28tRi#*$E7Fe^me7lLKR#o3)O;~bWd1x~ zO%mwVdkcSj_MTx5URt+7gfR!L6#67HPB>()7tSvOU{wU(jSFK zVliiBX|C--BiqWQVj9)eEVgJn=~h|8=&tPI;`CPhXC65Zx_-%y^h^d4h1I`kYGF zz;N23vqv;5b1rCx=>c}A?`6txkXGB-&5FW+x!`Ka(#E<*$=RSo&#Mv`w*OkracH%y zEf`A&4HhrGm4W3Wh2ZjXnwOrQXA zRZ^hJMe%VZg7G}>FZI} za-EJ%S1q}ykT}8yeV<&fnGh}eLstd>5h-&t3p+7G^$}uBD5U);PC{-99eJVK93&KN z2Q77a>7$Ud6{*Cvkhj7ML!h_IvQ0$)QJ_3Mv=mO-c3?K8Xg90rNXg{CSc z6Ap;2upw@TuZH=a4IIddB@I%5z0nQqXl7Qu@$W;t7437=XAkNFTa;8(8SUGrjg$TW zs&7=#>$rf|QNgaCZJ_JDf?NlbT19k8lWWzm?GLJot`%#F|L)WpKMlQe2m-~EyjN-W zD(%Cmv~^ZaAxlGzkS1?kyBRHq`2)B)1G}oyz zRZ`Pq8|-KXX3eSFOdnp+Ee4K>+u)X?&mxqOTmRw>^ z7bH(MPD6_%f6vTIeM5%(Y>*Z*(X{P#*|8g*ylT=OFKdT2)6i##u%GldqVST_0%%YL z%;=HYF2S_V#p8skAi?xe0)3P~Yx4|~K<)BA%8tK6+0i4uwNzn4+d^eWbF<1UW<>&s z;zoYj$pI4?o}Ha~W2;uJBRwh$2$wpw-{@&o{x;$}+$In4Be^5VSUxT&O3t_pk>cep@9&V@Gbz;D>xE3p;BEG zV#=<02*$&>Z^T_ke>s4Z?mP7NRr`!mlQv2^A?-FNkI^W8GoEZw7@t>zSc- zSr2LB#i=(@TcOaxpKe{W7HS&PGNV>YM8<3eJ%l;~|NJ1fXScDS8kHt7jG>?mTS<|3r1yEC8Cy@2d3p<>ljpz@cAZUu&PTz z^}h=>A}Ng)JTr_0tp<7(O}HiqUURU>qPVOZ4jKc1*4tzGRIaV4rsiB3ol}x0mef8m z^*xO7+2?RU{kF3OOZa!bnSJ3@)w9WF8Yi0dYx0nx+LVi5I_;K}AUWXVbz2#S{`WyW;Jz3o-e72A$0q z1&g!ptokdY#r4rx566P)-XO&6pP1Z4L(+wL28L#v=Tc=KPRO5Y6 z5Lf|<2JE&yVl0*>kEp^a{(JUTwABr+KX2K+xn#^mr_#8>+at3QjM4h;$ubRz5+|+( z?Se(Opxs%AhU-bwsTt*oUkNQ)_L#iMFi}m>V$L>|Daa~e>S@gotboM{mnVz_l7s*i zShY10S;Uj~QT-x7-VGFF^97YdL_Tr6g`aCW z*V8>oSfLQ4tEj-s2v6zU<{ic?PsEbN6Y|o7Gjmu2x|JJKruwF7p=?=eEr)=c4oXt! z{@YV_{S2{EGV&A#^c0FuFd8F-ff*#7TZ-i6^-7Y{LfH$1Z+?6EdcCiX%~K+=&gGsJ zUe7AeMf_CyEv)z4YU2-)T(7YYlpn8MHz4ULMWcn$1@Ie&VE%e@m92IQB|Vx?;(`%X z@H}DUZw?(}#AY)Vsn1Y%sc^7IfF!UvnOxTEAfLWya1en`farTZy zrD}Du_0pCOV6V^>`?|vT!l~CVzN$0qqjz;K-7Q;oteZ(!H^^e9xQaVM76%Cdmi|AJ z$tuz*&u|dNjw`%g?TTkH{Mprg?|SyZhlMWcHv{0o94&2Mv?d@h5B=-xr;;Xh0*xQF zUlaWC8gk7&PvVFc7#?Jb{YzoO&Vb}Z9dR(0-c*Odlr7cNm`7zo3tJPpwYEy{7F8$m zN((Y^tMVASSJ$fzu1X0xE4VuACm)Uj_@>PG0O0VRsq7a{kF4UJ%&6}pM2bTUb;d@U})POlJ86%7;n)~ z{#iKyzWjzBC@%3JNHA*RJ4khuE+!`%f8Za@^!Fe~?a1ijr9 z?l#IUwz{UQtRf9_w^+3%Ag3Jb5Ps1j^;j{z6WQWI-2k!5XEB(Nru@4Lv`#ykT15RMT zE5l)7t1bAtBSt0kY`m$pW~C!#gxgABkO)(nfMpTY8HvRqK;>?2A9W5_vU$o}8WuD5 zZD<@){fsQ12yt8HcIO}#w`>1-7KzkI{WxCGFU?UJqn3%ER~w7DE;Zex!`kCd97|J* znR5oOE=A{*TRX9dN&akbeV}l!k>O^dnDRIVl?(@T&WsO8v;ab5ZD#Iv;j2na6e5d;F*LqFf!faj(3-PJ9--=5?^ zGb{CrVm2=rEE?V-xK$P=Ib(NB?{3Vc@eX&8X7E_t=!5%hCaL0b#`Vho$4l{6DC?KF z85z@|Uqmd|Ncj3a|8y#mvbOjEa0T z{#j&)k7nS7s(etBc?HB6YM5sknvQfj% z=rKKOpW81)&*Yi;?{o9tkH{|_zaSUnqV`|?pN?OQ^`>}B^lVh8qY=%J0BX8z&Ny&W z9175)NTdvw;`#sA&ad&e2&6znW?Fc508=|8_h79}=`EVVP9XVC59;8f@v}oBvfAsd z-Q01Z`JtWB!LyD)yVa>bZ4YT_C)x6zE*+t;;>n!fx$2yG!6FuS zk_m86!@cJ=z6v{Ac0xyreU0qWV+9_j_e#1TqImT!#&Tv4`artOA>3lTdTJTYHnQYRx% zz)j?I6N8msp%Un^+C!eRLT^?VpF7D6`12OCh3tQ@qRhdQRfNwQC?=l61%*&v&m z%akqX9VFKS?eb2!1zgbVt>rkV&Yb|>0Z6WT-J;QmzUh9>E ziXhdGj`SbBh6x~=j(-?wXw}24_iRGG$q_$*79FvqWAc^AMDYRz$qc~V9p7jjo}o`w z?SU1p)!wTnEi4YnVL!WcHQ$sl zPS_nwoL#_{R`F~Bx@CP{&h=y@7a1OyF6+W9p__(5;Ay{xfP>wgb-%sNlde0r0aL4| zx3z~|ooYNdnmUS7nNf@YOKNUtrv8Y<=Ea$?2EA3IRclvR&8Ui!8P$$y=smCt6matQ zaLREczxrct56suw2aaA>O#b(9S|=CafEr3E1#vrO@b zCcflX!PXgrq9Jy`+`9sE@cF)KfiM~^FxDA6_za5=J(-r#EmPKMQY>{xd8x>hCNzum zg#fvx-E1_o#wI1O6Kt__RERK0s1cQLC|>*|&!p15V_;?fL{AbaMw;B%hS$tq*oFBw z`kD-nW2{Pga!w%8j$5}bF~HKTlGgUYvdJ8r+ABxvNj=ScA*9M^%ASmHRrLwOJ7*># zOqKP3)yd)!$Ta4vFVjwv(#*RvDcNMI`4wOFPd2Rbj^pb zU|B2}`asZ-)1e}>^+3NaHc(T-$bt0}5XF+jZ9sba135X|vLceMqYqEl&C2_%$oD?iBqdwFg*`Wv!a^kDs5KHgK=9AhU zKfwYsSr|v>Gq~9Z>o+6pjulIi3yH{nK>w+fe4c?-n= z5k%A9uPyzfqi0>V^i6c_3;3Tig7+H3&u2|{*Uhzdi$d(=UB+9O1(>rxI`quwA00hE zdUl}K;`yOo70(d<+%tr`Uz(A2z|(oAa0sCSxW;=?#3o$YY%a_|Dx-w+)H3N2TtIi5 z+m%Kzg@FN|EAq!w6zq>)GY><|yMl$r)+pEbohR2de!s>f8s6G47Tje2^+bN#JV1ZT zsu=esyo8RmvXuqP{)qENKKGsXd-M$eWt{POSvZq(6`xdp-%LW3N(+Nfk7QORS4^RZ z)e5LnYotn6^y;FrEJkq_4|(keM!cns8JkV~$3aEUSqAwYv8$=6br3PLC5*3f7MWe& zIN07Bs^`C^B-Ni_9U4N-TR>-9ysfmF(Tw45?Y8d>x*7+`AlzC2Kv?r#hm32VuaELIQEwsT)Ul~rof{eqc7V0K;1-K}U97HVuid2YPP zvfG~KUy2!`0D9?+#tE7-nn9d+7Q1`kZ9#YsxVcC`{OfFmTrSP^gE%1INXFBb(zso$ z_hwry+N81EIh}+khTuL(pz;Pl{CCMn^Y!V)jXn@(beH%4R=qKIyvkt3& z#>jyvR!+A~z-^%7;Ufm-SG8!u^eV5YUarb)EoSa2Y)qtOIo*daWuzt$8!B1K9igYP zU9JkE(@&m|18m``B!v*|0i~fUaP}_WI!6-#{w=I2llg zS$4+@f##VzTA-=GL3c{>?+4$VT>j(j$(yr7EZ1X4UjcylBlMcv^&SyBZoLUW_w79N zxYAOUG)b0(y#oiz-KHW*kLqm|i^gxWW_!`5`ZU(<-dwK@QfW;uTWYgmimdIcS0!!e zXXi?4J>^kvUF?vZGh@y+S<^#iK705#8#! zZ*9$QYO}Tm89Dj>N;8Ywsw6g653i#M(bg_ZJ=LcYG(ZOd?&A5_yIe>MPujXT`1sgQ zC*NPK51mUAyLZq5?3Dqk@ z_Z0ozKCgNHf}CZtv~}s5x@i)a;RKokk{VWBP0a!^6E@uFQo>^5of* z?$)oY1UB;LUA3VJmhB8&&&N+dfzZ81G$RS41`O0(@+D??bt3SF1OSqtAV3met04nV zhi%Uy=oF<1hMEcFJ*;{~GNlkPw`LCi@UB>w<%c+_?)>Gh7SXnc@X`FIl9BV5mhgH- zE8-eo=g902PEz`_$jI3jSEivJK<5vRX!WJlkKF=wsskN4$n@v3U|K5LS^%>Rtx8?` zbMlfZiozFCE+dZv8`A>R6cBvitHI)v>v)jN)$Kn0y1aI{4@J1y^kHbX&%&7po6uxHcjC z13Q_w9!_wqPZC^rwP8}w8)J~9Yf|xUMB>Q<2*W|!bIY?%@Ra(6*Kccm6KRqcFM740 znq82zOcc+1;NRhP=(7k3XRbmpjR5;hQ(3e<$1f}5!;h+ z16^z&+`#WP5N#>lAw3 z%B!oovHz6i3-ao!ffynFfF8L-7r;|V5TyT>x%iAfnt};qvkh7du%KaKU@brOEN5 z$qVwWL_eB~?qD%^RJ%3Wf`V%f60m`_l}Up8r%&q0x2hgJkhr)3d#f$P2PqOh%uyf0 zQM)8RGH@fR7VBGaRr?&R=4zog=9Vo90ETM8>|4o-`cY#lf>k&wB`YS_{0FkSecT+z zddX(HUE51GYg$_Kv5VNS5-Kg#0<$H7CL5`zajg;7^}R1{D8zGD+-kMFM&*3cS0rpG z?5}TVGm9R8S6mM`MjRL$Y=`_5(^E{vzA24v?`aW3$&;KaZq)dWNId)4@-qfp&%gtl zTv1aSksHYa^Y$`>6lkDoG)bhLR(ab|ss*Nq6Z zy&_h+kBy}oGC^{Ymz^jYh;-FeKs|);8G<$_@}}qTcum%sL8?EQa#fLe$rJ*Ro0422 zBaumZ0%6Jnjt>;VG9n^n(WD$+`SJ1bF@gqv`st@c6oitPMLb=95#IXqvksh6{ruO- zo7a#ikSmF$2(VZE<66UVME=j!H*YIU{ra~c%)4dj?$ft`9)I%j$31U@tS<^~;NNWS zg3YY~;ACJIRy@VLIn{|@ODxMt`Fx=aGM7HT36B(#eas3G2Bi+OLQHX9BVzaXC1N%r z3BP4zCci91nOAj9Oe%@NzQ&HKGu2s~Vb@`^z3zu07X}(zk<$$jRaMO+r`%KP9WD(_7|FLvMCUmo-odJ%Fc^$x|c-qQHDz zyuJGKUDhppLvxAc!?d6eMfe0@-c@Om)U3t_Q7q7m(44WI7OhKrSZu?T>aI z?B;oZap>W8;rWI)2YZnOn^JQ6lH<#W#@T>+U}9UPN^gXn`=$0@Tw9Z z2;|oJA$#%mIk#R%CQN5LMm)?5amQmT9r}chOOjLRp(0QzMa03bRqak^AE;=8d|5BV zZ=L?Wvr#~q^3Hglpykd)%r44l!sX&>*AAklwlU0fEzYUUQPksr$|MKTPBQ{6qXHtS zfSs@{`&UB%^GldPnL52{%elbkZ8d&_HKK)T{pq(^Ui&DFa&H;E6ItX+Qij@T&s`*^f!X2*zgpBaetxU{-ZD-p3n5L&9XEWI9(eb^;<^!5;o`%IIzlZ)1T@OmzI^}a8h z+mDIpRWT-iNLH_Wd=K#-aR?_!`* zg3o5E2|oMsFK_Bs9y#lCU5E(i^3kvS=vVH3_Uu>o*xrTl9=! z2Q-R7MKHd8{yczMThPN-n~60+gs&2K9K@no6bA`y%0}DoB}sV70VgL0s=;KBmkyr; z{MjVR%aLhflCo43%aLnFe_3nSynztzQCSo$Q^~R)ZK8UH$wO|^eW)hYQ@>M{^A60w zUR5;*&Dv2Wz5X~qss1g??#LZ2Wd8{x!$qK&-*G8A-FDSOv*kAdXOUo8w*fS){+r;z zuWZ4UGc|g!@JM*g(GFaG3;OL2{)#;Mtj~0hPfnF$MfQUH_rc%)^vn40^MivQj>muf z@lOYTpTIx13iE8#6$w5jAqV?3=tn9W>2Mi7rPBM>Z04w#0OS2 zmqkI|fK;(p#OR)_CBdjH{Ac!BOG}+Ds6Lh)&WMBA@1Vq4I|&=gqXa0U2FGj$b*K|} zylO%d9IP{Yk3*b;`grLcQOX1pY9cXwghx;(2$Whl13_m>H<;3QJS|gFN91=wNqvoFF4;tpCp%hOAd_%4QhMgTDc_yhDjX6Ia3%q%tvA&j=%nQgPQ= ztnpiEoUXispwh!yj<7@xIb$rw^eL~3!uW}xzpg1#a^cEFpwsF!p*$rAk}+~-k2`*I zg*paWHM^sT{17|gswig$EYezKJqLX^JdHV-jYI7!qo@yL^ZY~sv2C_i5zAsxMS8Th zcXDwqeQN~XK~r!8zA%uU4q4IN;MO)Z@5!K`F{saOG+XP5fV^4xg&#ui z%AMa_i1;dJ(Ztk3yy?~U31OKkmJ@OzAfAiIc!OZf1^cIUx4^bIJ90!7%Yc=)6q>9a zlXVPD1AU;dCI?^wMMRAeQ37#?yU3<~PBOyYaS55_cy zl#K3)3%3_^rbT$JU{j`Abg>?~?g3u90PxgvAjSXD#h+y`5@`0li~56~@O4FMKS>9c6u!myv1S777ab@#S6B$O;BaT#Q_ zt_W?Pzbn`jt;NJ$FZy+bQW4cdx*O%!3H*R%iWkfS(&+8R>{XfJ-Kg&xZtI*WSp|h6 zy9;Pp8Sw{42EvuyNn=fEoJeoGcn+j6Y)v!ozKtB>w!~t-Z$upC;~efJu60qR*kGoX z1WO&h0PzsAhW>#>cR}0hTGyWq%|?}sJa#qvU`S&a()d|G=K-;j_8I7+40EN}XTuzB z`)GQ473`4PwfgIa z8*~UlX0vV{)Y`cT6tzl>RvZd&Lf8abeQgSnB&>ktGRBV;XdkE{hi=EPC;@9ObDCAg z?wue>C8G7(a1Jo_*=WtCKEtl)_tvO(k}YweUU~-t%~@owhoiNwj7}3RJ$Q%4jb(-X zD&f6#$!1|o0QNrrXJPFl|E~RTQU&N5wIC2u);{JG)S9UW!mae^LpC*zGNj*OAubT~ z3!!acZ*N8-2wIw;AFF)M;SVblIDh|?=?hqadxb4E!R7Y*Xb3y3PWjhRsmnMAZ3egI zH76J6II{45U%}O08evZ@coC0tTBs#jct*8Rxn$PB<_AZ=^wk&ipW0T!l30hF@$lAn zC3r;wq1mcu@GL{JYVA{-rC)8znp!^4S%yca0Q3y+uo?O<_8MLM!3Ku0Y!}8&>Qr$5 za*8IkvK|v)34-XP!`FmztGX zgdv+;E&Zy-HDMVH5faR9VItlPy$7CA!5tFda!cfE3tML&6juX9saciF)(<>GUPk{2 zr6gaV$)5Ug2|U|GWb@~9;4RRaD0k>YILTazO&LbdhzYx(r4lJsJOXPSpLtHR)Rhr( zu@%VEL7FgYJm8u%3w|3elD95q)$2=Or{~Ev1IBx8ffR^Z6pRs`YITG{!Tp&-#;{(_ zu00CX@4g4WxYrWeIg>=(OQP`oCQi zGAQAtac+E`Vg5ar)&gh}Y7XK;CK$0qXVt(mio6;y#s(EzRj z+gcq+h@}mmfjUsnMx%?jd1LK6=G(yW@eKFa-o3z0JNSYrdPu&NxD}47yF{oU4cEY! zppqNd@kx>|yqvA9cw`UDA7gt-2(ssLHZ;y)p^%n>KB@ ze6M|(C8|tHF9O#O7q4E}#*=nFBbO`^cdWqeKYN$cOsl%DC{Og}+e1)U>7npq-EZx= zbKFffo2id*n2_e6rgWPovM?{$9T%mv!SSU+mMWFe_!fNb3Ow6LR|vK!Vs~4EdY6i- zQq~bYBJe;zut(DE>mCF#%mN4{^}{jCYQGN803{n{fs)NKLCJ@j7Eph7kaS75VA!uQ zV+4ObHDtynxKv3wkx27WF^?P>q7cre2Hu?-AmC9-GdgEu*ZsK4Z8;jmrGjnR#3i0T zUZls1)c;(X)3SP%3?J{hN<&pS!_Q5BToRFTrI-zpbys6VxT@u;o68P%c#L;t?_4$2 zN_Y+)1}LicT%uT<5uWB)$N?_x*yM&;`?DKy1hIF7y#ucR4(c~cM+Uu)$?jq33$=r4 ze`rAB=#(Yor;-&*qJ=)2D-b52K{ZmzW6XcB{+xYSjKGm|_D&1FfTy&PcDmX~9VZW# zBKT~%W%R{b3<2~%2?8Cq&&k`D;a7V=+!@(|SP^n!4oTCDaRuEsKr39NpEEF%TecjT zP+C*u*}Obp7#NFQ)uPhP^<%@HnNT(f}N|mx9T+Lcu2wvhp~ghg^5#aN^(!g5XocaDZe|v%WTD&FvAFezl*bGE-OHJC&!%q&mJA8#16R1f{bKy2PvXBlf=ftsQ!K zm=1ndul9FMKk!mdxg4?~>m`~!Z~;G~LKG%_buA_oYFjs)X_*ca*4)5%Pr*vnU9im*BbZ3Y0sl+#DnZU`SI@ zX66W47^UqOLeI=5RJ*Rt;qwxS_)O2wq(XS zB&4{xeM~$fB^L~DfK*hm5mwuqC0>~cMp6;;nTf@^^89%t%z!sZ>^_cd&=7_!-By5B zLm;#EQ|#Z3ee zg3R3!4PM~^vk#O(L)6SM>`uoE0e$tpGHcDRukFh$s++}L@oB-x>4Ih%OFU3q^xd?M znJPu21=4X!G+j!V=9vp26-jBd;F-e@%p9~aZf0wv9oT^(_Sd}>HZ_OWuMAqNciP#8 z0|#CEeO0B*5D8c~RMUVp!Mok9w^v#v=c#kK@yz46%=|!ea!>Bqy2xo#b{2H0V=yOW zrkAy$qED>ASU+3y z5DQ~zmhhe7Rb|#KY=jjj#J&0c`?ul6q@Gs4Y1`_1Q6%v_kGp3G!H?uXH+0x_BmzvE zg9={msqX##J&(gzvFD&cWA(MQ`l4Q2q8FF&m}N>|@RqLkg0lz$c5*Uy3z_71P!wxFq1OLcAy z*)|n&WiY$0(hlPz$GRO{7<8?4m{zJ1dL zIlVf6X@C?nsTkdg&kwBm-d@zbs#;x2)``PNET~sMPT>2i!T#$MRj!-sug5HBSq#;$ zymN+Yvi0(ts!i{|%I;HJKdQzgJ+*rwl2{VTu_#gjEOfzHMoD(zP}FqPtA4TQB?XB_(%Pi}RSglLS*i=nScFrE2ja9*zn~pNVTqZ0udT;%?AhDS$Dw*oD<_;k< zUXyyjKE*L#fwPbS0Exw3CF9SG6rR=IoQc9NR5yWM*peqUgc#eeR(4zQ(2VHYZ_i(b zYZ=vVtRN2mt}h3kw9e^)laK#Y`l>qs-n&y|+S+cGy?1mTvC8QFlFQp|Z|hov^?Uo} z=@~Jf)|J}&6>e>Qm<_tSPK|$ezdSu#8TN{@dy*tp8`6@u#RxFBdcbnPz1K2J!LYEE zH`;g-N$y}M=eKOag%?7ww~Ar&h*b{Zn9JJ_&_2Jau-XC@UWJ*ZD9OD65D!p>uX+B0 zoMo~sSXGc{wHqzR?nE^PlzI8$0c`mXb{t43sm*DjK+oRQv2YDqD(robZF?@xXEqJ0 z9)Q86YoLm1045i@_pe-m6mk@^yCWIXXCoM%&4#Yeg-Y_IuRi@1PkBO%WLYbTUA3Vp zmF)}y1CO7O15rS)5zR=#EW($$-Ak0ed%X7#c*J(=2+HGK%0}3l$IfeYH(pk3j%S+3 zOvtx}I~lf*J01hW!8bmXRS&w@dovuZn1Hr6^N@Ad+y}PO-6p7hT@6p-#&RH6mn;`s zOMlqRiaUcV{eh4iYNAp_DAK2>OsLlD&}k7UsF@yC#ItL^)Q^|AYHSK_3?oCoJ8XTf z=ps}Apcy&OxT-2}V-8y)G7}}GTQwe#Iadab89UKm+tymUtLh9ubyzp@t&~7pF?DAu zpsQ$W(U{P^TYcWo23^H|TS7w=Sar{ox}Qv*PJsD7ojkQ-SK`bbC69QuiCwQw5~SghMKYrVC>B-S>xqFB3+ z4Lm?rsVbXQp{`L~*Lt^cs~X$}=B-AiYszy;i@0SN?2+r~=<@93<(sof+ICbz2qw$o zT=1+Lp<@WabPd`=Za?sfgc*1)Z*i5#MIz?IYe)}RrQc)p{g{rs3z7vYc51OZolY(6 zYE?_(^cmHY2KfQ4%7aS9YfFVz1E2!7I$Bi#EN4Z^G3#vK;_}{Be_Kh}-OYAcnyNMw z?OsB!DegtbwFupK+fJR#=LH+P@-j1?Kq^rsXLwY9onZs%+crlD|=nhA`whmdjbMJh$Ra!K5RiSc}nM7hf+c# zHBy<8Z%)r$jW6FMfbWWe&_eMUjnpB@OQ`z*sP~3(np@N2OKu&=b*+MX!K6s;bjzx$ zGGFG#361H5rclU5nIsn?;nC7TsiR3F)(hX--CU4mtE9zs&^hfY>S??E?8KjX?f<}Vq?Q7f8Gd@0B zX%_1lm=n-7*z?(2p)T;f`j~OFEiKbT%TY_)gWkHB%iFDn=`<*RnL`d26r(H0l>t?JoDw_-M1DWz&0eufC(yr~o!cFv@v^By9wT5bYY+oYjeB4cyR zZ5T^o(+;b&LU*=`GSdqC3N#)8d*_-nTz6&g0wHqWq!QY~4m>vFTk~zMl1T^>>z=7c zXW``8$w6&X1Flg?BL|SfSZ(ePfBbQB=UegN=bDusLeXkg%xy)3lxBR!q~7VJJ{HC{ z2W3m{^?^XY{K^zM=+^a$#n0QBN@Y4I#GxsioQ>H#7L^L_19*zbK_>KP9p195a*84q zG`%uJTX{!$JJGvBvYhG$JNmp{*s2fEmSj;`aJAHgioH{lnFR3vQ%KP_OlLvCSc9>E zc<`%(sSnFG2I<@}w_OQdX4Er7RrC?5&Y_%;3n3-f+vK26dV(}R05+_E6maznDWhxc6B>!dG#0MeDyHY!^#aLO7}v2 z!4~w6HPYK$#FGYc1xK*EQ7!Mf7;XpEAtg%zOQ40eH?gSck|aVvo_Lv)OvFqd9`LWz zM2^VSiFq;ixRo26XMV{2zcs)8>nCyV6V1&W2PuLv;FV&3C3Bu8) z25-uStcU_oTZ_H~%vF}Dm;YWAw~3&!2Mr=g!fzRQ$?`-j4MGrrBoutqYu$C@CGCb^ctMk8mwTlz;y*nah@qw%xJ_` zlFdh8y}*9CeW$a>znQ=lC`*}q_Tq0|6z6AEWp}ie_!39PqHdc<=&t+}PILHA*-E?( zPWAtmG{Gh6TjH=G)t0z>bS90>{9{*#s=mi&%5Fn3;{*r<>N%NN2UXBa>YWUi^PifL zKP3k$$~$9RcMge?l$kGc;2f@TV_!Q+l&&G|I1(1_z|KM*OmlAg{OMi5cjPsf3Uk5n zWk^0mC<-lsU1)ig=l`H_T)aSTYK@vjceoJxFq+OSNxb) z{F}}zwpda~^mpcI_u2%s#C86HtmWdvXDvJNx$~desLWW48m-^?3%RKkri(U(ZmORt z(+9Xy;nuu-d-adkCtsYshLtu+H~OydY$L16Uhib@K4;s<17|Cdz!`b_>S|yR@U9kY zRgcYPZ7cI$BBQ)gWi@kxUN9(p-zj|WaW%*X8Cj~A1()iBi7DOna`%gu#Sjp(UeKSy z!zk0Y5@}$e`IF{MOiD`;e=TQntJtuync}8wC~raw-c4=vJ4X$GP(IIO|sB{rLWrcR$5AgTi7Mr|x zUhw@MbpGAw`~AemotlkF%0eiS?G_WIsm(eOxqvrLs~QZ|k-_9}=Yd=aQ8hlt(CAb@ zr|Y6=RNd)ajT6}ukkKP}=6l2W&f@`)Ncv^FuIDd}jBPQEq&a1zI@;Z0di~h%T{MZ$ zUv5k&M4|3Qu_GwpdTT2=KjynNu(KV~f_nFZu#Z;9u2-(L(-z>Pck#rwGKoZ5E1R@n z$k

&foAk4#JMtRwEhDscP?(OVaMSdk?he3TTnH$6Yk(Ln28JPm1;?*#$2ZNt|HLXU4HZ4zKO0K&Blbc5dQ?~5kzy{+vv~3!uCm`cSU4=>3ka(*skF~ zpj}FH6FV4-`|O?;F*&(t3-}4b>cE58SJY?_T1V9+5L|_&t{9neC2J+{JkyQlATI6! zLfflKPJwb!Mnt4&VmvHUrtTTb$no(pn#GSl{q$3aL?tncc)I=~y!Gd2&$_$&uah^g z35`JO!U_b~E9{BiupE*9bM?*Js;E`{TQ~}CS$eb>lfJ+qsiZPCQ?+mb{1m)hUQ&l4 z06j5KfV9l#3s^#)!7)pCWKdDi^^PH9*a9xyAeNpNa?yp8Ryu#b*S}*8HHa-!s;YAUXcyewqwp~?k-{1-a^dx3Yo!MkC zoI)Vy(PP|+1%R482&Ay->I!3PPg>kIH0jMe}W;A7x zC4oZ<=w_wtjO6o-6=>*#BsP-JDN9Tzq6ixL*Eauz6`Dv%Lg#ZRw0y@*<{$sLDs;18 z^5T&rx-BofA@7S?Ge;r_$_3Pu( zKUK6aY^Hv+2|;axhE^IkiF({#8y7#z)I`f9J6AeeHCt zHiNhsM&bx=lB}GDS{?TF%IpK$9bCgbNMNZyn-=LOkSX3ibAv%*zd_(dTNlJi_>|l- zLxHsZVJqP4mj?}`V37BRDU56h4PqbRE4Rrx#OIcES~!}X+N$djTWJ^8Q-3gc4Tyy< zv`dbavn5et$Rd!T1!(=p?%-C-G4K%j{nkydw`}=T;@Qx*d%<(8FrjIk)+h!a5PZIa z41C)qvg`9~MBWOe|8oZQqu~g?6imJq3O;$TJ-}%_^bQ!UoI?x~1WSWV=v9W7u8@%1 zEiTD9Ac^AAZFJmShPdw1YBrGUZ=y=q`!qWwirNP4uzS-rSO@SMK$FQ68nM^{XHdO5 zRIzzSC}!J}vSJPfjHm~+Y5f_@An@7vIEDt$H$58$)vrGx6`)t2v8Eq`-nVCLz>fk0 zd7FMTY(aOjlprs?)+}nk2^wCdul{Uw@-`=D-W*YcNolT0+5c!s1#bKQlAQ8FPRNPH zNAbTidY0GBpw4p$ar~*|cQi5S;96xz%osh6Rhe}}?iWI$*yCdNpWL$LlTn}^Zy%pT zJ~_{xRK~^{k#j;EgbzM}@1CrSxtj>DgKxv&A8Zy8Up*md9r$dghT4;EnbgN z2iLX5z|KIY^z=`t7VInBVLLbQf?7m`eJ-PB`bEh`Bo^6IWlS$VQq?LLN!+l~2R&t& ztA`d0a8WGUmeJ7>uL|sH%KE|epG}>GWX+h)Ozuo3fI0x4sNZ3=pgkI^ub$dby9BM_&UlFc!pzH;FN6qX*Ghm{60K!Z znCV`wRkc|kkeST035Rll9^2RTf>rijF*CJ9(Tu(M(Q~=uWrnHQ=#Cs_f*rVJ;WBAw z6!vQGLCg@n;csX@&`aZfS1U(Lr=nCg)gHeOST3kDsDyQW?bvWUK+W0gCSX89Jz!=; z7>yQM6dR*+Tnma;B7CXmixQex$J^=Q~QGilKBRE7do&R>5NZGk2c?duo_P1tg)*z6shWv$Z}n7aY(Jf}-icQ)_nfAS(b} z6M|tYTr#tJZs|kK1m0Fi=D;yoQHVm%gGos^tZ7P%TNXR9XhJUZgsm+hu(!gpD+{mb zmuk^Nc{-UqH3-w|g1ym7I3*(v!S0;mk|Ep&clkPxs zZks9B%+s9hA!eG5G~To)1gUe_0}Xx9752D8)_w+BK zC}>Uhm>iV&K*#|$Fp2VVWEz{KEEUCa*yl|{ial`KPQm#;sY%CBxo z!b35tr+)9Na!O!6bCSwnDNA!017|g=EEoDymfev%TF7CSa|;nP=675UPY|Hl@|!{D zogiB3M%23g>y2WbYa4lG*fZMdMXB;q83r_XE6v5T)o9#>8#%3FaFbdKc@}1Dt)84J z#ft0&`R{|j|LK?U;pYbjKOB$$`s1Gt{yu?!{PFPf!(Z$le>yxoIQZe~H(y>~oc+iT zfB7LR(_8%OmxCYJ*^hyZ93FoD?*j)~lb(5|#-bSGmcD=(!9mU0<=*aISNy!HRTLUG zS3Rh4J@ixb?cLvyD)JaD_82Yp zTa6aOgU}E&HcXqV0>*wz@nTZ%Zp2QaNR*kn7Pl-Q24uy`u+{=p8(XzHgjgBCF0tO+ zenZJ<8FQ`O@6!rl`|wM(W-*JaFAS+udcqTOLJAh~oErcFik}B|2FKF?7BBUoWy#FZ z9S3AwcuKWl_bY=5(+)c+Vvxav{njCI$Pal|aqRuKj-esGRT)y(ySgqd5;L z{o_VFj0mxJIY$)rD;9|?-mAT8t+Psk1cw`f**HALJDTuVGb4#v+=*uMX?l>r($butStORk4I3 zHp1@+XUJ#%ACib9wp9!Na;#P32(MqTrBMPNqwXuwqQ2%B?Oilu6& zx_en%1@9=5Fe(*!c1%*9l`1s1-&4On`FOzX30J%}L<0!EF}|7w|8}~TF;ik`zg%!6 zroQH7ILc6J2PV+pRDOEki+e20+&hAwN-?G&_nb~w6Ne0U*$1Ok0{uj zOI7S}QLw%GtucT}q9AFRD4r+P0$ti47@pp(9afSk_52VN3-e(0VQ|qMxPDlsptb-6 z%d?yo)a^hd(v-63Zs_P7`5pkbkbv{Ps z{ElU-XVb{^U(o25W!*aJx6-a%yv%57$~5PNxa0cxvUsI!IWmR|L{GMe>L}rDyI7^% zUHwqq);4rXqMxMTcM-Efscv)IIo@@az*?K-ohvfs?gp?W=a@zW&_vUoZgZinSF&N*~D{$M()%rrGM$s!F6w|O0Hyx*@n8tM)cS&O*$rpfT_L6~mvJWBQ@{5-}0)igd z2Esw3!H>P8X`V1Sx%~^6{LHmJDyH$#<=M&0H)oTyjbwair3h;U(Qzl1q9peeksJfc z6khZE1v$%PS(x89b)!k$PAY`q%D;Gk(uG^sIxePNd?Sd`@s!SYb`YR3XAgmki68ZY zoo#vve!md+Vbi6EWb9^U&CgkBI8OFJ1e4O+e1Dbi6k+_WWPPdP{DBV*NJK>8CE)WS+ zV|;B-#?YV|ZMH!W06p(GE!Bc$ibv=aFoC^387Jp6)aK$IXQjAfMZsexNe~_PtvNh- z&)X8}^a}}e2oG@>YO>xetl{AT8Xhc^VbdUn_Z7Y{h$Z&g(KmD1_nSt{v88d^X^0tY zL#Z)E_+$`MgzFTvo|cs3DBVYcc1xG@w3UxbC!D#DA2(ALZ}gxcn_;a+c9)(jA~vkB)Ue zA+HiTCk*~Lin-MPC0AFk!CzfwMt$#G1=w)I!5sJi(#`G38M2BuJxOZrW?nCNc2RkV zcSQrMQ4pTRwwAJo^J(4yQb=9?CPtf1nI2Yj>y3+uVs)s&!p?x-1)WYa^ow4@rhk5_ z-&je(GJq?y67U_BQbe5gRb+8FIF%SeVh|s;pB)IG;S)pIwn6%_J8a(QsqgGbJ3O;% zv-M=~T=l`p3_00Vi>q^Xr`R~~os-^XHJkm$_2`j&DC*npG}s;I(%lt+huFKT-^lE( z-#cli{f(~q_UqD}hzY@}G|FA|s3-i)`22zJ8QIp z-F}Aa@U&xl;6dlr`mJd$P*;AKtm9o}8F$+dY8l8i_2~GMk3a5VUA%xgaU6ep8S4mTDZDS{xS9-s?9V6v_awB=$@s z&u}9T0Wz{TXpw+Ofq^h0f$$*V34B3NAiDwp8Ia2n2KF&L;pHKKJ>CnP$NK~E*c)`m zLjZQ{8Kz?xILDC8u&}JK;TL3&pc`94ZR`wSV;8U*!K5rKC9NMgBOqbz{pX;C0S*j= z8K?jRdL+WZ)o6w|Dt2khs9J2a-&oi|TQK9P^r~Daq3P#d!*_LbX;3I>1}G?9}gY1aCQjC^dRSgI6D^B#ouN2l(iQ};LS)O`q7&!S9e zHr6x{yuP(qpA|koAtay*9V{*wbs^Qf%=k|wt86Sz+}fcd4BFfM5}{PMLK`Eome^OW-*ddEfClhk#EJn4z~8OR(< zQ9A!YDfOh>iplkT>1_UO^+Pat#KIa@$Lt-KYJGj|me@i$dlu{OWUi_0cby5^p(nl8 zSY5ooyMnL!gnI*fgg^)+rO|?Cff>c$)jF?9`4e)IBvpKubfJS*>aP!6FIsDt`d}0+ z2GUy6l!=t(o7QT}3XnFo}cnAyr&hkX* z!dLX?|;?1ExEMUz$f7uZ6;8-hm@OFEAgOw#1Br>f1au3U} z0|*DpnfnS>Ho#L{tio_%Fp9P`NPmDzHR{cHMOP1F*o%fQI@@eF zY~Hi!dN=h-!C)-J)xT#`1i{H-lJJa?SwiO!MVFz?SQDRA|@pR=dvpulp zpGtBw9^bR+WX{w$s%CKmtJHjb`n@21o)4{6VTJO5)v|l})%EoS$!S4TrdWYoTJLQa z)MY>aTre85uB`XkSYDeV+2&Vxsf|a8#xb%S7%1+A>@q-xSrbeg!4-?jf~zGG#sOaF zUV{P1xL7h?cQm#=jSUUPxel2aKHp}NDb01K3C(W1-wxD#^$U@@E@&pTC}BsskJY$> zuEwq}w=55`9)w&Zj7mmQdaEU;!h>=tr3tJ{) z?2aY+)=X0IGfxsa5ykw7W#ezJ&?xggn;z*FkG{eidepj)yEu>U%$?C9Gln1xi4O@r zi~l*ccT;yXHa+d?Ad(XZGhlIrVwMS+@!4#DyV5+P&hA)Nc7{`HF{8(nIwo($m7ds6 z_WqUTM0?$J=wZ*>jb^i$Wf--l@3JWPye~g_yUnjnZ2!Cdl4X6~_$$4aFz=n5jsLv5 zsxlJyb2$F<>T2v|JyxfKCds~-(l&cuAMf_79AE|4!+jno*>$cw<}AUzJ9=&n858nW zD8rY{H(a6tx-xYDkG_80$>6@%n#lF*E0la=0#M%kSSxj@41 zB7RsBlW0M+Ig=woNgp*25Q&m}gRl(HBlCO{o9 zgwd2@ZqtiaG@zDtjb3C%xLJX>;^^J%X9k{HuVVKI$)j0HT z`3zFjoB_433PG?2G~@F(v=gv-eR%jA8(*dmxGkJvUCjM3=ZY3{))zOq&+y#qDlQkR z?d~)zH>}FhkP1h`BNR8SZ1j*-jUKR~(dN~R-d`o70VgiJf>A^L@_HO$b;Yq3QNR*y zQmrVwQqitrLxZanY+C6kqLJQI`%*$bODpr zD|N>T%ofASF8ZTqljo2Y36!NP&GAd&!i?&T)56A5o!n8LfK6fjjaWow%Cc_k3bS!@ z;a;aWdrN!fBB9wF>@xZ7{3t4xxe`Yzkw?GJZ|CDk0Qu~YntHPx2UuykvQwgjvrPRX zqMIn5rzdNAC${H*+%bn0uviB#^{BS`&!gJ9{yfS}D_uRxP4GObt&eK!quTmNejmwi zU(b(f>#v6PhN!I|cAu1L(H)H*e$}r)3MV;6p?RWxU1*;m&WaM`)C~c{hk3XA`xPK# zK=6a2JOSjbss+&>*b$&=oz_-mD@7PuIz8EkX<${0;z^q-wV}e)Wg@WZ-9!=fX`OEjN|KGCZzRX=(sCo!9*DYHjTiNamyJiB{VqLtgO?;<5_+F`YPZI40 z(rlny(J#e@O0dJE*G(kXhmu+!NMhYgT75r~YT#)KlTe3CryzUw-;of>G_+K9pG4X% zjRr}gn@FK4efJ$2xLZ0FY_)<(#7+`BW01EjZR<#lJHmHKw@sa#!LZ*R)_832q^=LJRjCP~ zRHt@~K6U{nEqmiA7(&W7!Ol0+uSzW$t<0hz*9)2nd08f`a4k1o|2`=`p%U}vU;@`X z5Y1uzXEvu<@k)%y34%`l-Z4Qf@8VX52dyOEte_nE|ZW7MJ6jwH8+o_#|bD##GVC zyn4shhVP#}xu*cIN~TnE!ZH`x1k7*Ts1_r_XXK`-mzyr7#ic-#XU|aq(u2L3;NhB7 zH06gMC+o|mne%Z90AKfN#p=C5zHIcv#rmgFgXRlc{SBn?q*`}jY9d_$F3tCoiOw|FI zGEEr@){OzV{Xn~c7S;)N<7*9aiv6ku-eyCnh9=}$t?=ElWy3*e>AelSHl_K>yE)bJ z@g{QAWkvC<3PQ6bp^>UU!x<^Fm=(!V?=&*$*er=`F?-;t$XTK9Gm9t0AVMZgG1s^& zM&Mp+S>a~EzSyDon2BtxSdsD!U2XvifblMsnH`=+kX9D- z&ceV+O+%eoMf369twl459x_9+>?2PQIdhga&2^&~_6iJ0 zfKn=2{M+%?eXUOJSMvPcSqTezKS4`jDOq7am%wP)a7G$GyE~qI`q#;GTc^M29euWr z%<19Td=iO*39YE6|5!a%zZ;LozoR*~E(1by&fY1OL0ZD(_AlV_x_kD!Tb{))$Z08+ zNG}bgg&c9v0Dfn6YE5owmI;gkm zcou8r_G9}U%VPacVj!vtktD1b&sjFn!uqu2Nz4iuqn*Ls@#NVjlRv{x?21gPRjR#< zYxz6lrX~LBG_K$8G#AiwoEM_ZUy$aP3^gDv!zb`7JSS=pdhq=HKNLUaC-Uj(D)uD zS%`abQ`s_a08hsI;AGA+bpvQ=GAd}!NXk^fBMIREgyPm|u}{l+zBG1{ifnFhsMLaI zb2%bhIVfUb%Z&K))*oReC@~7#;T@+aZ8#;M)(`%s3JuY!y!Z3^t0(nHC=YhNp{U0n z$u)?r2xtq_hH^YpmO!;Z@6~`Mv?`~Grl@U~{SJ|dak9FV3e~w`>dn?;kNOPo@aXeq zr0Up%sxW7k#pZ~*U;<}q#B~%iD74k6ouKPc+A^cygekzCB<30a*|qI}K7ea0kkO0G z*2IE}P%AB`bV&*Zib9!r?IA=`yUWRUGFh5jd6qWxCOLVzL1bT3CxMK;Q;;oP)UH{! zcGVeuc zX?dKWG9mr1WsB6j_P7X3n2g5AwP=ePPP*nh2u9qI{GBIGhAU`mJXByMEY{Q`@#-E$ zCNt$d@bw+W+L%uX?!ww42XQEsqZ}8CP6Enlbwged>DqUgq)n|Vqt?Hry27wTXiXzo zl+s&4D=1_*Qm2eB+OrD0M@XERI-RS_!`-x1cTIlyuCrx$-X9KK$sjD3)%WNoVS)e3 zA{HDr-gA}n(G%cuBr}yS56ZTgk6WQ0MF;&2KJn->tI8IMoFzjvDyI9~N|Uy3+%;fZ z;8vR3FD_bYN{@)#>_nkYh!$hU8tX7X=eV3z_(NOsI&;Y^<0b%O^uyDOn<`r_*Tr5# z1Wf#ctPpRC$cOkky{~(plOau{dO;Ak{tqEy3Jhm4AiON-SfedY0RHx&hY44=oC(j9 z5AOTp^_Rx~Pm^^FucSBEC-(PSNkBl2kK4mUN{{A`{qw{S{?F&_11;Q-SE!PMaDt(D z!3Je)G7VIo;G*INZ!esw`2EGsh9fo40vGgAtAAPjD3SkilxW&fW9)AeUF0pG*j@Go zo)J3dd4Uw1)^rTXh*ZT|q$Jz3H!S7s?Jz6*#CGnf$J93Y)_Xgx=~a`7J9^gF+VJvL zP=yV1%Tis_5Awo_dg7)dqZ}MFXIbEOuRo)J+@q7fJ`Muv<{+8n3#&I(s@b9#ns#fD zikBeth!pZT1mmc(Io}tu#!A-qDvuywZMd+W85duTAYbG;{Pv~!q^h!}%!e__U=;8& zEFN(R8v>SC{)QW0abqin9z^;K<$h~=uMbz+{JxmNgtf?Hrz?wz@973}-@_V3vMx0l zhU}kZ<>^*2sSc^nb;@XC3DW#*{U+26;i4lpc%+O;(!*n$Yt|f`z8>BVvs-GX%xjI| z`;?$j2h@V}=D3G_e-s0O9COP&dlPgXN&QO+g*S0XOVhexENeA5B_f67aD8_C5h5d| z0ieM4jy=u&1DT9db(dYf6krJBdin<|^=|XCNVK{%js7Ph#OrOaNqfAB+vH*xoG(tT zSdjEbRFDYlFLh;5swnt6D$zo3*o%GB6{S@04z&bziz4}ASL4)7kCT76%Y$Bx#j4c( z?EM*RcWBk=N2T_u0`2NW&Ua8K+a<@rFzEAkYd4~KKhg*ZV1%qPa2R(z| z7(~*|l$2V6&&`=O%Ed>}O4CzYO1Lsq@Clpj`o?#;Y_)nv0s0jEXOowk+>4w*daGEM zQ$NR(I7hI7=+z;>xK9%H1i|G@@Xgj-i4TbBD9N^T-w}&JD?q1YN5#yVi4;unu929%5`wNeA>qcqdl7RJQ5+gIMTJtD8?hkj zM|*xt2FALvs*pEi^Vi+G_b_PADAy&EO`AW9^Jp$xNvZ5Mz5epMg#S+Os6jOZD_8(m zF`TSyOCVn3{7cDDBnFf?b$MEQwXdf5j~?#d%<#7%d&XU;0bq6>=gWz3(0tj+kJs%B z?-v8l=jU!O*|E=Wvy}J$@A(8eD)$zEE?f!*a*=jDouhCzhXgF)=V^7f&ycgU+&OYb z*=275<+AihZw&{g-w{oGD$gU83`zm?R2d%`rXgW!@odi2ldLWa`l`&7D@e^U5={u8 zKW?OU+pJB?))awmhEt^9EzQ}z?HbTfCQZ+P6?$F}r8kY~I9?Oo%CYpB*r4E|w7Kz{ zl4XZ+xa+W~&enn1gAdDs7qOPcHqu&W>6C5DrY^ZGHEHXbQUU`w8<(bYrjBtjx+k=B zqQy?O5z)*1_+dZ*Vb5S9jepSP=;$U5(yppc>L#5hkUYEj^+KK#mT@vyap2gHfmj#8 zSsGW)5470P4R>*#pp7c~m#G|B0QpbEwSNcZ($5eDEQWO$PyBo0dgFg6B5hWMegZJc z8_Uk=aa25m7KT=KoGaE^v~$*Uw7|&UAE~$pt`zlAodlkMcSO>Pdk;1fB zwXqCfWtKT8udVZc()TGO4w*j2D+(7W+m|bMO{5s@DO8mE9Sym4&NsNu!WOE!fya$_ zA)@~!T6yP2w9GxzgIRaIV)#$zzm(qvm;}s#P;L_d76;zcqDvU>xu|Yn)6axcO zIz6gJfPKMFV-xU!iWYoyo|+_fFy!I*vOiZ(9VFY;`jSL48dZMy5bZxZjV8PYNeW?& zJUIST1$cvXXa&s4SpQI=9?w7hfx&dSdy^-6=raLySyJfJAG$1jCZvI5mjQhs^eG6# z^CODw=;8p37}KKY$d=#b72gh4d^y{$J-yh>Sa9WmRV^@0PC4)`I^0*8ZY$%{uKB8V zYR2hXmJ_Fc+i?`2HBaG$!RGw^P#SupB{hi;Y@1z$wdJyFQyojGRg947QL(6aokQvQ zNG9oNBHqIl!^m(pPdtUkB^i)R11a+|<`O9xk7_i0xNgfYu(BaACkVSJ-hYN6bLvbn zh%ZlH-e)}dj96b)Pk5lDkZ9E=p{2N*QPq^!EBw36Pt#bGw~3U~*l0hgGmn=NnmN1`|o1N!HF9p*ocSX6|TNu8(ci zhIX;HJ$|CQd}up;O1687e%iP`JMr;Gb|R!d1-ckgXx2SH4qBJ@(*;Vytw@E^bjk3i z9t_vAyF%cHkHr~`7z+;^NIE3-xQn3rgUlJRsOF3wCJu~*6-HOOY1sq~IaVbmiBzH6qn@l(C4)1K7>k;>imY5>X3bhl<;u$7#`!ch-CMbzu&vo z>V0-cuC{Cbb`bVwfa+hOQOUgLn*^twNE2w}5AK#@yox0x%hj@bgy7d#kiSaJOtrX8 zhlh$A+vDj(c)Yaq*)i(d3hx!#7jU=%8OIEpUZ{1Q{GE!9zvE+XVn#zKsX`7c=y@GEm|$&S+L7-`nb1 z0)^>>X0sdv%>@Lv7<4AnKNEyMLOv0kICja6m7>&Oy!qs&@Dbcn0XLC&YyH=d^S-HR zDCmq=Kc#n+FukH)7lI%#jTP>%9jOJSnslE&PbomzTa=I#Ybxb`rKAC#xuFzbr^(z6 zo&FOq?FytgEO<42TDZvDVI0Dh|q=bu(rikgq#!aIIGjJ^JR9f&-{9Ng*r z+#TR;FsXfjc$j`rPW}P+oA=k-}f zi61el@0C~=JrafA%vuoc6z%C{ct}a9B$VT6b&B$1pW&79t||?Wo`9F zw^vYc9Bm{0I3mbUb}Ljv(~vrr^0src|@aMMZlTJhn;H&1iLiuapoe+{DA*72~3&Z!gi76!BdF(ZgIN5pdi-b_vmd}=!DkSX1D;LbuU_tH`e6#%{=y`-l;UJ z&OLvgr!fkTL)D8E6m1p)7c0cyl zAd0VJY8PelMd&XM%;qy+WiHP)bH%pG$_g6M$`1Vy6xP5X12kVW25y#?r^j16Z&$7f zD}$X}sLS3MqE`dU)mAR+ZOw zR|~2-BVTEHdRIg|gE2ivpglKc_7v&iC(z}rcY`~O7Yi%84h@tM4jQ-eg|%tZ?_2kK z`O5jH*E8Os>wV`R$Egg%QOKaN>~JcBxOXVqWM>blV9wmwcCV>qRNi?&>KZY@nDZJp z+@&3nrxdR8o|yBSa>-hgYUeo2#tbc3^;G{x)%o9%9H z&MxOR;+uq(Yq3aB+^=$kv;Riq#yt%w!mbtGTyZlzA=Iu9br6>c8Ei=K7fbY)^Tl$i z+j2;y5`n9;eT@tqvHra25F#knT;i$wyMIjmJ55vP;h| zzhovoSiqXrL7<`MuV0~krAf8Xo`bpi4izXFI5u1Wj;IwuJr+E`w` zfd6o~=2S2`+UjlYoP6iSc&NONWuU3RdeR>*=%M1@663AU2kB?UxfSm9>X*KEbG)9P z&CNZ=czIK5FQNl{eIm(RYwdwg&2i`ey9U~Y3#bW+s|{tXZ_jzu#%8<3z(*~F@n5V| zORpY9L^KU3z6^)P^7w}mW^`j2pFHY(1dJGwN`p}Qs&hBknV*A@(H+YVpQBhqqu;_# zym=lC5Uw^LDWP01ZXaD?*Rc!2gG17y8U_;ET%LyZhzdCG)A0@0`x*w4@e4-~8cM_k zZi-Ri!_%b4hM>xf;s_z%XAdFQPx0UoR>#)Cp>8iIuRKR5XpV}W1x3c{hL#`;42v-w zO3%aGId}inVAp+(dx1}BbTO^$Y|)o$XzE%H52OT^Xk`HVU6|@LH*U}`K_^~&TZwD^ z2SfydDb-{22oTY|OJvAH^ClX3tRsWGq@<7pbLx-;a;-c4U(52_KVPVV`F|0YBoM;- zlm1jkW+PTd{zZgM2LBV*DoaIS?`${KfY;m2DE`mg*dcvAGSi6<(zG-s^Pq=i#gh55 zzh`dD8P5}WOjlycZJ+cw@U?0R5qs4i7z+~4vd_=z zkAfA)xzppOC(LGo$;kKwH?ZG`zFaXwO>?vliUi%|DgN#pFp>x(K+<~13QW7pz5EuR zF&B*nrb2uHdw_|S!Ema`M({^5M_{jgpfu{TpR?nTVAg2yGM=K-0-z$#CHoq#+T393 z5z!#uQo0TicPCRKW6$#<@;I5hg^C1-TN7tZy$0^xq3eZ8lB5IHv3r2ke{QKQvc?iy zC20cgVg3L@vs2sWn@Xw%!>}(#by9FJw6o50C#mccWiWIt(nR!R+NiolmIGb%otF+) zwPnSyG6uc-634-#sA;oQru{kx8Kb=9aDukm^$NTw}R)>p&j?@A_O#8TAmCED3@o7qMMtjsH)slCI zX386OI=|sM(F`gXG{j}jg9pbFJufJke2L4y7ZG!$oJTiTDRFX*Q~z))^_c#xI+1={ zVR<8Q^36X2%6l)zzPTip!d9sWm54QSzt8(axnymF;^1q;XM9Z~@GLMoY9PWb*YF*% ziwJ`X$q!~vqRp=x}Sqvv_VWY)S3G~F{lBg=T{hsD4D_U&oL~M4n z*}s)@AQDT5|Ie-JelSW*o2|lJVQWN`rryBzvatn8Kx>L@CJn zDBU9(2+AJy^jCOC_AT2$b0w=2Tfkn-Xfh16>W8i@VjUWFJ`<{B<-Z9!%TOoUt%6DP zZ9&BTcM$~&J}V6AN(pFVQ~=`hHI)ZuA4ME{0iUi3?(OA*RIN6+EUkxJw_k>!dHd6lMJua^lb9ZOWuU zXEUPU0g#ZJLfsB_FW8n6mg&;0OEMG@K~Q)E2a%IdQH0D;GYo87?vPHljF+`7(Dl9PB^q3vux)hpOgm-hspf{>Qh9fK zu3fb>2U1aA{m8OSU}DS{l-|JQa$0j`$*LqSjJti-ZPUJegtSANaJ+ z!M))DFZt4_mw5r5eUHjFXfSTRqp~0*HhdrUq8_TnCS{5xwi>H`X-n|nj*;2DmbJY}!5yJ^0Tc5*o|GK%oJc$nArE}q zkX5{Dg&S8?fl-n|$&W;Al^&cb+u-VtnV09@bVc-n_p{7df3s`AJL6DhMAX97W#Pmm zV{`1y(m=4vZ|*>ZgGkhblgd92n@lu5zEpl7tFlx^Fkx8zXSbFGNfRM$q;-XnvQH@T z61WH;PFNzIuDsDJv!NB|;MP(aDlc{WQH|x(dw{d^>tnmzOW z7^r>M8?CSltjP!ZCtd?yfVsd9o9I|$n?MsyoKA5cs2C(XYI4c<4FQiB< zMg;>1g?a33Vx%(mO0CNcVzR>W7he<(x2H-<$2?Z#nUn*bvorGOQgwoVA0jwq^^bc9 zcRPP%lc5N--q9ZHO$yipJaK9lS1dvCI#Ms5X+0B*fuR#qCNyqAQ=BGX0783 z*uMDci%)PKe08X8Bt>dh^B)Aa8dq>j_5;V+NMr*xfQo4!dg=n!egaVFsc>JE#Z_H4R&*IIO><9IZrO;N|L1Fl2@MmeLxSm-+QvnOcAF%Gz_ z<~`qp5?55qD0DS2K$4S4=XI#{WO1jllGscXTQcT050h%Poldq6XP#x6H=~d5kKcn5 zrs2DKS-jPz_HMbz*VNmy)#$h2I>}eBEQcrf`9roE z_`V#nO)Z+k+QJWEC!|8!pYlkLy^u!}mhc4$MSA;u`)5KW+axKp0i31NJal(qWOKbO+}(`cdBJZd@|&gqT)$3RRl#2qlK0SRVcWl3x9_^E zO+pRXXH1%4jy;wd#Wa39J8*q1=oIJR)M?00wsaXhFUwJYuFNA$n-MvXB$*vqS!sAN zq)GDRVf>ma@iR_aGb8oxN!I+pXrr^n@U|Tjc#BIz7a6?=>+S!74_zRU*RY98^HV4k ze)CSL9Pj%ZADP)E!*}3tfu@o}-XFgc_3x}=$h3H!&|LzS%jJ`645Yd@(!N{htO+8$ zH^aWc#ahw^e^UC1yclZ`){%t~9clWD+Kfmu#v_wA8tDVl<(SabFte;C8JIMtfq+hG z8Lw+EJQ9xy>6GiW)-hiJan9~Fv?~`htr($_JL|1m`6fo_B=`k0L$l5mFjbZ`>V+rW(Ens517gsO0cHZ!`3IStr%hRz}1#& z!n?LZ4v$!wPU>Z0p~V{m6L~@o?;k&7Gqbw6c!?Iy9(yN!qPQ(5Fm)7CHyU}C;7OrL z9LtiNxOy^NUKo#Q1cJ8||8AmIr=FXmt}}ZwQ>^SJysrs19Nbj|7ma6QHW=GtitDt? zO9hKDA7U$}(S|QFG8f0fE|uB zrAPffv})DS@|ATuw5x|8ZTgxDzTzYo_-(s5fZiueg3>MvQnzXkMel|JkLThoP|pZV zM3@ec&_jC@Re!5QTpSglUE2E=f$_2HxPnF1x9p|Pl&kz5dc7V#_v<+ZYvq?KbUhR+9@i^wIU%hnO> zZ``UT%S*%5Kx&rCcit~(ZAwu#zt-v+PnpaLn5Wvp(iq~!#V#q-y2S~#5l5X+R0mAg zG6$`{dZt((9>Az=&aTD2wDQln88Zg2qT-qh$V`51o*N}VTaGQV0qhE=)iO9(6)K*~ zOAQBh=ZoqYH(JjDj+b5_@^M&7AJY|@pSVaHczO=$c}{TC550LE@ZcSM8v0dh?n7=# zeE?+c?|2U3Z@91P6oR>jTOLtvc5Vc;_XocBzLq1cHHLHZ^ege$xVi(TcGaR}EaquT zF_TV>w9kIC<$L@XaVyvv(l+BFItoJtBF9(`J`3pzaxEJ0X1kD{Q>N4R&X{|9(sLXm zj0=oyCZ`F^+Rh|Cxa*C;obxZe;Mr?#<~-eRHd5z@rAyw;ZRzU_C9xL&vLS$f^ee%=B1 zL0*NIgd?DLlhMA-XoMr8gqNHTcj@mf-p-A3Rh0DQSf3%>yfBjGb~9xbpIWs91Gygj zt+lM*su@nrLkrv@I_($-Eo2OdvJz5=fH8$q&=81|-j-|fvP&%L2Gwy|z(6jsb;grN0lP!+fwCldBTow$ z(KMfnavzoA!G;F#Gua#)2R-XH^t$kj;g7=fdcZB~b-&Lz2EVLa(JQ~Ijmm}ADHpDB z5v_$vqOk>SHO55t5yM0(Y{E8$^n)iI)2dZ4`Ub;Rm9C>YMznhFEwjMNYGM(Cj?@^v z7zPT$9o&@FAA+^>n0BvK`ba~Ik@@DcisEUovX)?J4JHeiR%=dvU*xdGxQKTyHWA$W zwZ{ftshBw_|1Jy8P?t>9h6#F4_Y$PUe@RV{{)G2)(}=Gf+=EQ`HP7_ZNb&8gUb|0G z?Cxqlcv)i?2#@uGP&sw%_8HK{>q!zWP}$uspAVb_IX!rj5BOSIywh!@{cSFE=h3oL zH-Bb6dEzF!=qEqwPTyDbA?iBODmu}A6Gb_lXlb4h37!y9o(LhH2!5XE9-in zy#OylKe(D2@PjrxPhBdBH&wS?Eh9-d!7w=d58Id{8_;DQtvH+T*o*QOgA2bLbB?3ZvuFaMUFv#ve_=DTHJt~&BecCfrQ7$WfLpak5z zr9s)fwM249?b!p41SA69N?`r@J+yftE*v5O9iKSl0k8ny0;76Mo2A$o6wghQN7v-U zlipfj1v0DWrH(61AnEkGB@14h{%Gysr(!MS=JtgbA_5Emo?*B=g-_;s2bt(|dueZM zJK?caK^@ZYX;l?d)~2puG>cCpOGnN0wsdhAS@G!D`zgG`TFK-u0lsp9JaGZsUv|hJ z|Ls|jU#f6f0s9>wPv>aon`G`*RdY!6nwrt+c8M-A>JS*gNhu zXRcn3LG*n$qC=8IulIwe@H$cgu7mTr|NVN<*Z2J$v(xqYeE<0-^SPUXClsfBpwn~t zGn)N#s5aKur;?GfA_`(A2Ho{(xx3iKLrtVowb@#GQW{aYr(|@k!3t-CYxcOgKMhOz@)Deq9)iLSZINx}P>2%j`|Bd2D7jw}*h{d5Zwz#3I)@r+{pXRJ0-4m{lTjUBKO#ByX##@w!?9hZOwR`UdHOfy1pdV)8{IRJ(4QnIo70cA?W(smJbCm%xdvIIgi%YRG!H=gj27lg&Q`jXyz0~@1Bp;223tRUtZ zcsz2Qb5S(C26*rrQeyM^I$wHNm|)1;6xdPXG+f?w{vb&?bFdq5AaBpA`z-Db&Q(_3 zz-5}7Jk=&y$*h8?zzjxCaZIKYdWPkEe*T=g_<48{(4C^$#0#!*eZu@P5BX{zNxR`u zr5nF-$k`q0qV#;5iXfTCw9lo}fWR|1v1?zUX-P?z5+HwB>Qj-4i7xiBbV182QiC6%(cVyrfB)v|{61cinI7W~?{iv>)0))tdrUe2ij#3fmi zA#lgk1Gm|QTiWs6`lCJiZUs7@5UL4=-(c{ z&u`(;n_!v&gJ|!E#+3s1h9}QAr%8LAgQhtN9K=(?30w(*syR%qJFzfJ?pi%6CT9G zZ8ZAGE{1-Hx(i#lsO2-B;X{9pBB0R%HWJkIM!`N?X?@gm&gmHIQfO&#ZHz0dcy=Un zH$1mdtah_`F;v^PtFrCuCWLnPwNdxPN^&6Hn5lp;pErW=?{0dFPyA3)JXm`$-r{(+}p+y&a9t=wn+o#=bU4Fu8vY`NqQHS z&4jzR)qm+>kGm#R75Bj?N!Lr#I5%_^Uw0V&8V<}9RQr#7XG43KCu;SlshP74zX*u@UHgd+l>^I|Il1(=jEesI|o4hazKc2dN+}7lVR{7;h zS8QE?HvAA7$CPH2F_uz}Y7pmA=I9^4J#fuV6;p-(_> z>i>r#Z4rL_FN#FuEev6W&_gW?_C4RM=rT^cEvQx2H;1IISLQ2X=`f5*C;tp*Q{sar zm8mY8wIXf8ORQq`msBO27MM%yWWoY~689#lmn{3nxp~Ja4z{4%^`P68u;*33=QY2_ z6(79iqnH&L4N_&@oMsVBAm-#NzC;pLgZQK&r}h1Z&3%yi>f z1enNRA;_H$F=Z)(_^VhelzNLRaKOIJ1()9gf1Yiv95YTIQ#iNm_)lCLu!is7iqs0x z?b=QsQ?my)D1_$lVNefap9aiLij|T$G}*N6fFc2NavzT>b`uBt zpoCy)L=|Fa1Eb=+tDiVqSagfPz7?Pi7=Fn;>Al^Cvl1^wto4&afQo9*#g%OJg+m zecab{67@(Ft165YzI9XmQ#F~d638@pFay<*OySAb2@!pWU_1c64OY8vpdNIh%Y25yg8=~r0(6W0HP?LT4vPdM84 zr?BC6x!M?#=dZC}#*(yldE52_fRD!Ma1$xJT4k#@!FduXyV>NX^4u;_;5SQ`@7yj^ zJci=R-+Mr_6_*CA>{K-GvQPLj$yJ(%Gcd7#{hyXz?c8=1n&74kfVUX6lPF)pG?Xk1 zxV)1nwaWvn_zAA@R>qS$4m8^8xu=sT3G*R57pVr}f5wyQDja=WRjW5iX_6^j21e|U z`c9itG%jzCWe*ewjO53~YgY5cdn$y{M^_%=UnA!Ns(r!@3G3G7N?7{%V5kC{?kIidmDP``-Latr!8(nf9A5Ree{$zuIIv*C5=b#@BGU zxoV&r%6ra6Y^RhxpjM_cBZz1IU0pS9dP9dEfwu-~F}fm758}HKH@(d`3|!}G-=!Iz zCoSGiOrQMe@YHEA#b9$t1(BC+^zOGZHkrsPO=6rzVMh`?cBbgWWI#!j#xKS|OC>E# zZ4FJEa=xUR=%gQWv7BcCpW}N4!M5JZje+E#B+d> zK0k^5=97_uC_UjLD(qHWd>DxShe|KX1U0x`c}h0`17zo`VwaVPp0x#k)V~(w#*Tew z*BEZBqeyWw*kb*(OJv3J>2y|LxFR7&#AJU?@9b>$FBowHfc_$(>$9l`m?=oX`>ZXE zQ%gjLYs%tgy6V79b*AL?*mQ_iopHC-mPS0_J414_ z>s(Ut0;oK6IkFA}Q^^7mxz~AS(bC)UQ_~e1)l;3TcxhIT5t$&&|~TT>4J`jZ1#|hVd*v{~y6ikHTxT%3l8~aFy9@Pp)LMnoSvy*k{ox z0DP7el^w#pD>D`Mvd@|Hr{Q<9kL6ljT%=a6^6U^`-AOUmcl~;x2%?)c@$6#*Qe?NPxXnx3ms$382D$Li8uCmn>XIuvVijDH9qJ)`l!KZc!%;fv=w$~Ggk5G zHhwrz17@jR?r@K|Id=q(i*&5&v|R#kM2}e-VhvL08GF62XEK)%U`5ocAxy%>eB;1x39;s zDHG6fcJucNN5UmU*WpuoKG~LCga7E!XzoVXtI(nf=0F&Xy*g)|kT2?nA-<7wNqyW{om*U#u5V z_vv8I{yw8!n2BDc9-MFdKcrXI?|+lti{^JjhBQxp#_MW;|3!KcKH0mz8Ed8f59!5s zy1)va4x53A00gwjDU@7DHMeB}v?Pjr^LZcZ`QhgKws{A37h1`V|M>*Zws><%CovTF z#`lj{g}~0~Fp(TQ&H-t<;z$wezaR4tE8D|229?oI7Qowru#PT?>B;m4%xN`CV+jZy zcd_H=t-It}OU++S`y52zXOz7ia2H?KsUNG2^Tjl?#($6}NRLhawM%E4S<-UV=KzvH ztbTN{lF_lH%rFs)TQGD$7mZF~SZTtZSp`*Bu4x5$nT(p@#TOKsm;F$oS!md!xWeYQ zN)SFIL`y#^VIY^6Yi`0{SeuE;mF;+~xJI~_As%91nkf18Huf~{sg<$o^EUl#w)<&n z)F2*?N!ve7hWdUfFIa0DS-ocbY@V~;%Ia>}%basvTB$5vPg}!$q{vTrA!96=nVIu-dzgRcfVX4qe6WNG+g7jERv|Y+ zY)AS(Bzw^oV{`1S&e=XMIp=vJfW;(C6Wh!AbM2sDBqj#e#|>oU^VFBD7+Mr60d3ju zr9+;MNKT&27f9{m{Vc=87}i>~n;^V|E3YjAwmRw@YTKYi7#r}~ZMqZ;LKrI`jOhLz-R1Z=F)eY9I{-{ zUAli#tk``lv&q)cR5pQ8hC(Y!<|wo9nzXd12frV*cx9hvZmq8U9~50+hS9EAqvD~i zuZo(M7lM_iWa6JWpGaJyXyvNE^PrxlB!|=hp_lWc zoctI(vH8_KJt6r!16$d~YCCxd2Ehdnd(M>8zhbZj9bkiDMx>9(17p#W z#P8e>=2wuw9g&Q6<40?P2DmFUUv;ETI?x}{jR{-He3EOZ7!5a*R91i;Sj?6Svh_o{ z7B!IoZo*N3Ye02G#)$T_E&9uhZds4AI1Rea7zOwF#VY=#&)#~jdeJC2LJQ_GH3Bm(Kgy3_l9={NvVhciToU-!_s(Eh>7t{*xeqeY zON*M)MOu*3jcLhY$YL#HEgYV$tfWX21yW7nCJOkZVUg7*TzcReQI#{e41RFUb1{1e z`OU8d;VcC5h9=%w^n$H&N@7uS+ks}!l|@O`>H!)Q)pIwPa&`!{PU2<7sJHf4CoEBI z0WSl$%~S&U*6cIKCx(52c?6;HYn|R2<=$6`e1|_N4Nv9e&V7x|g{%-GFkwojS8ftR zEbtkbGj4+!4SyyeSctF0(HjO}ROkk{F{-7PQAL=G(ZwwCun*hD3uUpfk%+|3m`k+7suglJo55CqZojEm%_mp7sM*(Wf%NQ9b4%_3Qj%#BN) z*GukTTbvUzw|?6kc|O=BR6Q_Z@R|9O=m7`(X`sbgZCP#uo2Hh5GDDjNyPtGU9ILA+ z`rz~|FSScj264EEIP{J`I|;!=4PTC!5C80$7-Jtm+U;l~yj%j(Pk-#`apQqG^Yx4j zJa5Bw@xXq4!+81LSb4*AtvsXufO3E{t55J*bNDSea-1+IdmM%2dWJ!dj-{eOiUS^5 zF(ns5U^FC5(=<6kBT%RL!+X3N4mC$_rHw^*QV(S76JNhDih_E|v3NEk)PKIcQAdP- zXIg$=D?=ECz%l;o_yz<4d(tP`Ix3vAUv2J?t=9C zy0TfviqkZ?$Vh0(WE$-`>3AE&6AlR>yw2J(9i(i1$bz0jZLwQ`!9GheFk6z zDI0k5)FXq-;BhYlTpsX*XfFT*VioX&^G2v{dAkSTW$!-dhTZDm<=-9i&2-w%Th3Zb z`iXBOOOde9Cd|2g_nSN z&WSWI1DJG_UM1s6RHX@+ zMYtbW=HM$&dT@M33SAs*a=~_Xw@oRzmJQiJ>?qK}xH7nS@czY%^Y6T7@G_O*HtIe( z)Es4I7#=zUY1a*Imn22E$sN@aJ3cAMtlY3_51Cm9=PVEMv+9 zJ&E)5{wYtIr@Cs8!bm0z`AHREcghHVva z9PfR6ZIZ!>e~@ zH*Ai~0?bel{k6O(@G7)chnt0$Nu9b77YEsxf2|i-XST{~%;~-14w4mz7GA@Q3fb(z z*H*9Va4zb1kN#}6R`5hv7A+7MJgFOcRZHnmSIjEfMU}@hA?s_DwT(6toUxqK*q2bN z*fb=I-S9l>461;GVO8gWd4#6nRR9sXWV=+5?L#&AZMDcpcFGK?+8i|N*;LJsI=9U8 z#aTVd8h%{0WbuSw3X=*6Ulfg!Z6RaSLYZT39^wmblR`goeuWIua+O0^B) zZX_!%4F^++iZcone_OG^vQ7QqV;r?H00k&`=-kur((J=Fp2$qU=_o9&qk zZ!Jc<@I1zMYe@`OTcytEJDp?J;O2M?pK&RY{>04+6B$*oLa2=gOdwE;6S=*Vk+uCQT|H;4TkYO_k+`HvrWe=T z^`&g~Gk1|u60(wYl(i1o1JmR9G_<03=GVW_-sqd(h=!(0s>*mF977&BGE`+NMViv8 zD7tOZB$ZNSqI`n!3<$rx%92dXfcguQODvH~vxbsFK`x^K&`cLg38{J#nc{d%02ms~ z#A=wS>I_bzmYn1iW-)aN*qy}uJ)FU2&);15c@IgEZ3E**>Ue(~;@aZS>$NtUQ8l23J7 z^(hyc)!zzeCz(7QS}s7WlsQzU9auI;=LKJ~Y(6U7mD{$g z93}CKynsJWWID5_q@0z5v5ZwBt*6@3>1XGM-Sn`s0u%N*Ru>-f{}%P%;2QA~-+%|^ zId=OuXa?~Rtqu8fzQj*@wbQ9L(?V~&?tn-YWsWJ|<#|ExX5VJ-am zBX3?JsV-iH)wH9g`ISVb)j0KXmzDEcHuP>YIAWS#|6uaAv`UoGw$& zD$c7Q+tFUB;2p6mSRj62asVq%`)2-vu0DP*%-d!^N)bpAkH(KaEeUn;_ht#4Xtq?m z$pos1867Rua>;(tv${+;lrMu?7z%ub3_Cwg<>AOKVC~?D>{EK(flcoT&K~r_h~C@N z9K#OL)2&{tO9J@DeFsIuQ22oj=4O~gM&sogH<^Q{eA8@O`x)PFT^JH_QGNUr#GF~d zj5|SnXYyZklgD_W@aRr5j5J+-c3h(<(@Z&pP7q~WuDHJS!C*Smz+-^$M7HoUT(;2o z5|xTAx2`5i=?1+<`ht=!nL1@|G9~9wgPXGdnM$yg(DM{?R%NAHD<2oui-*lp=|+cM z^o-EzPCVeM3OIOlnYM|x`$ZSD!Gg@z2m_JDq_E8vb>yhelJ(LLhOv-)#fX72KdrKa zTHRl-jwJ;#ItnIJ&*kn9D9H8_+gxy|x)#cW6$pov9_c;6`uR?mg{6_iPk%G! z_?SH@e6wK4q%XoN+MH(xw`=gSED$)(l{)hB0T<_H%X$;ya@S4!at#g}*7jnX3O|&# zkpPTo=kuns>(bgO64Dh}><*7~eJ_X99j8a*_sk7(wIQTBArROI0_92y#m3=i1pa=a z6;jEi**Y#QpoGgJX;gww!6$MfK061Wl3RdB!zY60`1pH4#Xs7+3k1h&b`Bip%jTcR z4c;)lvktf8>##tO_2vJ?)Hepn7A)P4ZTpOEd*+O7+qP}nwr$(CjWf2bH}~G}$NSM8 zT~*n+E24Tw@624e7NgZccaW7=QA9A}KBi&o`3L-@+b#j-4Fithhg?)=h`!sk9Ur<+ z?_A`|S>_F(7a{X5-e-{y0w;nTXNaIJajdwCS>y#h5NL7Xh+lMrJpM*ry$B$FG36fs zeu>o$kfbEP1SC0y77R*AatdG)BT!2U0xC6GNcDaJmAW|8snVb-JuY)@BT%B>Y02Md zPKhxnw1$A~{U^T!h2&V?ec!R?U3K0hs~mTcq+RYO z7;*|g5|X?kW{JAc-@8v0@)?1=A5Vd*A8$cBfX8Sm^!I~i0MAg$e{b8}7#`xhB9J5$ zO&=18)c?f~gXPES96&kX$k4yY_7FlOf^Gp`Vy^F6Qd=JynJlmEMc zjmgjwH3&BfK)PaeAf1WpTLllig(#|&-MUYu2o7DVU-*GN7YAQwnX*6h;dL-7Cy%@1q$HmPyFffV@q1jd%(6M%H$xf?BE{W9s-1epfl|p{WL6@ zvL;c-e#s8gAn6Z5h!x}Wu+y>k0yq?CM^crA7GzTG+>E$;h=uaR(D|{fCk48m1}3`4 zpQanQW&5H!vgfFX!-TK3jowS>m4yL|Aqu+GH!wi*w5a?E~W-%#O~^ zVw@yV@1DE2LE6^PrN~FrCIXHdWB|;^P~n}+(E$6z=yf63oVx_p8snJ*tks-A50)u& zpSbzmHH}z&EE{>}R=|csaB$7{^j#A}th2_PB!|ZNA#NL(L`z#@+%C;pjevcC z87y~d!RbEHkpvx09Vs>}aVpBju9)di6FH-ZBi2h*5(&oIvU|Ed${eq1QInPoB6n>r zA!gMV?hg98)Mpxn7<`2ZI{3fj=pO*APFg`oLcpAqqT=K){fYs$%o-9iQ6P(SPA?96 z$@J!oMz*etC{)k03D)t1SG%LuIExt0aSncBy*r963=EfSXK>~0K3-`)vXnU&9E{-m zc!KHNVGGa++Y{&`NUY_(&Vf);N(A}{p=R3Ur^#(0#LZ}~CW-21dOpdI%OEQorBA^o z!l6FkbNUO8*5Xv(yt!ZvD|-ORCi-IhM)(P3p+taG5A!X)S-~sW4V7aizcD z*!*O>9#M8$n7ORDV@(#eg$cdHr?2Ns06!q5rS^4!92;8`|DkzMAWwP8T}KRBRc4L2 z?T7{1x2E&I1slMIuw517RT$tR=2WtJ(hdrh{Sk2#G|gQ}Y|29vzw{RZxV~dTlP~=e z)~2=b%`lES*8T{GMk0wiMxM5LO3EU#amk0#)D1@f|S+y=(&FM7d1T2>=~phUXMwsK?;hMz~hb8%wppo-cf7zBtA z%|^{8T7NB{_sLgTITpP5PicrnY$`LhJ!*D`?Rl4p6pMD|j(?=sqF4W;AADJFV{K}p zE!D2NL&l)U38D?+APx~`KZ}ji&Sa}4_H{frKDanuOeC@9uT)F7eWKA;%)<2G zu^Zcx z(~c!QP9wo)x!17bc2`0-`vy&AI|TXwzk2ln*j5!EOE#_lj1WPho?L<7U=Le6K>!a1 z(dpG{T2UAZBBXy4f3WI>xsxIkMx_E^=n=xgGqg4C&%kSB+@nuXRGgApWLO2@bBBQA z1Ewchjmz7lScYMIVeUO9m686M-g_dp*sFDM%xf=uSBpGFdsoO^-T|$%8t$?-DHPpb z{zn#~dkS=CG_sK>Ueb)P=GSQj5hyw$6#p!J z`QP?I;MqU$+&3cZgD0}r4w1!Lmkx++ZK=X;_rtXwh;#0T$-R?zFRX!7@3{c^6u4e4 zqX&;UpEeDQ{ykQoTj(`8vu!ixJ@3c=K(vNwQ-5+^I|^A0XoT=j(Es7A>ouLlv~ZnIKOoR0m@Igc*|<%x33g6t*Jf4?!7VLAsRxx+ zq2_&_c})reYi~}_-epYljV)5fYzC3F>fmIxVyBRJo)Bpb9^dYKNSqL&wpx_l0-4>{)ywUk(Kh3~A;?s7xdX}*R&r&b7 z@ouWJeVI1u>e%CJMCU%DS$MpSdGFBiH_k>KSL3aB5`YT8NR0SvDRh^s>0P3Wy$@Qf zNP7-#sE#50pI^uDBL*^0y(@0aRBe%ovQCvSp(!%~ zY=w;cRs&!O%Vmw0z4w~}2fA7$cR7|S%>fRsruM|8gn}D4VJ}v?F511p6K0JSDa(>t zdo5#u&N-z<_joP(&SnC#{4-(_Hbx4oRYQm1MdPB{pNenuoG;l*%Xj1L0#n7O)lT0b zCnqJ`o5BVe=O&%rOfg-Hx%AnpRI*+D}p#e=(ZSgsEYHMXebpnHvgd`FTpy=i&r=g_B zpmEGwPlaXmr7|6tMlM>`AZDaIL6G4eU9x?DrC=&-aicj!;NpG=-zKfF=38V%Sgc1G&ik8Jr$ivlCn|rQd7+otqKqyhq_WQ?(C}) zz_*VqJxr&TI{CQ;KQ){AM|duuVgTp3CFpDC+CuUaf^I-rkdAHOjkY9V=JA0-F#P8$ z|M^s&k6boIa*>2PojoGRGG#G{yJD4*WLA2Ux~3M`V7U=HC2(PPH)L_#uH-54=>Q4F57kIJm`3 zf`3vkWF#Txq?UH~^Xv0zy>gQOFA%7C693-{VP9F4pzzF2g;;czmFny|2MU@otuyr9 zO8=36-5bD68>ion_7A|;KyhI!a9ph~co&Fq1B?6quWur+Zb(aD3a$WV7e6SUgkx57 z5i&Bnzku5B^ZU!p#uHnYf5?Ct1&D%}PA(XNPv8|5*Fn^#A~ka36;k2bJ@%`vRft+4 zq{>wixF(jxmTa<{uuOA9z*~GR`Py3oz}8J$^53rW{M(w_O4@7-{F>7r7JJ5-0EpxV zh5q_c9PYb^4Wo?GtT(-A|Ua1`1C$CXGTSyoaw4Hm~8FDU-lGwN~gY%9;b6B9DEIqmL1IVnokDdrYQQb!# ztSAIX4@zactHdUlSr|8$E(ZsXbM+Lth*ghb!z?}zc6_~GK5u>+Ulx_WFt;?yzH7Vp z=B4cl5ExBr^T2OQEnd;rz%$MTq*E2nexIjirA97%-TQE2Iz7!sz<=qei|du1Cl`J= zH5!rz_<9*C9b}#sUf3z_X-_mXd$CeVLwNBzBtg~lGDq>u8jQGE(mQ8t7(fwV@h@z! zlRr4_w{n=|_8)$$(aJsHyty%0*BB0rFFM2EM3f@$440>D@B&&|mLxHe$agsfqd}fE zbHRU;Z+E2Jhx4xwOc%+i;H*&>|I_J^?Au^9u0XUTm6XDvT{qYO_*wM{&1dDL|6rLE zTu8_krPxq`)Nqqgm!!CS!>>UXoxDNyL^>9jf{hM>=)@q`#ua_EG21JTuRFW)fR; zjjBRfNBE^~d31}YM)1!JOF+$V=K@R_*fUZexktoGUx<&~dC>OIRN~davACQ92#K)h z8x0i&7K3Nb11d9$tMv$(%=~2@prf@d)n=OIv{>zW#e=}>$rO!LS4rxWlHir2?5$d-KQY$*$gZTzO-MzABx-nuL9jmXvF6(&XCImJoKu#zjH zoLJw_**DQs5^Q4_a+s7)Px zxB_glmg3;qgB)f!LPU)@Ce!?^r_7j(8d*TLb!wCKH`_tBLl@yE{0_nog)@n<$c^&i zE{7fW6^4sqnpIa}imC%@imvWxLOEdC?5aO)<7~w+vfvAZMlm7OCn)cCI$GR8GR>EA1Xw z?elE%c8QTD_sliXL4UB1{M%9v^V=35Fc?@&8qTs9#Gh*qK|zBx7EWTq2$K}3FCvst zlQ~Wz0}fe%9S${dp8z$Zn8Sh1KzL9^8OI3_Z3g*6`C)eZn0}8{)3dQrqj@w=9Y5bp z7(B;a{}y`4LeC9(A>2mj%87QwM|K34k(RPNe^V)XD_BdsH`?5wi3V#AFP%M36NyFP zZbb|Q0fo^n{92c?s))#DLvO^+T zC^qSJ6plHEf!oG@q+rp|>)Pa6m%qNHnAQMUw!8#3mW->)J)MC1=uF2;to5phpIX-wK&9EXg0PN!Ejb?R)VMfm1P)(ayF9_@VAOx2NQ~D7J*B}TbF;|_I zpiXX$j8__#ob1B5$lWZhwK|pNb?d2w8^c}jr3ZHcqSpoH$HU$Io5qs(3+a~V?fI?v zLC8W@YlRwf@`O>=Ra~P(pV|}bP+axfVn}HW(VsiWZ%e4*Y{TFSaBTf8=~El6?0*_`u%?qu1W9CD~{6k zARgNa;CZ;2F=OMXMHul|pR-^kt)(LR7vphZn@cwMe0f~?&GW~2$#-rO5$BiCrC0Nz zZ&N9Ob(s|Bju&UIMc<>wnDj$fNVRKQVw5X6#)V=#WT>klY%c6fYuM$`!?CBE1WA)c z<;7xfV6 zvTnF*!*(31p3cu6pGIX>|8&8IgT;Nx1Jb%!mtnffpn5>&4rk$>w}NVGy&JA`~y9oTb`0{h}=Is z#-gp2*2RUF0wSwKpbW8wUsIQz5X)Yvr6+4)>Q$<>bd_=lQ~zEE${W5dQ2j+>dQ8@D zudKy_nb=sXqx06rth-!cdyAX!3Hg|_`0`7*!EkepAy1OXf&wOhnYwAx`K`r^wS8~y zk9I6gfiIH?c#Kn2I2K1&`RZ_KhVQ|UfMb9*=jC@sr7xZ|QW~LYJZlf+MNq1027?$4 z9n%|~u_dOj^|xukq%O%$Op7C=Sgo*6RVyOQ&QLM}D4ao75(oupfaW?0O}`!qCov`U zr$Uv@;?7u+Ux^kGEwZx5M@tUu2JzsYDo6;`PwRn+d+$n@2o3oVKou^F=_oDPvd zn(9^%O^v!@P)!Y4$d)EON$CH)Ri^4mUR2?)EdgoY4#7ERMktS}>&7x$36wbq6SCB(nbTln0Au zC%6BfHzw8fq}(082$U?zN!Z7t?o&ha#&G1Nrl|j<@ywC}X}77>)SJgRC_cNW0=Z+< ztMpk?p2QGBQEyof3*CL%Up(CjyIwd zW9~OAJA+V+O5vP0#ckW&tX$SI+Rt0nwd_(!H0@r@m9q~8#Xl;IWZ>We%}TI z@8w5bV6mgP989}M1ck(MTw(i=chXOc&uATWX0kFFwe`br5E7CJBuzk;8cnt_{Uy(+ zh9ss9|KT4fiI<9fw3{8azoPiL+cS2_)J)c$GTm8+0Of{vFmt4BpSQj1#g<$ooK!CVSuNf zh-(`g42oxx)Y3TY(Lny9AGp2q%{lYTNt*e<%DT$6uE~d?c_BtJ1A%=}b6NS4BC|7D za&9S$t1sydV6rpo)1kRp{=)fYm!uOhX)iG;4>eg&yq|Mf*r}kfBmUQ&?5HT0$B7xe zi;3%04f_;)RMMfJrF5JrWo~)6F5GTPs&|7PwIFW$5lvSiGk=5r@YL>RsruOfybAyF z1YcmzQ!XMQ8~Wk&sOMn$wbD!UP>bpBbGsdtgWSP86-jvN%AnWV>zeYTPxGI=TKV(8 zj}k4_`ojs{_BzDUM@W=epDdEGm0oSJ`P27qa)`*-;SWA1yOSN;MyC>r&WazgN^4tA z333l;2<hL9Hes=LR`1}87}xb1_=ZxYI_ z3hqiEh76R>6ZmXlz?tac4Fck=i2iGQUm{^z@I=6<`jYUJG9;75#V_szK?HlKeQ0*1 z5#c`Z(X2r0D7tC-f$@&xVn<60R#QvdsqRCj;}O*63If)04%S1iRVBWC=u(9iC^tbu z5uh*;28NfchVkWW5*Vn$A>IsZQxa(H7m~inGH)7yWeeocjdJZCR z1+u%Z3_NL->ni>x8nt)rGg!E8GXnmzw)F=1tAJ-oFf3FD8VtRgAjBMIfNi#b%;1-R z@vLkTUAKiTv8rtOw68X9`j_o%#_NlIMUKKD$69pDnOfIpX=N}RC)%r(?wEN7%K0Oskx<41P zQkz>jRkq?Z8aE-uBzlyQlBi_D0&2KX4mu`hJTR1(>DBI7R#6N<8nAg=bfgQml`!i0 z&!GgW6fO_%_k*eKqusy@P`NVaoc~wvzO?NL>gsk@JswhFn;Nl>gFjo9%5pVg97CXk zjI%HM_(%?wdY~4{AuoH$w^xYDUZ7;&m{4@&4^+9!HD$q%T*OzPM28yDZJM6}2| zFV`Oie_tk}J}={Aeo4lI6n&G{jH3|qhKCkpCH%!X!P>gmfH$k1N7J=^EWsn+WQpE} z(aP{Ix#nab8jGyi{0v>7Up^S=z#$|pra460ad6g$YuDX68rQ9bXPU_j5db&)N#G@< zCL_iipbz@Fgfn+7`5xYDg9t0>^5h_CQyF=oVR}1EJ>DZUE%T!+e=wDa2Pfn9CB_6` zGr{7;#Uu0H-GR1d&erI`AwR}?rBa`t%g?zcFflUp(!rHX&eZSIUtW%RxRO!ujb?jj zXK2nF=!4}_&qN1wH@2-Yz$YXF zU;!)sFxXQn0#?7EHNS@67XtR&i%A$PL_J_8$q?B8Ca4Km@rS@*k`S=w;Ax47Tpq*3B~If8Hp2C3MJ#z?zZ~uo3=q1;1bSeJTGPOx#n&`GDD$Wl?-H zaiv1Ws_5YTwWUVLZpcl5>7iMF`HN>jg?_@;Y_p=BEvd$RDfP#Yt0A+es_vq{5|>MA z1(@nOM~6YR-f9uj#KoP^&{{*PV7txBgK`*Lr4OL``o zT0M5%zF{M^`u?!)a8c63;I;`aGi&zrYITkl+ogVOk&mJJDEPfmm2KVkYQ^|<${p~PaX9wq5-eW#JsG9TR1MwyIeMT ze%G!Z`!RR6fHlIGVmpJMpvwBq;KJDKouBkJ(PtZlV>v@R>#iTE+|#D~ahT2QBE{Q~>6>#o$%JOFRrb zk==zb43*!^sZ<&;0Vt8wsh2U@h1LkVNjH`){1)tYiZ);6wOgc3F>0S&M2Dlap<8-X zDa}XxSi2|{+Vip&wx7DDu5wcTj1+jyU;KiO4%t)Kqi}VHSP@pDqmX1mA_Cns`0s&N z;kq1g*pm`73RL8}O7pXGg${`|8Vn-;dj|L1X-G+?ZcgIMkRz&YkYpQ7GDyu#s)U6$ z){9Uf&h?c-NcQNINJ=E_0xP$|TldqUhe+NRKq}c2#~arF0QT> z6f7>fV@FxS!~9s>!f4$5$m#!O$p63O$IqSHeQNG+&vY!s=fPrNEu4@2ul(?yp6}1- zjgF6}`}ZfA&+TMvfmrQbt?sk0(X8)%)#2V=CEugV1)Rh@1M@%7D&y&wF`W9Ooq!-| zMRoicXQQ{~gk=6d<=caDyU`bfJ*6`W(RJazsF`az_Sl&Wi=u(1a4hnff3BhKDI+`EDD_BmQP@n6! z&-?Zi|0-Y4X`wKStFUwtQE*ZjwrV8`nB}B_5_4#xKvqvCwS>+T{njch^^KCwk8F4b zG)O`wNTeEH5qNcVo$1q9WTZKQv!&bYQ^C?GZ2m#D(;h#xm;Z|F5+JS$Ds9{wnMtDc*fCZ5V=KfR#^yn55=YUiuIk<425&X4CUG-q%?3>$5hdy_ z38jpDvqxEE-B9xkT+Y=RrJ-E)e5#LNUo~t`=PVur{U57Ji*!uP-28JVM%CC~*k^dF z1FBTnV_~Fm*=BAWV`vfcPw$pFR7=u~;>6MZwT+^zCbaZB+hBQmcvhE4Jb&_JPGk~~ zs)&ayrNtI{X zimlS9BGX*0Zbg~t;BvL%#GDtjZyVD1`W-4>FD-0QIaFqGGL~D{Qky1D(;OGt`3C0A z&0Kgjh)mO%Jmydmd3Un`5$r;*rHX`PA`nzk7#h$%KqSG#W6kSRc2*A16<~sHT>}m< znKb^TjnnAHuOGUT&zgieD|C!`WWr^|%{jN<=tG*yjHYp*bRsderTzw&-8bi^&7Kms zf|Kxu1MAr##d}#&)_ssAJgKFd`JPQn3ExiXWJcr_3o2aiC`3Dop1wy(IpQ&mrw~rb z9)9bh5Mmm(T?P>czbSuMFz z)>+mNF=gC4O=ZdqHo{cs5#Fywp}a~x@`rn?N79yXj<-|2of&yQE0BL{WRBU61Iys! z+Pf9z9ev^THz2kxTG~w-A9HDT{5C-)k*-HBa)pwX)%&~0y`qr+h9k-Z`Df7lS5c#& zXWDq)^DX)awwK2fEU2n3o#1t;V8R9glR9KQx>eLUhd?d1z zK%XD6RU;b913YpjMcER$o6AEqYP9=!2T=Bvbq^xo-KW!5Qk2D2IkhLZCxwts^v1#L zP(@i#j18Syko0L?^pZz6S$hrF#f|dDHUVLI!;WgTLMwaTP92Tgy6vRKmFOQ{&@Y6j zmSzk#D5%H~`zJxhZJ@O1bYRjxCh9^DcQJ<)y%s)Ei*~m zOlS06_ow%U>tu;xsO)%fFP3_*HnhE`^vz&Ex7$pYj~g4;id<>8Z9?vjbmxa#6P_HV zxBm4o8iFqH`U6|F#)DKM$1-MgXk~OBvjjKGgH0p&R-(zaPU)TQbWM}8V8HhM!BkkJ zLA0xXI+{fhImacH8H=Lul=YM&Xh4|Uyci3v{VD5$>1@G{_eLMHXL z*f>(OY1*ew=q>ycZdNR&zf*2bfG=?)iX`q zZRbmtL%vWDqxxD}pwo0~SOarW?*;WN4~Y}XC_Q$`pGT^SSBh&J1N4_*!m1^eP_$mtPJs{WvS|b4 zruPF+0KmiO0|uWEJ$=UP1GaQT>;u;1Lhl0xcGClZhuQO|A@KtTyX^zO69f9cneL-P z;3>#G|Eu2>mlOcJH3c8gTTDRiUqK12Kt0b&^sASJ8qzQkBq6Vn>; zH{&yE#hujlp6vkkm`jD=Qs>Lo3b*Dvd~&yfx~`qYAeC1oQcnpt6$#LjvDm{>24ETn zj78;d*EIf>KtYfEMP0H)rzkE0?;p3_D>e6$XESB|(>kFp#>vEIo+wuMZ=I{5!R9W} zKetnWOoGjIk6E$38&9RXZZOV(hvb)h#3f8(8cxn?+3ilRgBgr~!KH&A)JB+soj z1-QYD40dUzBvLgSUAkT{yPEy`QhTP^q;4QC1=`B?!oN-WrGAF2uy6GoVKHA0_dUQW*4@wbGmok{2dLrMS zK&DDgp#k8f6)k@X=>%R-Y41wk#mpzyP)*HUcXZFjxYSf%(L9`LHAcQ6wI~J7%|L96 z*@T|&*R<{5aQC;T{5fjdPS{iV+YE%10e{hhv zSY2fV@bD4WrBxL!h;s_jU+*M)-^Fm)`^9&%ts-`-$@JFNsayx18*72OQ!LRT%8enN zBS3JQPS2ylJJj10iwK2htTM@nT2%{^@&~wzKCc=Mrcq&j+nb%&ZG9Q*scY$i-a!_B zU9c__Px}vaNB9ZCecBGD`-j#@3okxZ8nTP!%Hqd2hMsv$!M1ZA=;lHXi`r#-%;OI2r2GqpvQco@dadzzXsZ#@l4b#h_ zs#Wb+9#(EzZqZ~PlU)P*VMET4)Aybf`)M#Zc!*8l}48 z{SpZ0{uvp1hk0(t0o*yfywB%@*l4Kj|JW|0rBSsMle4C0ixs?5{P>bm4mpmwcP{P9 zt3z`pyYNuC<|4hf%AH&F703N5zIk8H&z{(1*R!#oGtWGAc z?|rjiSbz;Daa{&UU^n}qsq-AL^LY2`>77G$-*GGp%UPA(1{Wd<(0RRu?o{#WLz z(yk8CMAxCBv17a|jiLQBo$X6kpWMCEVD~yPnT02{)Wkq+B|Qnk`=RVI>9f+s!?%pkuk?O z($l+EixJ_+ny8!41}QNs)qAj6cEKaOn%2_JHLU1(*0NImsz<01=O&D5Y6^luh^@-o z#ug=eV^XxLM`lr^Zz-*Zb+6zXzYV0fPq5gDlZ{UIA|5A6L9LY=qke|?Z_Zropp4ID zYlIj*I`uoPMjgip@!woGz^*8e5B=_QuYTw{d2iqPVO=~{?u(XdJT4Z`K@5B0v`td; z6k;s{Vd7^wmuKdH8ewOjXkr6hKdhqpOXO{Ny(F7+o z4`aH}c-3Vi#6>TfIOR0T=sLYv$ph$-C;q-;tcC2X#R0_k19kB+2No52`3Pmf^UL&h zzOQ>$Xg&a&ji6LKpLw!(zkR{?z{9*z2Ci%UehmtTMm7pzmjS*yF=otbHxJ!;asci| zTS=+y6^&-xomR0VwMq__oS%h6w-zT7D*gLXG4p8lFNg~ZAc5I6Gz!hMYyC25+SAJJT+>TO2T0s9Q8ROh}rZotG8{S(H4+XLq&M zVTfW+JLO#ZD{gxhe8@EZh>vvNz26VNVLt{~Ar5!3Sy+3nC^)ELh*WiR@05t&C!A%8 zA}m!J6DO{aRFKWK>?SueAR0C(*FexTF+*eIE5&B!+;X&M80c7M8;t>IFEf5OvAUN~ z*=B9zeV_D>Pn#~z{xDnDn?I>z)X~|hQL=n!&aimywbyiK3X*A52scXI2z*{0PFFUn z?()(AOI69Q2)8QyUGthDvcvQdRXx6Stk;9G+W8Id7iej`Ycck*FdxFuieFVtGGz}t z!j}!SxcY!UPcmmbJkRKQd=5)rFe!a=y@}quc)j8pm_JC zBO2*SVykBFQ86+AY;?&Ib{!Bn(2O0Ps=>qc%Sbv?*_g1xkmO}*}rXW35E>-C($XzU2AOJAX5<749wNqefXF;_zdcEQA(@q7BDVmQBCd9bi z)ECQN*;+a;Sf|MsR=5GH_M9>u)-D*-BG{f;!p84P7u4;{ z8NJl4j|NNZ^HF_;=^PsE3i{_mUPm3O&9tZGoGHP8t+AOui)B3BVL+LP1n$&EC8pEY z1N*rfoKw@^4E+7w3cwo{OrQgc_K;|9(c%@4v*XDC=gVvPX@W{IM)p+~PMJUQ``xo+@_u zwwLq5T~+3#O`*=Ak2};FOdW(m*W3Pgn8QQT#`weWhjoz0K{q(j`kqZ4d=Fu^hNE2J>9lw&NXPS5XRdo&@!1j)gv~U}CjyLf{cd$NUQRh)6U=vqC zC^*rMwAzYDck52J6VGMIE-X7nyLFC63qMUjfUS2sAJPtExeHd$(_d`FU9UTWvbJt= zCmCcgqMb-D!JOD|a7p7GiFwWP`mK*e%%$q55-DZ@j?v;tPKxfVxXFmL0o{}=&WZr+ zL)a^u+>GaYb?+fqQ;K1v@`Z>lkm6&y%0(9yqbkR^S$l*G2IH0yKiwOiA$0a3SoTch zX~tJ@l)%RB&llC8ZT~yOETKX$^9FVSmox{i{A0Sy6RnDS<|G2lHNG8QS8Mxb? zWyzstRAibL8IB46#B%)ZpjdIvxhpcJ&xR@K(?(VRosTXQ&9$XDO(Gv@Ec}uT#G2`- zZSyJ)a8{#PB-^>O?j-MTeonRslffq#Z6=E?MPw&H1}7G#S>fRaDcJ6nwla;A%+?Lo z(k0GuF!~k;DJ{XG3P@aoniV-G9lzA5UJC&Jr5r+Ac*}cTL4Lj!sde1I0rtKIGdsbV zTfDG?fq`|Rv{S-O|;N+ zDG%_`Fyi4^EMrCxMD|0l0$>SV2brRO&^uWWK;fvwops>pWP3l8C)h%@w5GZtZ)vSB z1W5eI0W~$ZP-Mfy1}S30ML8r5 zG^IM-PEA)k(5^OTCTK+|6~=X^G_i)`LI+y3n!M(4kOQo^O;tM(6*XhSS7pO+ar8|7 zUVRbf>SaYl$vu%^)iFSaw0WfJJ4CDI>zm#O*Sl6wFGmKNznrpheGMpVS=+oW`d^BY zVWlx8+_dNm2+o1lfBYSNQVa5&k9A^##n|3ea(?;>ntDzsow=-Red$uof4H=VaZ6%| zM)bZ~TCcOC0a%;w%6FqmK8#wuKrd(LNzA~|1%P3T%_kUwUYZgYTxdIfgp#qC+bqnX z{ELmLGZh8Jj-1ow@X6yVl?mJgqT&CVovzi+f)<-Ou$xj0GD9PyBMLReN6@YX;cQ;3 zD$Ri^Mt2bhP*kPGpjR2#o%O)vo1YCDOHz`5RtVgNz{7T%5UWz_Q)pGCVC3;K9!M9n zb0PEr?`Lm_xB37M$K&AaW_LUMlS~dJ)2ne-mfQ7BU=jC!47s0Tq-gxb(UC}5R^S82 zuBs#oQ4S*+jy7kKp(f#$%E=Xo4?zVcH$ndiK2%k;8V3cj$PNo`$ol1YhvnM#pOGw| zwjU|qp{Z%6emoj%u=Y(8`Z{zHY#tx>)fcW{9KI-*g3maGa|vjlIUydCX?-)mQCxMn z@V-fvNnvz!9`|BBqcX9wS3lHAkbJO zw^aqH+rJ!WuJ(%aZ`3w>0V>cI+v7L{XT&bAxk(6>ZzF3KUhNY=2ZLVs*y8bwi2tt=gW{ZN7NyFCv_*S+DL7`p&jQyo# zHoLhk4HE?uxPJYrm~F!Zm(h8VC6Y3{QZDs?oMGxum5J5W{e75K^iho8vRQNj)cw6R zCi|wT>U6RA`j&aS)w(~bHgg!s*Pf4#EPu$zj=S`QUvZ_yKE8Hgut;Dpp0jPu-9nZ!hzf5r{8a4EWO$=wQqfZc(JTwi|lpm5rDnM3Z zI!5aztZ9J~GVEz_z_e}Y|6HU{CyAxgIRUCT*WQ~e+LxS8a>3(Ycv}4~ju@zw_`Z=p zT`f$xU`?RwzbKfJOo8uLxjmL{4;Yr-E!}QIwwc!|OAd{`MKTnJu`XsuthPBMmty`_ zjQ+v|l<%LMuj((hDw~=}IJ6sjx^Gz&NT7|%8lm%E@C2Z3R2Q?L25u}LTF^4e&kFV^ z96R60v=`DTJ`F^d*!Rm(6gjOaaUAHx|0PSAwUl$Zn3<%5sZ*yk6C;WwL}BXLXp!Wz z#uMBE4`>djhOCEt&@KqIVlAB|V$*Ztu@0#&$EZ-PT)@}8Ws!`W^ogW+1C?7X0$toM z9=@kkC?yKjI9R-*&iW-@R_*?(FGV=*8L|tIM8{L*z{Gh`pV76aW|J?A zSA%bUnv`HmPZxB+RQ;E0`8KR)Z_28NIZO;HL zSt<;{)G}S(IQkAh-(=KQCjM*J7*CpAb)g|4QsnU5*vb5R?m1ZCVOfx>WGyEy#ctk7 zM$oO2&4*NUi}vFf27G9&i4_x)1RVpZLF8nHYYXwjHP;S>rdHSZO2Z~{6*-XkS=1T#-{p;0{V`bKW$?`IUvI){Wt$*v zJzm!J;gl(;;-Y}4c`0zAUl-&2t?NSxUd2dKEGD6FfAW_5XF6&ia_cbMAC7lsiPDtM z!`c#DB-|M7Q83t~W}~>FJk#S-U93iZl&=Kk0AI`3g2N9h$|RVUrR+7(>o1J=Iq#95WOIOZwEkqxK${<10{5PLtZ1g4Y}KL19h+S1B&^SHY=rz(hb zrQe34{>Bt|^lbm}Ray*GswY<3oHfiuS1tteVHzgqbJqoR^U;|lry-{pdq29$CeM3A zfX9$|L;luPUUr*nQ^}f5VOs6+z5MvlgQ4OxyVEw=%9&tLh0FW+B$u6TAG&$AiE56? z3UJ6}LmT5=9gNWR89|g%ybRD&`W|oPEo$;zXIqO|EuQ5dU(*mH@wj`STNy6B$a=Z5 z#KvqNh6djH7;M>OY45yilMrF3JI89yOxD%{TS2>ed`=)n5WRNg>#Tp}%@X8|wTbD> zn<^h$Z!tt&{|r`U&29`!7>e>P>UdQ?NUK=a{jrXe%A_=TwU^CI;TtI`9mzrcE3A5f z5AWk0p6>e#54=Y!WO`>wz}V+TV32v1NxXRHfw_+lXWcc6xc=8L5B&nNM|09zR#uAd z5##1Z#bRQ;#lRJA#y#FFkx^*FgW;iMz}Odwru@rsi;F5}q{eEh0FH5`Eby3R;7CRdIKfjdIDBh(4`X|03ex@{82tF1ixYm1WsT z|E|B)&d?Q~uy6Xx;nbpR$9@(6LUx}xq#kO(7x!zQu17kyo0r?^5$%g%AOl8J7w_}v z`(=D~c6WE0uk-6_@8OW{I2cR6jO_bB%Cd1?guo}UsYBkja!1JE7xsznatikz} zacMnNiOfw0E>($v$&o~r35aulRMB^c-#`6!;n`)uvFfKVc8{B@hW|>HepQf?Xn&NhUMEM{jXTUc;{%TIYR(! zEojGiMFdlgmV6xA-H6^m7GxWHTd(Dq%M52gOA18@P-5&zm;YTdFD>bf#ViQ6ew$jW z67DDi`;W~sQZ@=X#$hc;&}216WGHWvVrS9Ue~Yr%PlasQ2n)QvOZf|>5;<8C(22~( z>n*R5*8p4(Ht^;{e%?7GWSRgK_0ZdpRL^M*Y49LDMU`#)9y3y>U6fsxn!K^sLfPe* zJ-wC)N*zOk*^dZo8tP&k%u9^*0H~g~xtbgMQ<789b5A`7kTqR7DHF;Cb7XI@fo-;O zwAxCndL?TcHV;dG16wwo-fN0xwD6MB6sSPVY_6oC31n0IpV#UD;R*WZwFbfu+!Kj8 z6-MI)Y?^&ppibe2kpFJ7%B!fIP)#;bO2;p)hUfewfCh;h~H z51=DyF*@|q_m#B6(8V-FJoZEiDUpy{Vw!jB;RT{%CjvtyOfVEPj6O2r(Ws{nJPy6g z6di0z_3sI}Y^l4#tDcD;O<;RbJEAo)K-QjbssI?He?K8bmE|r7oUHf2^1Rjp_a7fn zrDpccfQm&bU%`}F;2@d9f6^?!|7y94jrI*d7@K*<+4qI~`;tX+PTcXV&n-hgGY1M< z|7(aL9A{Qi-H1Y>MoUTgGa9D0J?odmBhD1+>`ctAutV8o+n;iR`zt%O6_+!vMziD@ zYD0?Mik}pEmXzOlj=*h=mSYhhh)5+nZZM~*rD9CQqgi*ABQxzqFZ5DXtpGHj83n(Q z48A42(ou=}LdQg*f67s=Z}l&tU0fC`=V%!-wk;L@3NfV(P3i;-Ap_pHy6|~6l>c(n zFqm10sl@v(^8n##u^&Jcd=s44 zSVl3AalcYIKO27;GS#Z(1R2XabVx3BbNnC>ZwnYyFiuG?-TicP@ggZA2nCOYk7;Jk z1W&7kFI$`d9Zg1B_DVLjOgjfGR*7i5RwFEe+EqOUx+fKqG(diIm$+3OMJ$67m4t`) z;Y#~ul0f7@HRKOSKQRhQtR9Zpfo(+tO_(-rYnN)uy-TVItWQ|q>$H~Q@C*VQa(Rfu zHpMWd;7?ZDA=V4g^f3bK*=fYgBu>+uR+H8{s=(j%tU>U zDJUE$u-h`VmLis~B3lLYw;qrwA7B!{Bq5giq=$l+iZfA9we3MDGD!l3RL& zqknHR_n(jXctdOF(`c_Q>7fA8jU;Q!{xic&{s z0^wdp>MmgzRzVJXS5VzuqBUIr5kIQ0NjxftFMOi=SU3 z$kv|Ii@@RI)-sUKX@6RDz!JFKvLC9n&^0oO`_Lwy`v<5E*7@k)(*9=I9=cb=9<*7? zY(Y~dhj3$!SJg>=>{0~L;CRb8{A_64ys#`t_i0y<Dm?wf+lYA=wVay|5lQo(kTbGo)I@XjC{cM{YX&@)m0)D(Kkh@05-# z+Fa1)9hJ#?)}&SENW@jM|62t4qIxLEVdzMqP8v%>@7c}x-Pz@s-Qta z@?C@diWf2OK&^6tB|$MHFVMnBA`Zo^jjlojQk1r!Z3fV^jiEN%wLX!(W59=r^zfTe zS&N8Gtv5|VKOT$5nNiQ&ZlJdrSx%^6(tcd2CndHw@0S%2+0Zmm?;A{%( z+T5ECp0#lQ$3)QL7Qb)l7A5>)FzJos1+;|Pb3NyPs3SD5$bYi71 z4#5`ZoRhk)g}?CDfSl(oOe8YawDv`9I3ko$$?F%9aAAUD?d;tzeMos7TajV_Ema8qr|@HycYF!V-HSrb>Smzc0!f!YWv*}n z{gV1_v=u~e?(~>?(vVP&i#Ki*kGnaq zUZghxIgxnIY`NNeJ_d(JDCa_TTGycz>IQXWg*u^XEKT{|x3=-!*=>ZyK$5Wv_F)#O z3o|%-Ik|;0LJ76K`Em#Wb{z@b7$%j#gf!FyclAEhjo~9AOb6t9Gtc zN5hMzx?^6E7~F_XyeVE!x^=6EA?{vMt_@shtc_{%OOwcGBYE6@u#S#T=d?>_G1g;k ztLo?a79YmuC4Y%5K-MMiRaHFdY_B9~mZcod-jp}Mv{&}`Qy=S+*>~gtc@YZQPzoAw z3hK~=An^LwD@k#8I?%(eq(u9tnLe$Xt&2QC>%3fSy1$@oStfL9BFo30r2PbOJ`Ki{ zLIfRGG~I=?f=$Mwv%6arnwvv#O#yZ}T_^#(0SZYM+G(P6&pg+|&vz-KZTbP&4!f=g z6+w$Z%znn`G$sM)9I zDQIu@6nuz|H<{U>Y~DfV19;U#D&k*thxoA~G@pjBqw732RUSqgX)Pu!`LyQ-@h)aEKF zYk3E25!Wly&jHivzZc23Ak&ed)sTn!R#KN4_!O~CaR!tt z0sX<(VuYAN_Atz+;m8pQYEQ~XP5($1muSO1luJA|lsIv#1xf%G^$*E{5kIVA|2g+k z@>X;hf~o4P;_jLWg7ipM?*wHFj~s?2a1@dLgRU+&?-+sk0uyBWtm3GRx=t5llCA1d z39d)%*sm&udh|oGS|oF*1)Jk)(n#x1;z=xFa?c&eWuHUid^~JRX}hd0z(R)LD8(Dg z|B)=Zt*jnj=a0#8)k}I`@kC>E4>|}?4`3%Faa;61g}**>gBu!gQoLQV&dkvAbZ}wL zVy`Q-P*Isg*`UfW7J628`bIP7zM7jsLJ60fjc`cNbUMA=;kwJ)`n7;}VgR@MAXF!w z4kTKpM(fn}1-VUeT7-t1^zC%HbY?Yy@OaYuzHt#UipLlei(Dn@Plp!Qxa$9WP(lL` zqyds8FU9JNFZ>3(l9JoqE2@sp520}rP?4fR|F^|rB)m)R9PHG}UUOE#dd8ii5*he4}hV0B>G7ZD{hr-B_xDKu(-5nd`y! z@2OWySJ&Gq_&SAx!Nw5o5R4|bQsw;F87t^$Qsl>o_opPX6f8GbU5%M(I zBWK^A)EEY*udaooXfB<{HTXp}syyMQ`_<)p%hGH`lX?6ykYyOBLCrf{qbD#3G*@o^xIB{7Q<#;|ocN20`G`Abdo(5^ONlCC{A?a!NR-du@w}r%hoR)9 zEsRpr5<*$k>caT&i!xRvP9AOU>nBb0X4MiKI{+ARBuVG94zv;^E=(m(4&N=?F37eA zQM74Uyh}iCh9Ygt7P*eRpNy2wVJTY;gWnImn~QoV1r*=-Ti;s@)!6oG=)DqKwa9Hk z+ek>}v~7nr!z+HZ(RF}^R=wz0GmFD30F1+6N!C%Y=!U@UTiAxcKi^-n4ueJg3*qnj zFOpvt%Me)W=d-qj`(Hr$&-CTbJu4Q5R(_U0ag8SC|E;jLhL?bbX$YLLhK@!5-y+>V zq1FGh%IX)uoa{AhQQA>Yy<+;U5zZlk(-G9H`7_1e-Sq_T>q7z;2YX)VVvKgqRO4Ga zM(wD}Ui0Dl{vXTrbU}{+rj=B|T+fZ*WqIop&OFVubsQ=->YjdzITiR7LF~>zK-HX3 zK2k=gaS61i#O81bl*x3lLbq~P=blq_yH{hNAn{@sTiG>SocLP2n3$Qta}mvK8sq%I zpA$t8;M}7E*pcnQ7d2p5L%2b=w^he7eMm_MQxX3oM;*wuMzAkK@1dm%)9!-}{qYPZ zN6g#a%;o6nj0e%n6OEEwv0y^8N{(l+guaz*V0Pk^r#uxfUpa7V(|v>RT#qflQ|ZV3 zfyd`+rR}NH@tMa{H>K2bzqcZr@~Cp$E;yzb)AR7+D+`uUI!>1#p^1d*NLNOTu~?Ai2MZ~-WhGt~MM*hy#NFz1Ll^}0ompw3#pRKfro@dyL=jH)) zNh{0ImCgytHb|!=acin zh5Ng}^nm{{U9L__j#<|cRJR~~;OeeosHFRO7OrN+3C-m=m+)i-PEI9}YR&;}{0u7# zoe|8?!>iSVv*CYGmw!(4I}jQd3_(_+0iyE+!nWwk%PDJfuIUQm?}rNI%$BW_RNB#)_+vi zE_fNskz0s`i_!V9;=1h@0ZGGMQ2wkS) zfs2T7PNr&C#P3!5clQoe-CY!bWn@SEJzooV%oa8>)RM_pI<1nQ})bB+pvHtt2y?8ptPmY_9 z*W35&`Tlu?PA9kXv>8Woz-x6U0Y_W{wkKG^96dvv2Ur*t#4Ai`%S8a}G-{JdWWB~L z<9Nh^WU(y4F~^xwC{*uEq(ukb^}?t61olna_IwfeKa%A#Ps6nEAIUPr+zfm0^F*jf zo-z_(8kJe-!7&0KIx+e7KZbhbCrvM;xN*K3EuH`$eqRSbp6CkH&N~KvINdaN7?Kd^ zWC$YOJYDee)K;zPSY5&fF?8v;7_+9y1rCIp3rW^q<`~1M;U4vW}o?QqQt& z%QQ3ZIdT!cKU;adyir1%yhQMPB_htfD@iFY9j!uiGQ!MLtzL1$8Ztn>GF3xf^URiI zD{ZU5@Xi|-+cp!zKgb5?Y-HR>f>8I53U5<_B*)`56AHb&=!WVEIzm2kdH$6{FbdYj zAK>%bKzx3rEP-QA^cow(l(UkHJNQ44bsk8Aj8dG?(8BtiSaQRRlOl7(-ULn(^m}@_ zV{o7Mc@z9g{NUm8_3t-2Bcr`pn=H~Uc(`3-DVLezlvYZKy(X^%YPy2as%F--I>8x* zPX)nf`Ew2@O?LCSZpaz_P?)zcI$T5}KLjhHBcrfs6wHsuGI`sN?_t*;7;~&KCfExM z^l+)Th%1y5+jsl_9t-3)yUDZQ*rFYxxRB^A{ z(E>F?nx*g~i{x!6M9cMDCPd>jE+rc3uPqLUL2DRk;M4-%=Ig$?qUD~rVq4*6-o!aC zO;VzDw4;v$WD@89IF_KSzTgfwSlNt0OaW;B^)7R{0QUKH5;Z4X&!5g+S28-kI277? zA@rt@i_mq9m4XGXYpqUcxBPqoa0qwlY8HdBEP4r}Mad}==Eny?YLmC%;XJ{pm9UkyQgm~< z|IUdMaQ%T!n59Z-`)9Gvmf2whx(K!=9P%y?r1IkYemSvXfdw2Dv-?$@PQIp#~+Rk=+8IN`b?5)k((Iq_k+BF881_p2{XVr zQnNe0!!)h~?p5b26CKE=4+U&} z&NO+y_F-U|BJDIsz~!DOc6aN@6%+GuU^Nhhz~jGof%JU(a4>*R-Zl6mI2&l9-pJZ5 z{&a(`KD=ptfAzS*=uPx63Y*()6{p^8hWET?P;}~OTw=jKIdy+!Kx+h^@VI$?zyAhd z$I=m}0yYgPt*T`?qg_`~l(gKniR+TWpJmZK6N|GZdr24zfu{Z+#iC!MFv&;#o#22{ zi&q_&datmeLz;3`&(+>SW$fAV*5F}<8fcbt?BegYsTa_B@}*ErB$`CeLv8F~ZZWMxFSx>nRfISg9wp#XMeoFt02dPGe) z@F9w(-GeF2s3Qj85-tTqCkC6*5SrwmqyWJ+;Vsyp)EsgIx1boIGL>h?j1lCL7^Rp7 zc`3g!y7aQ5b!puNts)O$jqa5iw;eUE*zlge;caiu6PMFFb|g4hEqWw4tBegbE;}mx z&p2iX7;Ejnz@IVkPhg$fjv9Au!{-&$QPdD{=K9Z|Df(X!UY^&m8aKV!|Bq?kE2g-*4w&jpc zf}G%{uu5&r_Krx0B&M|QzNXo17toUc*^C2hFrW6orPiOd72zUyXvfY5 z>dJ0MmcB40j;i-_F8^ynQhLKLVkd&(x6#y$%`zuGNk*jbFa%2o>3Dj!{|$XLxAG?4 z8o7ungyoP*(*Ca?QV9!b6=4%M9hW6qAI2NUGC61c z&$6K zf9;hTba~IRm_@sG9&Xd)qOaUYQLa;U9Z}#TCsC=-PSzIWh!17BLb#LhS?XWKQ>$>jW#WkJu-g^vlvmjI-+ zh4DWJkhP9z3rR4UuB~`Jb~qUFcny4D*CHlE5nXz0+|ArJm(VpFe_KOlQY)lL zmx-O>^(m?%OV8@A+H73e2QotcMjW|gfajgi$h0WJ1@T_|^H^Prm%}j~SKlGd%6RUz z$NxOm77X{mT?>7(FL%My0*Y{Inv5BZxiiqO#2$TX+OF0(I=an(z?W#uFT! zid}R#R~q?JNWk%`0LFNhwbBCuHkYn(2OEvcw9Kw44aaXa1w=X?48bsYIKddSNjOi# z_HwR8O9+~gV=Rf>n&TDpuU~aV_q1}?a*Lt-+~^vbqrC4^coO*WSh#cD|2$TUlXPi9 z@X4bjsIpjDfJYa@DVsuVJ%qEY?4!Z|c&uz5Z$y?*rW9m}dn}hD1yJzvgv8gfg$!Ne z9e876_i&Eb7BVf1bNwTQVEHxS5m%m^N0pUIIsdiF+Sl=Q0jRMcCy4*H@iW(Zqq z_?t5Ipo{mSKCNdrf-TWxkC|0na7v27`5wJOB2@IJ-K2m={?QYJ!3z z3t=VOV9}mziEYQn?I8qLmkSKzvNc_FwR3+*d;Qmw14e}I+5sx#`XdnV9P6hOB+Oo$ zyNEK_7T9qsw}Ucz{~)ZYLM3&^560pVmpe`g4>G?y9>9y8{=rzIhsk!9e4o2GLGgY1>J?Rxix*AgY zC;zd_ON$c1)`us!H3#^zXGO;=Re>=v(iVYrGt!d;4KA#f?Maq;SN|JI1%=&v;?FaaZc*;gsu6-e%PODa;g3I&U-VN~7b|$$u*KNZ3M10m* zr~jdzbfUvd@OT~0=|06_AK0}ftpZP5wmR6x33i*(1d4=mq@3~OsAOMNsE)fJPw+{d zQqv40ts#KBph%?fXz_WO>|jQ;3#^VbNcAE2vmsAz>as?5tXIY1 z{2l7^xrfl#n=x#ws+HZ4*&2TIYTF2p6Tf*6`6B&yGGddfVl!#@Jfj9BDzRuYliA5@ zN@fu?Op00>l8wM~$zwGAUqF?DQCvxb>2y}j-TZ0;9d=$P_R5SchPENX&4%2-k+93u z#Q7WQ6Ud5Ffjn9HXk*_Rx<4M{BMFYvX&6SFf|MF1inw~t-=-}$pH9Dx3Pv8QDZI}r zB_aNr%qNlw|IJZ&9NhJ64#Mj!!n%(}6_RHMLsU9)O?3}5T1);bs`Pb{w?G~%Hw`$} zpa4yTgOU2AeRoNT$hDm8)L{Y96)zkysW8A1%b}<}NG*@vc~*YpyU)Rz&&{Eh@1>i2 zs^+}EtQ032byBMw%@6*d|HR*t$4&@Hswsbn#Z}=dG2+g+!=L&q@uZNX=i}~wxqg$tQwM@mv ze-K@)qV`muG%S}!mN;mSPhMF~_X3P3^0zXSv|otJi>6s)7EO?u=ZNT_3?E@^1R_vL z%u95aBA}7^x(Q`n=Q9QH$mm5R(Y(u_Sc}{or#K2qXD|>!3rh7PQPG0fCtnpC(b$Su4whBRvx6WYofl}3G9q7_UWH?CFPA#q%tDGL>Q-pfqo6l0UiyaCl^us)&O zCPKXpj>~CcH2z*pSbvw%RS-3u6>ZDH7H%#=IGC-JNq8goD% z;=i$KOd5{#%2g%Y)@2Z2ohSytTM_lP(#WKC(?Wj*>a~B{zsD7?%?$0(X7uN2a>E(4 zhvHM-T-ZP?BaqBEhJlU)iaRgt7W^qSp0@_7d6-URelnK{vTcZKlGb0@yvTuXBKhnf zLp!ZEPA4wl|LCUb-v&fh5nY|oy>=TEODd7TQ8D9HxS7oaXNIc8riv0!7O?BON_ z9eE#Q^1RJ|acFpzJB(3yr?T)=TVxBqsP8GZN$wN%M{@*XQG*m4MauiHx?0H{ot&!xOmkBbWq&#>!3 zRFd?s6;|WshqDsC3ep+Y5p9BX#vmPqWY%avcvi-f;TU7Uq%~xYn~3FsDo&fY z5LW)K#^JU45`K$Aj0tgFLX=00Vdz7vutZAQ_64OHslqoqlxo0r2=$lUucmzqn3o`g zRTL%M-T{%;B#OM(CJlAgMyeJv)k06wpNd-OE|}>6lTA!7*FJMV`+^ zALIi4slSLMz|@d5lt0;_JdRSK6Y2=-Oa$@B5g1iD7Dhe30@p#OGKZw1rpl)KeRLI;Dn8&Qsmj4T&29{Q`qhbK0$?8Px_lJv zGMWq7oLy--+p+i|SFhx0>UVy`LG(y~i=-4^b#k^I04uh@O*?t$Y#PH^NZDf)Hgu{R zh;zbME2|TXHUsjpq}L*ogOpIbG1hkCK!(d}=?7*f4^&Zxqg~2p0N>)wIL5G>yJ-#d zrjOt=rSAftLoZaY?q$QsEU!z1hQoWJhVV0u4&npb%Y zPQugT*ydKgJ3IH+@M~@a7(YcYUkmPX!28H z{#$QJM?@(MTYk8q`fO5?!R8&WrRXW6k^B02cF@B`*y_SU*+L6x^M}=v=#_m>ke;kl zK!sfPgU(YCp!v%-L9yBo*p7pHz;wzD!)cyV4(@ciTuoha1_ZDMG%9Pevxw{fRjD&& zEA_TDwtDq#wvY(e)J+O6J51Dgc=BzRicZw-)CXi5cM?qZ0%2F32Hx_dA>SSCNoiu= z+if_Gjk)^DD+E)!G#&70@ZB-G$ZchU@l7?j66Bo}cq&Uv;LAdr>G17QS7u}1dPXTW zsgpAOg4D837=}$u?-y+kKaWVfvF6t)i#S;1Pc3qT%%RG^!SGU1QYQkSyxrCX*vvSU zjw$3O5P|DvK>Gc({5Uge#|maXLrgYHI*%rxIkg5{Dw?gf?y&VeLO^9=6I z#T8b~FOPG$>niuUX6zr-OK8E%sI!vIaIdICq$ zqu1`cnrbe2q}9{jQA$+VLMRgZ)$OkSN;6kUfoV9;(MW37sEMaZAr};$cPe+Jkj@r; zL{?(-9kEegk&R!XmCj8MnDU6wHy~1Iq(8(XM*CC9E(X1}X0$-lr3oiwweCpEzN}T9 zZ@P5J8X86twc}abfDd2Evip}mI819745qG5T_{UC|A|q>&c@7q3NyB;4detBY&K`$ zxS7sr+8KFv)ZAb4>;+G(qC|O4bBh8eMhP;_OL&UxppbxUBP8lDK1^kif-y5CjA+V& zmHJJQI%8zbpG&V?!3tvp&CGw}wL#Poyl$sm4P(j`?WT3q9Y9Ns5dU42bD}T>(n2aI zM3YK8f-G2V=yn5$p=exxDsQ?%cX+^I^Roecsr1RbO8hw^b9GM6)9~-z!vfLNNo8J2 zV3A+w?1M3W=2YuUK(OOCCnrzsAe1iK6xEHy8dfs7x~WB4QNO-@QBa{ zG*-S|8{@b(S!T5*cPw*ML?jQOM9m&c7N;4<5`t-nTZ{E437=a@+ax37fIfJyL!2*6 z+GmF&LykxLP}`=p?_NCBQHe7(CFXFFP!NmE#B%lXRG>!dGK$)G&)jmjp6=O>-yKdQ zLRHGcg<7Jxd)$beReYlA#?{s2DYVQ8@12pv`(M~D0$IG!Omo7!!k#=C8+DmMSs?qh z6e%T!%qeBh1Qpm}NEJR-6V$bW&|QifA~H%nb^wL^-ol2bUnc&OA>B43WoDB{u4;N5 z+g*otO{7Z`3kC|)ktmbm=-Bv#C4!=;jm!pQ*OhjZ=I`k!G&33LeZ#No<*ticI(+VY zFEC2G8HqGzG%F6%j1KIF;%?KE8Q;P|%23Dn0LaZjQ_Yxz?L;+pvv@2?djePq;`;)Z zwOpyRr5@MLqe#(AQPzI#TZP&9t*y1;9q!){lnvm{aBFdg+kVr&Wi6f5C+%61o{_@q zcIDl_3BI}P46+Agp+jg;yqqn>l;SwFfku{%-VRC@Sww3N7Tdu_1jRL?mFd&`+{FbL z_bw3GlH#xs2iWd9M>9sGXLn#APe~u(SyU2b2%=-P;~7Sft?fF$>T4-!6m|KV;bLdb z`)O|utJ;fC2iFg2d3+lO_*_=!WiG;O|E|S-e(B+UZ+8jjp%XWLX1&EM2ZO*L=2}K> zNR}?JF;bJ!l@2*8NLxix*kPx&-!8JbIS;SbTa(!e+5jPW5c2MTAlSXWf?qZS|5rHj z#b5lNn(+8LiP^zkcfUcs?+Aju9pL?Qy@dYc!VLAP?dDz-0)z!5v*C|W0FD9(1B4$~ zhy@Aw4N`%QPDKEs2SK(E7+>;H(OG`@XLY^|Y%OuHgizd~yiVulN_~rz^x(>VA3Hsb z>wbNN-ww=UcFeryZx6jYEOT~kq1k$W?S+CdjDNM0UA<-1C5V|sQ8H-W3W?Jko1}~` z8j=eYQnXGsFuG=*AtU`nclBfd=npmv*4J*c;s`T z4~Da$;JgpB&Uaio6wd0;%B$Y{Tt7Y0hRbe3(g<4~>^<2;kCe_e%l01ac#KZxTvsRr zt;fW^h@ktYu0(+k&GN8elM4J3J|r>8p(mBL%W#D%y+Z@Tn!e45mx$_c!&#c+)t(!D zSqwJmqWu#4gF9`iQw71Y_NIOE<6I9bYD*bW2Y-PVSFYL(;qgwI<) z97BTEzqtV{(WEXv$o95F2cKlWwI!o>0`^wL*T22ErlXa~6$U&ZlLae$N7ib|b&lP3 zPN-{Nz!0n&>JmgBhiW6~1B!K0Z5Qa+y&0Llz6!eo-kv^nTVABYkWRPIevEU=E{(*; zj6%zsZ@9R?SQk+ln_qmi>QT48WiBGgJRQ7jz5 zT+Vu4qRpwq7i?;+xWh;d1Qy2J;m*2lPCCu0y^}X#Y0di!H7Fd_!r9TEav5r=5v_wz znSpnqPLPuWM*IHo?Vz)A;$qD1{qWmq!&%#F;0SRV)W*xbPxd0OeG~?F=qE#zFJev1 zxbI*Nq7m9$PGJssaUY9q>(;@v{pAqt@@3}mHya5bZ#Iv)?@Q&QzVE4P3xb=d5YGB? zlWc!LB)Mb+a(TpLxJfw`Yv&+f%kHCgd+goP6oCfXj<@UQ=842ZYC~Wmz6Rkzd2<&K z6*L3}!p7#v!unwr#K3}dOV(U#Wl<-IW2;Zl-zDpcbDg!gPXd;Lk=?{?ICx(l#?N&+ zUk(jCZ|$#l))!aI4^NB_Pm~YM(4O<3%%}DXviBQ>d(mn0rJ@UEk1j^Yu#A@lBvjLyG*!+XFE}3@D9MiAC!(1aQd*>sC3`Pa zY53)o2Sog8i+dv+Xv>B~i^SmI2*!cvXxw+zPN1*Bz6%o|n9goFjQrW)px)$|N@FyG zRe73CggB};9GK~J+5QA-SvKXu0PlER`fhGPACVFL?h57!7)Wjz7nHIl77vGQyf{=8*lL{zOYFKtL_?J9JzgvJz{9B?e(gF+MHChR zYp*F#4*}t$=@dGUQLqJI=Mb{6xByFPIr8VCinXbyv33G>AKu;{DP$!*CQ3IMCOo$ujNAlks~wuq-TAcZS4E)`;# z@pr&1Q=B@a-ym0#K+T{VJT~kTH!;kqGaBdy-s8g7Rmrx?RnA{dzcdx>y=C2IbYv2Zk zyD?w?YLnOxBnK60zwdPe^=Mq@!VXxg#cdK0s9N@yi^pM=vv-Z9k%p#lc>8)hJ^6lk z14W&+eGfRu*>3IWPMTL$Jmq!FyV~h*UMqFJPxq1dI6R%zqr$~{aq`PEIRnpJYPtOB z2+X3=#gklwf1F*`;<79CgOiqURkDnLEfkE0Z&1f<9?FcLNoF}n3*M} z!nZRmo45W*NH)NCQ`H6pcQ&vym_}`{*%Sb;pY)1|fH%+jTR*>B2w!_37QC`P6!sLm zdMQ^zNK-HMDLdbuZID%+*_#t~`Cw*4PSido`w-V6pw&#}Hj|W<_bjT4fNr0~(A?X4 z<2Jn_j93f}30mW$!MFP7KD*_{`zFH*g=VwK>;Ie)cRL>H&oDti>?v66&wIh|rar08 z2Id8>(Yx}099%4_98CQ@ZMy_Jnj{$4R1X?EHC3vnYHArN7ed56#J_Dth{!KS6_W^Q z>YQvQzo;ea+f#PIg}@`^G7hiD+%{`lN3~d+8+KljVcD)<>*9Dy;NiO%J-5b#kAtnW z!49$3EtqJ@kt-Uw+ptWozAC12U*Q zTt#6l66IL+4|&%^rb0nq=+Ara+Chj!gyx9-MwX<0hls!`PO>T?F&Z7tC6dTtbmk>a ze?6b1(@b5jqOk`DiUCAA^+_?Bp3kEhp!@0lCR3W@L>oN45;c=d9aNXAmeV5_5ngzY zE<_s<*$3YEF-R8)ZNolk0iNVF;t@4mMqSMaWBSutp^U}nyMu2{3q}~}TR5Cl=Fi({ z9^}P@ro9NP=a8zG?d`0oAA@j=QrIn)=cC-+P(#mZ#~89oy{xu(aRgHap{Y{w?KL)# z6O@)F;1`oiD$@|nwGl?ucL>JCX$G+*WgZCRpMDw2cq%R&)v_|Ir+!4Gq0;28 zzt+#7DC&%W5G%I^Jpg<)k5J29wB|(<_>*4=Pyj9_x^1Fi7pbxy0!DnV^BYv6guFU8 zD2c*Z^e0=O<*F$)<*6n77uA#i-VQV8!C75)x?6S1IkQicYISDs3VBgjNyhr!w*QZ@ zcM7tlX`^-9w(VYR+gfegwr#st+qP}nwr$(S?(aXbPn^pWkx`MeX3n~)$QhaWj`56A zOy$6h$j-VSR>}40)AyN@?#X`@e~+ZQ)qrT6S=Mr6;I8#Zv-VM8AWG47zLRGRF<^GT_)e?Tgov-(Xl>1V3vK zoF1>GAG&7+$Nid@DvmjI3xglfEAx2zD&N!QRhTxI81K;RJI?R3%wMOwA8ttI15ZIlrYP5nvTbY*@9N zNGeeB18_RsXyE(79Z^xNK!0*2;|PWOc|LPo+!a zwyhLUV!0geZP0+{Jcyodp00j+8p`))v!apW6cqON4U?B?U`HTD3q!W7V=T6JEyigX zVvjwMNmq~LF4yx|$qT+;5hRhaNZL;O`oKV3S$FvZPRqaJ&FQg!#W+e_jn%d&x^(TW zJ&5=hmqY*L2Rss_UW--+#B;1^kN5p{Qo5j9d}S;-qkT zBF!{w#W5+OZKgMZQ?)qmA5$^tq4FzM-nz9Z?zg-*yQ-sJSa36(}( z$Z%;q6hsZQ8_iA$rOzMvR|B2N#FAnmTwThutKc@`8vwZ)NpWQN;t%$eDyh4Gx>_m_W1wG;+p>qPWbS5c z(6tAB*N-sjlITRR6X=d+j1$E2+h$a}j!kmgh=~IBUg2jE-dPnIg^S0-TP-gMkg>Brp_a$1doq1rEk_#H~i529Z!@gJcrXD zY~p6&TR5v3S@?PTMt_MRTj=TfIclgz;V}xMt>@#RrI-Q(81yFMax%M_JO`4KLdV=~ z=DO4hR5DHN^^ymSyDqXO1FM0E(@@e0%ymBtyE-at=OoMHW`qn*x<1q|q%~2iBSsNI zB6IPDLSYx|T91O#=G>;Bz+yUegJ!mHb^P@gb$R?AU@qbi)hHjSS{A$KZRfd{bR>9t&ylP(EA+CaIY{_;aat-+%Z$a$ zVBtIMPliVzrwRs2R6vVcw7*4K9wa_^RD1{U407ku-B8CBsEcR0uBqD6LHkW;^+Z>G z@PGU&3mt|&LHzdFvZ|pEg$Hy97Op)Br#$KTipyfO1{0O0?~CV(*CJ`mz#N0FZtv#` zCXNs1lgjfH_`6&cx0gAcE{i@)N*?ZuCkswJ{Yea%)!Sj(0Oq(8#8k~&0bf7LhaCR7 z_j%Q%7#UOeWZO?JMaeR_9u%E?Mlv%)D{y6xH~t$FM`_@eW|M1)<3xz&-C3@3h5Q>% z*su(~hc0k_b)P|*l-0#aV4wSpa-O^XRvfumgBHrL7zGeS+sJ5UhHl#W$ zcHKKG= z*fO9~*8%{>!EXQ+MpHAkJ>`O92YOS>O%h<&jJyE^8-x)K&I12BIl}~ziZy1NlqoFx zQp!4pmM=-H)eu76cvk=ju}g-^BNiM53n`5 zvhdKmwI$xAc_ODhR)e&_`SP!msl`0W<>?lm>2<{P|3CF*!{`dDwT)h}thhCxCQP2@ zh-_cxlIjrj_J~SlCJ@i0Lgy$Lk^|}_bIFAWtX*VjDnqT`=vSmsMO!<9Te{=H%KgHW zzgrR(V4BUg#V>fHv)~_;o!hLxH`aNcWl5yEiIFnT+sa2c(8^>NsC5koNvA&)_8Ba7v8wfud<=ojR|kV1gy%%bXSi8nD3|)?B?OvrP(NC2V5~G zPX+mb3}TnNL6T756|LFA$}~CD9JSg~nIAFm&C8m&EE>ufG-_Q3ThK|F)P)%ERHiU} zO@3HfBZob=hMhLASTN*OWz^S5p!yZ9b>=O4wGhWaG}EF%lUv z__NfHcQ+DY)K2a;{{6VMag)vVJXd8$P#W0a^i0KQ?Lu|Yy}%jG$0^#BD0&+D=Kkca zE=z4{5iX-Xs)R(*Pl5zj4sgJxVNv<05tpW*{$cezl+r+ER}9)= zEsv0xcBSu#p4OSK&LL~7GeRV1gE;+y%_mXBe!E7qvO952i@O4@gCQNh!=XMAu&MA! zW@JDskV*Z<{)uPPMZJOH8L+Qet-l;!CaKeb*7tIWXH=-1fG=W3rWX+Q(f|y55RzUSD&1G2F7ScN+Wg zK1wRB`*Gx>+upZJB1r=_*fS@#mMI_iV>d15A)L3F?qYDu>?pY2#fJ;eSkl^nGOb#d z{Nf$tIw`tg+>3{xxwc5Ibp<%UgYU+XKe%K5ANAVTE!?b<|?N^@B^=F{mlqcL~r8(l(es^Jk1WH_DA< z%M{FUD>qOWV3{~nJv%`btVe=Od2OUjJfE`#wx!2o#2-bm!$9?;j%8A1cNgEC4x_Ij z@Sv==iz|dhGJjs_@ zpznamRO*X$#DRF9vE_1 zEN_q4PyKHY4lv6I|I`#Km__`KbgoIu zQ)%-}ULM&Z0gq8VRTJOWMi;Yf>!y#ThxU#NMq7ReS*{B>u2LzW5d1Pn2kE++mI}pN zUL$I*b!FDR=`TrX;^jtla`q+Z-=25bp+i{5S4hM4KnCunai~j8F|U_gmwrUQ-GuL< z5Y>J@vtR*`jZ&|5i#%Y}U?fgFjo8-S5sb%}ij(#w(XtpIff=Um7NXg?lH_k`K^7y?8%azhx z)y-dd39z)Ibf6Fxk_Rt!t06%Sm7jKS#;@JbJWmLCXVJ`gaRBGZ6j*pS2xhmH%3U9e<u0k8MJD}wwcTTZui}r_f0=4`o}hgZj}BF_QPAsk05rS4Eq!)M1{&ms%v#I zfyaF=bjKptC(+A9ec4|%Y7#C-?5{VO# zjiZ|Bq>V~yaOLDcXLg*SZ`ub0H%@z=>4^|rUXgKc@$WsNaO#cMZZB+%4MFwdlDrwp zjx>}tPNEiXYfSOHC@s)`p;x4%T`Qf~ESks`qYR6a6RWTjA<4)=NuAVRNrq6+Ha-D9 z!)X&lJ%ALUTU3A6XAqT0Ah&^IdJfp=);quUFV3Awqpnjas!P2TWTPUt&yXiuF2mCy zh`e{LOviB2nd61=K4Y|1MlDW%ZfLYT zO0O)`1ru{sk|xI+mXAV!lOvSE9liN$QYJqKrz8R||}zE6&DUzGWE z#fo>tfO|HvdD)x11xALHTRAhHJ^bq7Pra^l`DNsisR+kdI1rP~M~Ykw|0;Wcb-a{w z5e_X*=xls(or)_1Z$}HY>GSswlF3;>;Or^Jqt&Wes7k|XKCTM?k4Qn&cd>uu+ab?7qGvd3D}v9)c41tgct}nbD5md^boX3QD7?Z zb4*VWU9tKyo6ie{jyWqpzAG*7QRebGI)b?VirHN&So?Jitc08WZs206y5N~KB)uenVq~DUy|A^+q`)|Xvwbabxhv3d7F3ANXA4@O#VDMWz>I{rbc-sEbhhsJ|X?r6)u94 zKl_VOY?DsiTcq1}BHO&T69dtGK>u5e6W4!@f)BDyHZBJ-&f%NepoJAkdm-z2JHHgY zC|CHHv%bAyetltleWCm%Llg&q z1g{jpGcgR*lFd&X3p8V!&#TLeoSNW@kZo)mP$~dUraOrB4-ps}{5k^TNDP&*U)1Uz zOQm0_gG`E5WEy6xJ4=NMq9tUuSWkPJ4jVfvb-MIikIyd0F2{^5MRPVrfX91>5!xTt zr&ru*;C-d2Mp$3wWypvjDvJG zCYCn!>kx0=AiWUZY%X4{lP@XOQk4$4qzV4HBNi_(S+os?y{x}qblQfhduXd#Rphf1 zoc$_u)gPBod=-;GP5+@#%;sy3!%_t8sf!1DDSI2ZHPFRVW4V3HM%x8)nvn%Wr5D2f z>-n4`oh+)z<*uknSU$V|m-0SXgg7r5o}Tr4!VEYS?MMb|HdZEuZ9XEIPCcPeCnt@? z!j`MUuvqIJm&Jr^p-66&7_Yu}oE0w#GWWQ%<$G20GnblslkWs5bX?4OG%`t|52XSA zI?`mrvkF&^4o^9=0+{$Alu40{5}xtoNCDHaQKjJ91zn%0UM^0%Kv7yVP6)vwa#zvc z3exv0?<$1Q3h*w^Q#s1(@O4%nTi+TfVcbd`l*_`LdN6E?KUW%auP}AW9ITy7Qk}x- z$jQnvNRvIYxI*qCMA^(c0O(_dWLacL#w&+J6~xk=MA+9Ch@g0qYGt-;(JH)eJ_@;B zku+w^TT`%DfGl>CV|l_{j0IT+_W8v|SNt83Tf$MPNvR)I=rEeda2k7vrVHNg)FD)* z77JIs(2CbAtM1_RvgQ()!JF;egAv{}xeU3u8nnj987Kp=kC>TT_?_uB+*i+f^Hsz^Vn_b>Y`vS>{{BR`uV418%D|_#xB@`d31Ag*txZ zl+GqxI``<2c&r!q4F zrAcZxiRxJ&Q;NPky%q$oeDQn?mL$^2s?8XAnFUy2Tsi6_jc`RsFgqCKvJLJpyzgSBc{9a$4L9n< zPqT#aKs+Mq&vh!ZljZ(GA=vEkEEREdrn+%ywmtfzT)T@76M+(3y=GlxByi@&h z=&K564_Yt5WmT zz1_4)Bn6*TWzf>u6Q074t+7Ih=C!+S%Lm^#o4i52TGD{fF4p!0(NiZV}!j3hL^?9`x#17 zVWuG$KrP!Dx4CI_mcE74V&oP7<$n07d%50<+FZ^){drN;qevhfBV2h^NtWmtgrX8R8hzHh8e{k5HFK5kG3Jurl^nbCggjbbmaal)^5FYom>>XdP zlFu@)FD$1uz|2~6*j38sHyq+zX$z7QTuC|!h+5e%DtE0%dDkRJLM`J>-70#8v1xgBYf`by1kVH#k0R%sDLJ6^{FgOqofT;u3!r06m99aY%(V`I8kVWL6K9cTLdDx-> zO!{U)$v{7R<{kOFKV947Y(pe`e$p$WJ> z9`W$%{4A;>xo^@Qg*wpWZRl)By=fc)FV&djwYC5oW`_Qz2((8Z zl%caCD9A_j7yn+pJpCzcb<5-hAMpWYgkcH1t9{2=f^J$D_jVW*US$(|6rkpJzaHiXf-r2sPiOMY{~tX&}O8k zz0+9oe1V!2m;dzVZ&!b&JvE&G)PK+hjKH7;54p;qP%<4iqzsqmAk=9csVU{o5;X@d^4)x zK68QCgteMxx4vg>ya0Ham`v0dDN8&!>efivCWSM!3f^wzf{PwEi%W@6L-vNTb$(c7 z`MMvzHzZ&1!a@zKhlCyyM(|;03#V-Q0C;R$Mu09YXNHErnG1kLoMvHASFQA84dBt} z5ZYh+5*ic2Jokwaw5Pfx>RFU>9)Jv5`;MWW)oJ;kE0+!DY1rEz5#fz7)t2r9YRu}u zMA25Ss($XnW~j#QFbWr{iH!#zU@g=FvlYpOvYNPr4HHVMFtbg;s zU)^0o*+=_}YB^)LMNBI(5=XV}wSq@V_L|k^gvnmaEzktP)VZ1@!p+0~#vU28t$C;P z6uHXj({`Au(<{IzMX60s7*+rG7u3*wwLSz`hkd6v%GBu0dzWdMS<#OW%tWsJucHCR4`$5>-KEut^ z0_8w$)qzZPk|7qaL*WAy^d3of&8J)pcGi6AdZ-#N>CUJMX)6g9qa}j27BWl%j%d@H z+4G#UjM|;`)H0-)nm#S1{{+vO0byfYKE-e^wer=VtV@)=py+g3pv!k!VMI81&5aL* zbR`7ah@=EmJMCiRAk1k^#-M&Pl)(Q26PL9yxxLsLG@Vy#;WhH|RNo7JxbQ2+kUgaZ z*Z{F7Nc?dd{3UJ7(seI8GMi7&GWz9@vh;oz25(lfJ{;#M6pO9pz_c4S1UgR^4ExRv zuZn>uT)eZVP3X*{LD8wXK3Flw6s<$@rO?FZM@K}0M@8>Bz{9%Sl$Wg8`97iT+LFTf zMK)LrPS8`pg|Rz}7ETdkMfH9X@COrkz;s8^j5QhLhT=cO2Umu+U#3f1rD}KX zqYyyKnAFZC3)`R7=Nw~P*Z&jAb=!z6{N&AwZh<&p$8GZpU0LLIe`4VK|ZfBx)7yh!bg?_-_dvY(2eL#E? zbA14LbT`sFl8F;Z=54S^OCcFGB(d74`%Z}dhR!X{-|7We*=o=`y{rR%c$+!b!pcsY z?}w3rTC14(pSn}gNVR>e>cL3! zW-d9^F+@L7jq{q{4v+ItfOS87m)v?hb(5p_sF6d4(e?kfZJlhr$4ysRdXL}MgNo6m zGI)i%NJvM_n-|UZzjg!d-1*i)CS3gFu3(gnl13(cEFSmUy?iJf<)&c7p0QPkQ=cc= zf`Vh|jS6P1lpO$4)tFsf^kgffS2ZdjH%Eq(v1VqDAtR-sjug$BUm<&e^poNn^> z6);V%dQ#IE}JC@Ek4c;m-iBZ$fw?1sJ)8 zR<6t^d^6z(12p|6gKvLiQQbOZqRlB{ zl%GMOKuWfJn!HXjMFZMfyTK9BwR{*De+Vz?tO@e!^a!R24nLtWTe`^1OAgN1>^|N{ zFms4POr@aXf4Kg;MzAcmFMor=!CuSZ9A=B$TMm&HlG?axu2fvmP_I!n`?eed`{OpE z0t~!q&GLbsFla6x{xjLVN44$GEZV!+{_V2;^~6jh`p3(bzbs-$(C5@SFGd3;o5N(` zz3LF9ol<-N_X`k0dEX)VZ6?yFS_lFJxI;D|K8AV}N`>3tM=N0cKCNav$v8`4(N`Px zdO3KvS9=Kb6Jo&83Nniqbghox$@Bi1lC9TmUu!fU>j1xmU&|y7=Kn zmMmyyb@J;7TU>pZdD7aSqOUgMJtKsK4Z{bc5Uct9jLyVBZpr99B{z3mHHZEyzvNCf z>Se%At;WHZGv!QpIvx{A+#8EIQn2(1M&Jqyp%j!!YOv@Aun|ba0J~2YAlgF~F3H_$ zmzy~<7Meeb*pK~PDoTQ#P(vbKyw0qK;5ZxE-$%hwEiS(nM~N5|K?SYDGJoo&5$fSn zQ0yysXHsC8XcgXuL{_|PmYrY1AFixhlR$i>QaWmvCnJAU;8N}xivBj?-GGX;-1lvb8C1uMxyiMB^+QUS&Bemt!_A%C%p3*j?ryoBWff?XcS#eN}&Wn%SlNvLrPL zR%GSosaV=*=E}H^w=d@`@Zm8j+;X&K!wvO2bY*U!;~+|o2hM=6ej@C84%mBHs#%Yx z)9hDZ%(?U%aRDT(#BZFKn4=6yztZG>byO5rnK~v!Sw=ia{Dnh0aL8Rr~E!<~0YsamEDqzhVWd!VXo@yA=|U3peM5oM`~8ZopU^I3gHkYZ z#B}Xn?_>3XW>kC(UodF@Ih<=(`Yd@QMdE}Xx=pSuyCMq>(OD=YCpCahEzOH5_m+>w z)#FcIGR{>0;6C$zJyp+hY;F1Lt$O$vu5&)H^vf*);3KXc^I|t;=c5+Hst-dEBnDp0 zPS6*@Y0;Ve+`t$2j(qfIJ`=B2q5sq>M3_n1+uSf5lLyevH`)>Xisx4PSWg2UV4K77 z#SbW#7~L*_Ge)F#HshP{hnk{Y?XN-`C|gFM?&Q}}qn2t|6hukQ9#uJbxrW&{Ek9`h z3dh}L^;3_TvN2On4nJW8nky~B2;{DPUiuPGZ=dhoQT!p1I4<-2w-tAmbRFY7*c!o8 zC{xV=M^HB|HaO*W;?d8TOZ<@Pr_<6GhYv41?4x4ZnIU>_t?Rt_p-i)ytE1jE{wm~a z)ODn8A-G6AS>=y1GdkjLU54zpmYYIV;M}eI?GfV~=0?WMq`GAuD;`+8QdwdgpG|Yn zcA&!WhqXL&iaVqMOR14N2b}dbG7GRn;O}EF0BnGuRDrI!s8kRD;t*ko&bkdbjK-aU z+(F~(DXn6$-*GNNeT;``ay6oXR4zcm;MhNvJJ^>?Aq{sPO*zD1*tZTx(&%d)gYEVR zA;2Y4)pl)wCJ?X{Sqg-@;`V9ILTWJtnW+pl$QMH#sDy(Qzz2GT!V;oS0;y%wituL; z0|@2re?$SgF1N!{fN)zfwR%*WIe1G(ERWV5CyXk~G)b?f<|ZPClkCf_%wdZ_Ywc-8 z1I=4O7>wuuIISn2s@o-XQzg7I~^^UM{IDE^7A_@bawV?dikwLM^6G zZ-Il2pU~HOxABc}@{WvsxA|Rhsu{^WJ-Ybbpqy#(uyzgf4F;TaH=>%H)LME@3B?^( z(YYvqmB960hdwi^s4&6e5wc38xbxNsRqDgKzx}U~_+V;aaUsr~lhJwxyn`z}ba;E* zJJckz-q_Z316%cPb*qb+aHER8SVs^b1WRKmR^>Lv(iravrfloi^qK+Vy2$!F`9e}OM&Sq>nZvWGGj;Gh=5kYOyC&W4c8Ij5&o^(;&t1af)DOn646 zZ;=~@uP}ZHEIDp+`G`^RumA;svH8ahLsvN928&+JTY87I0@3L+-vTk|Gb)dGV8Rx> z9daMj0tx9eJOSjwu3f5fMaRgH^^0C23{G4<*3BEO2pi{X6syZTcP?yR@BEppJGcPO z7QDnPEq6g1X-0v$a#N=0-u90+>(Q`V*rkgmBQGF~OJ3LLPUUZ#NyBxTa+xg3*(NC7 zK(6|SHqUb!g(Pkz_wB9qAuqNipadCVhY^UOs2RL-Xv>mY6jNMW(2M|znnDO>pWYkr z0YReG`zd*Fw?Mol5lr!DpCPDCS^(;+iDOX^Vh?Ojf%druh~BC?&Vyhw71U9~hn1Uk zLH!!Eyy6L+)DDntWJ*?6Tccj!8Akhz9rSE-H%1LV+71T6e7NC0git}TR|7E^;swub zbONw}y+N}BQRUhqk2Og*3-!E$qq4$sP)kwjv#am|N8~fk8^A>X7yA;){WiFv@pV*) zla*TM)i(-l_7WyQ+yEL(hsu$0WVhUri*RwMqWm__ET%Q=M5%yk* znH%d15{gp<%vE}h&;d3Sweb`=8>NL2y-ciqIF=dY)^H&iYJ&j#|C*6y#v1pb74;UV z$B)rb%a^7>JGA!?#ima}O5tYA+@1?;BV8H02B`WQuk{x!W)+l~-gU@X$xGap0OF@tLGY` z|QgLX+zF}c?tQw;uG9H8jLZOvn!@=&Nl%I7hEUi zt}UUrSAmD9-u-AJ!Kf-nz$(&B6{?YEgNYU4b>!D&aEkC*xfF5y;1T*i1A00-_?T!` z>@jG}5+)-hQLlyPpUwo%qQkhyJJ!m>A4h4`_A{U5>myOvsO1qd8xg+FbmQypAx*Ae zX;s8tLggcb#6QC1A0Iw*I^INoaMoxc2~h$kxy|=|3mT1 zf82T5P&?13+qD;569+g9@bRAyxK0##Z8xzj!JWrpR*Ydr!J|0m_W|Qs%7uSh^rbNd zt3=Xh#+Yf}y$nIr(6ZN-1JE8!0`**7KMsdYEA35y-Hj<;Dpx6&~WhIFKWog0fOp%*H ztKa2=x2_~k8r`I2fnXR>ZmV>4vaV?7d=t?}VDAm=f6_hM7h30e1{mG;+@V~n73OkC zfiXph)D&UfR|nUic$FnhpLC;n^%j{1>Z*#qI3x{)%uCZ5cVI{)g<7js4qFIcr=}L% zB83hiZq;QN0Ye_4w2wXxu|?lBn?*!iXL)l!UZD8zz_PD_1;So##ex=^i-`h4c8xLx z%ZYKdL4S6ZKSkiJ(w|LK9KtAKYDCeoWrl-l@kURW_<0YYBW$(ui(KO_gITE;XIP=W z5LB9(s&$@QU{*K}W_=$jB zMPBA5&Lu|w=XTj=Pi?Z?zM@07vfOj9Y#m)>>FYpoi;i`vps&aSB~|GqN|XgCj-Hds zy>sact|9J*5BV*+K2|jK>7YJF)C4bPOc0l0xm9aF&VA68ak=%jHY{;6%xUseF2#C4 zOJq0P%2SsQV0*z^pXUnwMi{?o|rjZ|YIZJ}sL$hivLZ`~j0;Sxl<%&UE*> zHa6QXw*Lf>A=YO~!i8jcuGQQ31Vc0iXy-JqHmZ4;rQKGlz>SauZNhAWq{ECq`A(0z zz+VlI1!7_vfck)L^rM&3gZ(g0zSgns^{?#6Zi_3-HKgxpUtQ=mrt7Jy-MyjYw(uT| zwLb%M<^&_2F8TL4ehd}!uZJ&z(4Yh60CMP$pJy2?kRrmY ziRLa79;6v_?SL9cuJxVSHR#)kjl8eOf(y?2OmkwFYGMw!;A@+&Qw~k6w@CiGmH#Od z-ju1SS~>$cZyf}0!K`O&SweK*B3-l=0~SqDyW#r>qgb$_KqtPS>!~2liPfJQQ)V zXt|fD+y{(VM-lrk{l!e{)z7TFqfJtUY4Y}{PP~Izd!oO6S#kEy$zYJ7?2L%_w=5IT z$*B{^%EZ;`^p5b@ygsXI%Lh__3jfiXFQ-YW(ZB#*QlDwtSNN7?3KEm|iZ~!(xMjdp zy|KPus5w7^N0LKbKL(IS?$9qe+yN`r-~WL~vwK)3Gv<++TXi@!nO~B=@pnsO2J3C2hy3B9p9dv{`o>%1yk9mi_ z&q_T8&3KrBu*=^)i19do1Y&ID+6!^cV^YZ)s$w6&laVYk#xQE6T#BtLSE`&qJrji{ zdEDO`0e((P*PTRa^JvzPMLu2jgyzHZLLuXz3Go;<%A#^Vn8H^KI={UWF1i(p1sxQH zWmZ3Eborc(cRZ|nEVvb;KCYymYT_|7((F)@DrmaD7N+qC3dbAF;ydwF-wl5s2-bLA<5SHv)u_5Ba*dVqfR$8?Ul5O)*j0Em%jt z&>Ue(x?)t!<(lDL)n>S^B$)SKvf~ra;FP~zO zng+u0&_V01ey=!03so3d_o;E3)z(sM3Km-#PG4b;mCqXs;Ke>;YsPWP797g7W|;BX={V^L=D0E`pOo zL>vohqb?k09P_ejHy!2+?n7WddOK{<6KXt%R>J@gDIA*}yBL_Ph=wub z#Xiet25q8n-V3&Hh>@?uX`DaKixQezDui1S+6JSC@Y|*cXM}yr=W_G>g(9=&q9>tq z;H08kIZQT4z89=Tsh2#!fJj?Tf)fgg0s7?AGm&pY)T?Gh6VRRE-Y^~#7xFA6$3cCG zDmJUo-NdlRAfZH0FHe+WCur^uXhrSDIre0=BbZ2G76W`1VXG}jQ-2!nfxlB}oSA~V zUIcF@FC}MMZ;`2ZVr8cO&qoaZfTbS;@zQRir*p0o*KcE4DkGW$(U@14S2RsNb^|I1S`ML*I+ z#jsz1(MiDVh9`0C6Z54cAx*}*ItMe~&O2o=h}U`kiUpOf3GD^D)O;|Gcy2}R*i|&g zzinZeX`%pQv9oMzV+5DVAa0hNh*1YIV3BvjpCN#Uwy*9G%%L62y~YVk9PfqlT$D#R z;NC0-E!a%ssqJzZN>-EZv@x-!f5kkBM|4T{5Jequ*a(5A1jqzd*(^(s>u~3mM=3$? z9nYUbGP}-wKq4o)O}2KYO3no~*^*3Y<*r$IX(p>ep`h~XoVGbC>9V4yu)Dcj!q#j$ z$2k*M=Wkss`xut0xNnJ@-D4dvBjDSbT4@zrk%LJwpx|60D4u-T22kVt)WclY=Tk1& ztYy(?3b|G~uHOFG7#{vZsnX8x)SZR1?;wS6n<0wi5~E&dMZoQI9#lJXppiUm$0-Co79y z5WGGdIcc_tM3Fj?8!Bho%7+j7r6NVqjv>qZ!6jN|+?H>kL7y)81^Qu)vehaEn4n9I zMK)F`$v=VN5S8xHS9)IYcah;?v=PS&H}D*hcSi(9#hIe?%{7nANH~EM{h3Ih!apw` zb_Jx*5)e%tB}IBb-Vk8cqlE^32}~H4?PUEtGaQFq#Z&LXQ|-XfZ9w>G!<&YExaVaE z2dbnz+Zt_wGwsTxg={TPFLE!`@7#9zyPh62@#IBL{Lxr+up^V4&#xJmhzAq5Q?>sV zD5f9)+hfsk44*?*hp3stDf|Uj22^GzlG7;&0try4OszKdkTKA!of1NYX^93}?-uYv zirX`fBZ1sk1yKre@@+=^Ls=Y~yM`(oN<4U3;5U6788Ecwr1FKjuzzfp8EPmlZHr*= zted*|*Kj_#4M3=2!m+F#{;2$IU*h=Cte##*{i%Rc`aXH+;4ifJTaKp`` z^q|;giX_+&l)!b@qjx}1Ig50%N@$-g1{xtfWrvHhM;?m!2c!mLK6JKeop)ulG{(yHGv#^X$++gQr-wSqbTVJ(uHE|2$|IZ;@?&AZ`uj zI>yR1m%Ry|wcuRWpw;Ck4d_O_!>&$xDtQwt!D;;$m7HEgZ@L{X6Y(;xtiV9-I`CNP zWCLB*RU`H%ELQcVJfX!poq6pBXZS6v^e*AQ4Z`}LXb!K^5HL@CR$$dy+V=i|wa=!Q zkLTpH3a}jv^FARP7wglIk z_tes6{`%5x_y6Kqwcylb=8=02UZtBbt=g6{(bCC`MW9tD+8Ta={z%GP_x%uh<|Xsk z9V#hPU>Wn$(@?aCd+VG({f72IEX|kGSC_)mxWM-%K1c?!%khBp2xL5P?5%t`O!sWI zyr(MW2;&3bZEFnc1BR+)ocE6E{Nu0kl=6sOd;fT|<9>)D{BYC)Gep=z8IB1KS8 z1X0~(qH{U=RjHEmuk9~U*n+T6*P*{$*?9*D>F67^*~VU)eWdxBBQ1WD3sny*;M41n zA#4@y0(wbL-3oW8evF&3NI^Aw|MfT2AGwFerff)UY8?L(qo0Iz=+m*BmC^0CMa87r zq~Mcm|B;(P^_y91Zb--p#fzZ&f!-RSSL1js;<@7z*?|zXp1g)FWyJe4Ui(j=Qv+!1 z(`}k%uFndeRX>^JYdK3BNpz#)za#HVQK3s}IN`ntJZohPR+m&a^YR|5NHT^>aLNEp z8Lt!DV~lYlc*ZTU>RB@Qb)c{w^BJd3jAEr{oRwxA^#|PL1Iiw;xlyVnx~?}EN_80$ zgx`Q=y5ZLjBFd{Dbi%qI^oES|!o<*{4huoYyv*$|WZr56LdN9k zP`mvCp0|+oZo7m)cgVzU$=!C%^mgw6>0M)-v9$#)0N&Y<9@*y8aoOHzN^l{sxp=$z z9K1(x&OE{Hx=dfULjkU%R{arcB16xrl6Nn%Q}b54?y8s56QUbYZK(VKt9}Tm*o~$2 z>)_}~ohn#zi(iq}RVPb^^waD@qJ++il8%@tY9=JIBFrhMaVy)@M>i_6m8i<-xof^;XG#GbwZtqbD3V&wDDei zQTLCCV4nd&AmVx$zW27c^H%ip#WlO#o#j9?je1fkTNDh4hNlQlm4mGo?1q`uO}Vn( z`X1H{o|sQ&<9;U;)m+WFq5OZmmhYu@{+3S@YZ48My5&a6hq6;uo$;PsiRH)Z7J-@# z!tHo;>{gn;yPT}6)t1ugp3&vTyME;M&z=Fmt;-jX8j2=|Zku#LerAPqS-e%FjRxSX zWDKGus37mSc#WTTPvNaOv6#s^fl-k!r$0-Z93nEqI<+GR1UUVO*GaE6OP{k%KD`Up=qI+(?5Hph(_P;Off4?NZ^!$RHlk?ht z&3}4+F*S=4km$vv&PNj}kO3OLZTC3brZ^PfMTuN7AjQl7(S2XzZxPsnNMT!eaRgI4 zCbwXvT+wSZg`Ge$q#4xFm(v%=M2gz$o!#7UY3@TeqoWr+fsf6pzigR$ZPqYqD%LQR z@qEIuh!e5CrEAY9oOrU}H@;eGUa*9vy=(&9?r`q8i+97$*1b@kXZjFB+!>^5x5|9Vjb*-gmwVd`p3cp0;qcCIcE+)dB7W%)~QF&z7&P z1YB{pYNp+Wg>#t_Ck7BJ2Y|avk%KxLIRN*U*G+8gf(j+VjMZ)OoE2uV`tG?CVZpd} zm@S|&fE8r{9=ala-oP<&A1*0`R$G6j6ag3M8NLOgFEj8*4$ous$~cZtkXsB z5@nXvDYai7eMzR|`LWsI0*??ZZ76)$5Py(?mqxrdbniK_+{QgN#DlxN&V)?a$$ZWQ z*Xwhc@nq)^s`nc$2G`qC-jZ8}^MtiFl!FQ_)sLQ;KL!mGz%>2+VWpv_|Jx8=aCf(Cc3fweGe5EVJVp?zBJL z!rxsX2M4yz(TrF(U7Bx!I3$Pl?9+%SFC zg?UD|4e!9+ehJ|e``hbbd%Zi|bnXJdn!C5Nhkfm8+&G3i%2L}=OaR+!VR@$ch^6+$ zxpW4-rqQaiE37V6MgL4{+cfqZI08lN{5#m?IFeueHg_B5>)iulFRP}U+2xwSy#}j= z7R(vU&MJ6D`15tG?RCsmuj|VQLOf+c^Mq!h&jOs<)BPLpD7I?78;u4qO@Vh#kzHQi>TxidCtiJf4Jy`#dc2tuu>ghL79 zLb*`d^o{|e!xKHpl$;oL;~L&Ddtn#$-{@bp-49}dMgtS%fBd8lK9i?RsrD zVr+Y)H!L-~9_&qJsD5`r;1|stoV~e+uz*}D8Tvrbkkg|gv&}HZzH6YSgpniXCm@<- zna#=dI<1l8AtT4W-DgdjlDbi=wZX74>*8~1x_~rkF0>wh=v4^_G*A_wX&q~`f}tgG z$+DajEG?5E6eZQ82oQ1-s^5?!;MwLuZH*5wpGd^r=zI<*8(|jbgx#=WO>(IaX%YB8 zRf;bJc(vy)q72k9n4i^TIy*S9D$W6zO=J{Le^^`km(O1G+0wVswa?*y-UvQu3_qK< zon1fI+9`^$llK{KVHRM{{_;35qksAA<+B$@h88c64OId|_{+c$?tf`V+5;CDn8G21 z3g9zuWs%x2aJ#rL1EsAJ&R6b|p1=Y0r@32c1XCCo@VO>mtYpEy2%5PcX5JSpG<8O~ z*6#wjuJ!wkOQPkiZDZUEnsBi=1-PB9l0w4<2*UQ1g@q(X_<|sUyj8aMVz(e)u+KRw zIACad(fbSVR;=jSp|Dy8Ugq`;6f9#@wNV8a$yLE9RMfkrEexnXN;Szi6Z*0fZ>dJ0 zQ+U}sRoLfT7B<7Ipb1kma#7|M=DHXA+{nnEmRjeZh%CsbMUf|;+IMAlB>WU`mpZ;O zEw-x|{d+u-D;L`oLyzihjDRvc*Ha*93%c#Jsa!4@vNu(yp4l^>7C-ZR3)+~UZ9@Pi z(p+-Uk-}M<{Tur##@bl#IBo<;FTC){5qTkRcz2y8F04_I{KZJmU%mQ^p+al^DfqFz zVPc_|uSk3O#(@bg8BJMNn#h=_zd_NrMy#)WR1*a3S+x*O5>;+c0nTzqryvC^KAfML zbMv29vOD?7KqK7ub3=j7|S~w+2a#6@uG26>2ImU z7eK28)t!-y_`5-ZKL5qh;douqetK+{Ox07xtmoHOY!pa7r zF2A`TRxr^L4k6fQl?7I^mvZ~`2l-nxnTvL1FAIC z)94EkPpYPRJP>htHz=yTqxpy|rBnAC7j+EawNz6_UmNk++oHoEdBE%;8=_l9!R|GC zMMPo&fgR)(IT*$$8lUI#KEMRBAe#}Bw6eI5RL9^4e#5f0S8q@!v#?=TG`YT|MGE)@ zIn~^9{=u>b#MUgi^(J7K6=O}L7NU(S1R+Ipm9PP_HbTRe`H1RjC6$KrL%9(pZwomL zt4PL|)|NM{xZ&*f*{v*$&M`FupIUgAXHWp>+3#XXDUHlFL#b@!F}SesHn&R#in&F^ zvqxMOgzK1fG$+YLT-cgNk(28da;j%vIXJr(SQ|_iQYj4CS_n%>t4g!aLcPu33*+&^=G=_lf=fE3jY76Oi`~@-%$@<#}&J^9g;+ zyPa#z0x484UFg8+32a;Ep$@<>EZ^=G*vInnh)rik6RUZk2_n!MzzdE! zv0l~pU74ir`!9F7#a3MGa}g|1!oC;b%Rl|57XgDu`s)zY7U4S^ri$?=z-U}@&K_l) z-jmj~0fAKo%cQO9?4p`IpoO+IvK1>hQ(#rOqKX|| zUcCNWE9guA#{BQI=Z3jgUz{wAJcr-@>5pyOwqHJzrT%vQZIQC#lCRhgT%@uC;VSM} zo>pPqOL?cG~`l;?Ndb{Ken?7n_pf{SGgBgeY0Qv2Z5EIy`!I@YWlR5;K!Zgzr%oc z(jN5Q@#fyQC3&=wgFRg1rt9t+J{q)emyd_Y$XQ8nGV55Z?nXE;5ktIJ>;)TGACv+JVEZ zXxeRa3}#yqZB{|dH2bNJeWR!Gy-Y0Pf@$1mG+H>Bie*|ov>H-pC(WUHhO{xx_VM`P zboMYj%zBwOW-;3U-v^P|G=<;y)mftgYgl^`sgh*0^e`6IL{3$&EogWd4Nn+m-T1T4 zZh*5N$)d5lT`js6E*?MPhOlmtohu+cL#_(xNY4FH*qTYJ^6D;xDJwOB*igw*ehVF{ zZn-LoPahnRBW&SNkwVID4DwhCy!o8(T-NK&=bVCkpWg#H{${Z`6<_g;78yhyUf^WF z2gJk;FC-#*+|UBiC9I<qwh~X{PX?EyEn%m?lCv|supfI!l1c*uMu(MHj4m! z-_65}YgOu!X4#ss&w#mgv#m%nfY#s?i`H*NJH*JA5DZ9`9kkVGMb-A?s_w~B=VhA! zAKDkdhXf7Ge0QEJbt|(it-9VHKvAt%$}-EBx8C9Amf6HWYZRWl+2vl2}H5v$V^23F>Fs=>Rp;jUipix|#c6M=H zUa^enLj_tOSRJ-m2HuR)~IKX6>O%k5I%6!erNtA z&tH)@LX|~Oxxd*>o6rn9&~6B^7^t_4&l`lAQm@DX`>g+XFd+w@=gRy?=(#$Wk+T)n z`#0jTn6sk7D#RZcp}D5d^!0XsyMn|9Cjcs8pACtO+#S9_w?Tpr#I9T8Y)&LrF`3xH zDhS5Om2bdo2HS&S@UhGPRu=AO&r){tOr`Y21cs+O8FCK2`;GIDpg_FO^fqO^b@ zbBT8kt6ot|Yl|FJH?8+|@DN9AC~5{9KYP6|BD(g#@+tUFB_n6A9plYep}5jUz)x%U zI>*cY=wwBImV&(b+l6hYcRM{orZp6VH1!1PRS9~ckm%24!HiV2vjFBAYD!(^bMl&M ziozFiE-R12HD&~;D=7R7UyT-@e8;0?reMH^NZs>l6_m_=LrKZB5-BUi$S(;r;p@M8pH z8|G`Iy}b+2ZyQo=oD>v5V>N!iACY)=55jQN@?3M#n-Wq#@aAo!Zz4|$V8$<&)La*2 zRc4y!t+1KZ1E<66MW|EcHkwiUff19}4DHY9D_2T(aI?bBZf)!x6?9>m0**;m_$Qo) z;TDh3XfOQFY}f^cb1SBgXEn>S0y6B(xZ*@YduqThv~SsQ!#PKe%y-Yg>32M<+(r;_ zUWu2zt((*GVF%GOMid;DTpW|{ec`(gXFEwYeQ7hJBpcIEt7HRTT(IJXC+v=d8|Y#S z;Rb%Ug>Yk7?VSiWccx;czt&^oQk+MLN7YZ9Z~^*1l=Zh6Moa3$Z~D_Za1&eeGdZ!` z8rn8nw;i9kKEnYf3cPsS{M;|x^zh1nk4X>9h#b-|YpMv`{fZmow(Kck`EtH<O!0u;b4GI?VU(K%n9ZU+= zc<>B~_Uyx(lh^Ow%vR~|mhyJ0<+N06%KI{(2C7Vx_}s1GYSU!9iqiyRq&wa0WJACO z4>DJ_G!)Hj?gmv=ga=E(tJ<&87SyJcQ9K6oGRtuN%ubzzR@G60;P{nY7nMA? z9`Pv6WOq#KIBnss1lsEUg3NxPJazIavhEPtD5nKoG0h6)OKRELIsHo@$+tNZ7r?fj zgwQ7;^j}v9y|Vx$cOJ32vkj7~BC4$f@ksBKyN@Fpgubp3-M`%sEB(jTQVrQ4xy;Mn z;;UF79VW1YJY^Z$sK}dv%@Z_PzYJF9lPj((Hm{f_IV)Bisslp8LShr2K$tRulWi_i z2oppm+7%%uS4`hBCdl*W&!2;w{`}8>{xgvUp(JGqUv0h!Z~f^-NA)rH{I8RD-&out zMXsb?+Fs3%YYnRj`JWfxzOT?X>feGe@5$2NXJ`R^{%?Q$>q~&G338HhmtP~K zCKRpeLi1Vr=0W4!g-Z%Gz1!EtG;EoAIoeRra@o3O1C9_gv<70jva%LD9%NS&E z53%EBLjfm;dlA`gTr1J6Y+qRJQRoHGl!ai$On6;?fVV%-Ll&J-p*qfCFT66cB z2v|lnT$~+FO@#)d{^N8i1&9f7hS#zz(7o(EkBKY_Ba}d=RFQ%$jHXq9N@fccl;(q- z^F!{$+vnYSJ()1Q?O5?JFXRnRopcy7I<81gRe*{>m68buyH>S2y?vmf3G$`K>Z@f$ zht5VxXr5=i@jg-H7BXe$7Pt%5E`mGVU% zgQFqg^2?Y-nmWDc%DKSjeKmfIHDZKn^XYdYuYI1-EE`ZW>i4x{`Y5M^zV7Z#0!T>M%TF%0Cl}klu#4@^!V@ZN zM;bu&HNc+j%^P!j4@64uC<8j*;EC1+zbbYAiLWrJ&LcTQy0R*^eoE5lk)p zlYog;&{g$oeCUp_F;iZE0@(>aJX9o=NeTGxeo3nUA+%HtFHY~~j>taj6FdfcNad|C ztnK8yGatO33tqh+3g_-)Vm_x=veYg+u*cWA=@@;y4$wABtgXe_=iscYtfO0h@~1xe zQ`?{4q(Aix9j4~S%(wz5!5UL>$eaDd8SBe>U9mHi^qbky{dFE{M3MGfR`%ycslQyN zD0J@0D+X;1sBxYM0EM&SAOy<_dj>+R}QYdbL&0c zbRS31EHukIFY^_1GP#xbodel=k7F*=q8`k1IGY_}I8UWSlzKk>cfv#>)7U*^##kr~ zf>C8B3mxVwH(qcwM>L8-MKHeM`*{SncA$rEw-alk7+)puc!)(y6b}jg3gsI2y&@T3 zalpw*fom`|;HAUo2!A$9@^WIEn621K7VC*`#(Y_8*S>);?nzk`Oz3Pqj5bj{ZzZp%6SK7V1M5NAGNuM{h@Q!(U0uSKO!4BKK^Ta zUBTv4lg7BvQ&~)r^sfNeHlh(npl!}ebq7_@?M{NegRMSB{B;9*EYfdmNYbw$;An6J z;PH9Qcg}Ej?bMS|G+X7epv9V`*5b9^5FXHIycU0o6n}iGH(GrwVi(@t? znM`Qrw^vPQf{pdYo#PnipxIugN0c(bgqkS~AK?kq3Ie4T_CVC0G7YY5HT_bV5lT`2 zeKo*aSLO)NtZeo7nj+uNo0p7ScxqKvA#{6NO;nYjy4Vp|aa_(Jy1`4Z%2$IKbr=QD z>Zj4wuJFVxg^jd(==1X^C95svso@*ZMf>f1CAx;{cVbx2q8=(pU8I{opF^-2m)_uG zFVSS3SRgH4tD=M5rM6%_*JNt`&l!fCSMQ3=F_;H`18RAX5``wNjA=+^V!oacMi#B) zO>e=*@04}A@*ajtk83%?3N>WGSc>UWSvA_C6g^|TI(B8!;Q$Mxrc|Y^zz$U~Lv{ch zE98nOL36c~8tfx9rwP}+5$L+036xF;2Of;DdpOCl4XF>;xt<)RmxU}BOUQS^w~~x1 zOh@bXKex7PwRlC+wV*4W_}U_cyy1#V>nDQ#`ld+9xi1%iPOH<5@)bE!jFC5PyW=+( zsAHg2vp=O+t@ZF9AXm`G(6>CxHV z$@!TItr2(zZNUxr!a{m_WJQ01JKHpOkAR|gg>5yDo|W z6^C*|Ra_$O3= zGz%tpvp?XRZ_cpq^aRCF{OfopE4sq6^t*&?-&9-blCAQL>b(Vt{1BM<1AnmL9aN-K znwkB3{{5*9fm zU%nZ4*J!!GGzOQN)bG`n=?te3+RwvwKmEl_&V2jT^e;g%sINYmYi%F`@>Am%VF5GHi7o{@72@mxH`69i)}*nc^93oMJbBPUcd0atlPvB~PO zS;x>c@COPsIRXwTH0ki_#)s z@Xs>xg^>CSzqwuTA_z5-&>P8JxlzLb1h^Om64&jDU9HKAD^0K2j9eI5Ck&Usbrb~3 z5V4e$Li6qf5Mnh7-#?Hckb@vqy-dt?o)>KDBrbewz*1lfo;eCsw43;?yrihk=P5L6 z<9Q7`=xG6Tu6 zp8!-~@z#PRQYc-N39J+)SB1Q0qRI~$U}9n9brlhpvBsAAA7#Dsbcpp6w%6e#JCRsiwp6^5Yy^@2Ib7YGZJK zph0Yol?t4yA#)yrEu4RUI@ky37C=LQMbl<4TDLH)C*~Encz4si>kSztOG#QrS*0?$T$)o@uCOsgs=6tBC8 zmbDdsaAY7{xs|lml-7w1wu}2fNqeoC%X?@c$G9!AnD0B8#`!qMJBe#uR4F!?sinYD zhc7@pgsP!`Ak$sa?%LM%XG^nDB_mIL%{~~?6oxc?5z%=>tfYHJx+vpZDel=ahub}d zpI$^e^&7)d7vw@;ci7|>p0Zs^)U~7&|A+wAXKrU#zhG@bD7ty1iSTu zBvpvk>%uv})aRl#+xm<NReYAufR=fObsMKYhgD!*H+%+fX zXE?I>e&52;URz;LFL{wpb6V&%T6iY4QTb%n$mT~!zYNtE44>Lk0!f@h&U$$3s}fC- zNNBd|89mFGtXlWfW*JtSa;BC?I?MRz6o8)LJvPJe#X+M>IM~QAmfga*Nu3Mcy_{lL zt*Qrxp-2JBfwdmWFzwDuuwb+>ElmiYn+sNoDL5yihETbPtfV}%am;9J04@@YBxt^3 zOyo!mCfncx3=P{m#!&JO&%sq3@*Amc`_M`eFj*&RaFH4=4%ZpjFI1T%jCm`dP0hL#2nq@5YE+bqx2~wAJCq?xY2yAiW2<$c1=$U8K+NI{DNHAoR z>vdSwxF#%vAwq%KEl$LnqxT>%D)>zTx7-@{*Tml!{h-~3}jsgO0h;qkXgj39y*i>=+jM%UXT57qXnkQhb=auz_FP;-4PX#w%56tMM)Q!WVdUk**MIQKbH~M)j^V)upN< zdL-b1zGsi5U)MVj#4rmWmer5PEUW!GJ_D3&nFUI=%LFBlH7%h2>>=rr>~LX!gBc_E z^DE0{T!KrLl#|F+UTPMwBg+)xuc?t|rv?c4Y()iKu&M8UTIIGp8+A)X+q8*KJbyY! zPX}rE`CxZT^C;PSyzeNDRpsn`Zu{ek$Q9R`xgc48G$w@WTAsQ+>|lq-cvtq>S5vKo z=jdU8qI$~}ip7HPRgQ%m;LuKOZkV$_`w=G)dq>!3@Cx9dezSaJ)a#h+9*4eA+oPb=zP$-Ph>Cv=~5w+<%`t{@0LMGOZ>Cbjf+A!~k(xFTnQ$ik9ri>+GjOZGiYGz;F(2QX^8x_7V zot$sTnG;(l*4+F)9O~ejtq&$6ki|%i`5l~zg9>G`#=yJ)1|IYS`0k)xG#w{$-laaX zYiOV~pq^$FJs5XohHv)MR%YrVc&G9d*;K~|u^|K6LR31-s6*VWA93f@@9Z$h!}RdG zhT7k^{UAs^vr- zLZNCGnWafy7P(Zmz)^D}M`w=Mv>lg6hZ&-NXPfijL0nH7a9ZfJ2_S-mY@a~XSX_`F zDnlM228V&^xrZ2&5xAv{Dxt&39WCo)gnVJdEQ&(sCAcqw0_C17w+D#<7}Aw2h2269 zMrn6Kn3=hRYTvcpd_f`+pPTvFROs0G)dFU~SzXwAOzZYjNm9v>`q0w^Y2HqfnBwN{ zvGI(QoHINDN>j}ySZ!~f1!X1}S;>^oZ7kMB;Ln?22E0vT4{>axhA@V7I{{ivD^4*5 z7S1AVk5OT2?Yyzu$xn{td>+(E>8+ULo-OW^p@K8++5Q3nByk5IRl_Q*BJX#&x4#EA zC+FmCRf&)*uz7O_FJ%q}7fDuHw={As!$ah!!2(bwQB^UnPG+Pch>x>@WkzbY6xT~Z-f7J%ZS@1}FiRBM_n zk&jbi_)^Bqow<}slNC*tTzLFI;h~LjF*_UW!48bEzurkaL|q4 zS5?X^lK{e@ng&-ByxZS;ccoQww(>4FE`l4E*&mpjJditfE^?Zcy#-zB7|dBI3|Xrh z7;jIBrp1D3(+&~k>WUS8V9fh1lXPcA2y1g3s31r_xL-k@1c)_rIV4tKte>lSh=sAt zmGHg2t4h%?Y{V5O#I^b1hxhTtqzohnb78t7m6IgFZuxn-f+YegSMe2#_EcT3b(FW zSHs=Sd39EA#WZ3YL3+8=OQQIy%rq5Dma4y!@~>j~hOgj^ea54=D`;xfQvJ4uY?}(X zGWxo%(hk#S{_6H{VeB(YEP6wpl?&bj`}5k2CNVntEAqA)B;=dAZ?IM;`1WlV!QDaX(CrE!;pP@b3(A1?%Z@Kg;=pttdsO8Zp~Or>}@17Yozft?;%abL9*o5tDn zQ^n4-=cT90{7;qnf76xu@4D#u9MEKUuC`;FX&AKZhgL+6F;rQu7Kj|?%(#ZE|AQ#A zyj5OdDMW9?YF$#srfOocclK~G)dgdII@$_zLON*l!TNJiVl&lLF+F6>9m8gVCe46D zj$^+9XCVUs5{JD?re9epT-4s2%fb<=pFuBO$rBesjO|yH-BmoaBl_;Uv)A!jM)eyf zh{M0@_W#jr)fDu-~&)%7E^&o>oTSD+%OFte5=xwQb|5z6o-&tH)@LX`!p z3KBKDF>>r)RAWGySFi5DmVa;CfyA=foE94N?0szu-=O2d!3Sd3eQ`E-X;Ae546b|w zRa669a+^_x>KY*nS;BdAd*82wMxT^IF}F*VQ%0g}Gy99G*fJ?>l$2@JdO#LjTR3Ly#C+{q>+G(oGXT|L{m6Gx0$s(_y{Uk{qOC(? zLicX<`S3O9EB3n*8nVEud$!d5Y<4(<%lB}0=)|tf2h!Smt?Dqg-co({%?SC{r5XeD zY9n6PhvHU6FA*86zJ~{_i(u<4ufoCF(B1{Vv51a4yEm%gM6Yr<1FOA$_-6NU;ISJq z3VTlN7!tW!VFj6`*Q@-p3|tpOtRrd;!_2iJ+|~>h>-Nk$Pi-`dbqzHXYyYu@2N0F2 zvRxJG8rSu$_ZzpW!EIsQYQ1!Ac`oG;x9kP`%=h%{!<&=W@7~N-U0WrFVKR~Cl8b(X zjxh|=H|RFG`yeP1X5qO4;%b@8OfJUPkRCy$-(mFqlur8#l0_};ma@QT0A)=k@KC5fWrgewaJ+*cRR zmo2n5G`hg@FolI8%?p0RGq!*Ns$48oh2myCg`G`9))uR7HSgAW2Y$b*LOC3e_upPZ zVPbGE-kIUl45VkX#9TdlXQ9p)(Y7fD4PR(~LPku9TCXxLt|z`A&|F%?N=D2VZmSfG zX4|poJrbM5vS+6x$b6`BO_U0D!XXg;TjJ|=kybsqrr-d>#c)O7fgI|p)EtKeQRC9@mTvaYJkm$`L9 zV>+QN6mni>*}2Skvi4BwXwpax;XC`Al9TL~uGOn>w1mQEglf%JIc_vF#U_$$W!1on zldk6Oobt?bgVKJ`!$qg$J-cB=eGI~U1V2~xeu2y&jg$&B5=3v`SeAkD@p+?JtY=_% zK;K}`=I^CG$M@=E#?f}POfw@#tz8dh=~Aw)cN(VGph7aoY%VB9Ss?xx>@eGp*=6vZ zD7a+%h&lE@V!^oH_`US;6OH;vo2dbREom?XA0!_UoCdJILYS+Q^x4OUd}Ia6k(*JfK-+Z>cFxiuRC z{ql_|^zg0AhQ%*fnM!3kD&(;(oGhm7GfPSh=K(y$57F@3lqhg=+Y_0(O{}fX6?WMD%V64GdK-~D%#x$E{ z7lU-}FSmUOUUt-T%T>%4srI3ok#ngOH_POqPX>ZCAHg+ho?p>LNS5&;5~ZI|e`8B}!&>=m zF4I{HyMis)->8vyeGIpU>QIWU085~Qx3^tUS8I|<33=jWPJ~RE**xH1rsW6$nctMgS%}+|be9aY9c!b+(hyJE;{Q7uhpRbWAokkm8QS0NFhAGAUCi!2GY+2uFuR`}&3164cNHqQ z;F?n{i+#qs)f)8<{8DMT!mSU{GVlf@3Je;YHyW&9vcPo(q&O3r6?2-fMzZ+?tQXiX zcklG}_!k?v0%a+)uU`Enh~oUJs_c%|l2GChEa|s-#IDLu@jQqBBpUHHIMx5Vq#2TE zh{SP2s*$*VbT*C6{$pR8s=mf{%6>sH;{+H4>N&#FK^Iggvy$<0{-GWDAvw}X-W%h( zcSw}16rs$4bGXEX{l-J0^bKjxk+5(E_7?JBoAb*TPVXGPBj0ePF&7+PhU7zpqA(KJ zxsg|S{!f~w#Vfo`ol&#sPZu>}vi5bIob-F7*SRgwdwF^ettj&E|Mnb2vM*o$+w{B}cd?x`@n0=_@wxM#y12~Lh#H;Wg@oMJ3e(4%Viz^closv zzrXnBHz$94^9@kiCf%5`!o^lrl{-C?gX=7Ij|UcwNMJ$Uzr7e41iUYTHT76A@1o3u zL`DUr%4+5WLog_O-z$9IAvMUOj4U-|K~g=Mn9_Zddsw_I#(i zJzBM;;6oGt9k7*mVb;*VJ}r&D!6v339Yae(m5<;lE41@rfWHSLHhJ*7;DKFTYqn-7OR1&UFD6P`n{_5~4sV=RH5jTbgUR9E1K9{swLZt#=+rQ$>%47L{pnq; z6S*TGqbKmp2gCW!(-DwJ=4D6Mv)5L}c9=%W?lMws?S3)6zU}W^G)d21Z_OxVp>Jie zCn(^0YmJ;A``rfE*&ca8z57wvN6oPt%5`?y0etj1ow-(KiCopnCM_9W?57uJ@Av`- z;l}H#kxUmGs?`057@#UKFfxA5VHrEb0DP(VYo7zhW?2WCJ5uwEKZImzlMz z7&P^V-@bR(OxKNOYsOp1{{rq2#dH1J=+DE#_E~0DMT)R=zKaX&)^H%uZbfq&JDAE_ zaZ8JooSb(B{6t}O;6@xOYBUP1qiPZuuEtVVj9hW8Y9;Uj(~Y@7eB1+swpW#$BIP1M zWTI(iJuFvD-!dl1^XJdeEdKn@fBrK>qLP#)e6{%^y!EFSFZ#RtUnlRrAv6K43o8&{ zudpUz!)ikQ=f$`0tD;u*Z(%EVvJ7Z3HhqCZQb}cOrh4fE_$he1f}{@100v^90BM;o zmOw%-V4Gz;v8X8MdT@B(m@A7B`tHu?ZQV?7f)SM3hq=v3`3?mrl zn?3jAucZ`KjE)*LEZjboED)q~4A!T6^O-_gxS1vzC6!GoQDHTZ{$}DU>L&;ba9NZ} z|E)9>9|gL2B<133c6yDC4obV=%!J2 zM)8GU1seJwiH&6Rie%Y0PC zh<}>(qdVc_al6d6sif~2A#aq_P`|~rY)P+tElCJ#n?j0X9EGYld(4YmGMc)?F(ZoQ zxzW+csX1nIZd5j96A9DO25^vIddfZ<#%eY{TnK9aq$s;HJ$BOej|5 z0OuhjV0av0gHTAFGW&>jN7rzV5?Jcbwnh30WQups++vWpZxDFV)dg`9J|)-8av-CBxC;2@ z$E28BX zB9O5KXv4>?;7;Tixe3F5>!#Ohwmww2H_Yi?@*FEn7+z;IiqRVcpYI_9-*t)C^_iHE z_fnhxyn*`BumxXBrrt{ppWNFT;I!_01*}%iA%+Qpr9mbPD#I&ZNXV}iSL6(kM3Hn` zZFip`Zn|`u4J7;9sM5_o?Fz}Fwm^IA-gXVv0sIEgWb%wAEOo#c)KG_Nw&)4P?0QzL zSbzZ|831kCd`4do_-wr$V*}{ho-KpwH=mda(9LIR_{XUC-5wk9qsTzswjYfn=w3(( z^3pfviW;$l##ia9KU?j*?b%r{M-*XJG&ij5e;Y{!PW%5MIpu|#krRiH5`Jg(te}}u zo#znZ_*2PmXlB#FjmnOgF=iZ1nRP;Lmr|kF<74*^uG#uv5~;_#CuETaXX2nTHrAM& z7vdm%@BqF$*c5ZO5ne~1hS5LRE+W2qV$wSB*-Z^~JFCT%bG3GOJyspu)D|N<1D!I^ zKcQN1sBp)v+{gp!5E1T@jONlWN;V;>6o=ZHUP7d*CKyTDLg}M{GR)OO3kJ9-4sFZo z=!jPZb~Ww%;O5V^&SJ7=Y-cuiMo8cefF~MuSS@JKZQWKE*;C)v0Nz+-@t{fJXI99_ zwp)xWV|Lq+m$iC^;?S$7w$(m>)^KCJL;ztH{!+WmhoMJ2_U>Vm%@= zSzr^6y#)qrUzbZ(*?Z;O))GZC_V!!P=Z=>GQ?t<>InD$-a>?Rl(%vZSX75p#A$r5# z(R`$r#{aHXj+S1@QoB@p{62zQP-jp}=la^S;dq3av)xI+fP{L$%!DwSER85OMd!E? z6rDu)+RPUvG}*j;Vt1}5zuT`tfQ0jCxHvOqheV6BW!1^y)_S z4Wm`C)cnk!r^udKW>Eo2n7wa$fVsrj7E5oNTs+))@X=H-|{ zSit6Ux1mhU=gvZ#non$~Q}c-neQG}O$_75W9Kx{TN>S5Rtat&JKj>z8z>r3sJ$sel z@uOEtW~GiP=+f0tcqhSNooOrnB5F1n+-4v-;59S0y)BsTSgZ0Fi*lsQkI$BNvv>>g z&er2GcC%Pe6!-o%M`$~M6nyRvCIz2+150t;Z3mfx&qD#H;B$YbNRR94YX3SY$(phd zNitQ3YH?-?ia_YH8CJDv8BP2xD}gDv&cSx|eLJ8AAI5aAnP> zM#IAj+8ZsYXrzfBH9pc;3wecJI4Xq1iV|vqcKV)Fn6?MK6hY#>NJ+_43{&+9!G|N- z+%}ks=KOnB459nBJvB<(HXNx`vSced(jkh^TeCdpR@k-?JbeRjCeadZ>}+goY}>Y- zY;4=MZQHi9F*mkt{jvFS?|tu8otgT&XHL(ln(C@kr@!tV(MK~J9^dRaI1n4SYzfLL zK)%hIS#H2|Vo%AD@X}pijQ-j0`m&J)_w)XG>fhLf8}03H=^}5m#=zN^^jPV~?|QGk z?T~+;ZFMb(Nb@~!%~j0dUkk~-6dIhV8>2&og1^G9#PS)@iV?cuGb63^Z!*(&z$53= zKuKsqP!&y_eYO9gV8tTg+h;S|z0p2;zg-7Mh?JUoYYiZgzwJ+%$&FAb~QH91DpQMzZTUlu^y^RyA{i;E3WbWB#gIT}fEfpi>Lv##= zpG^Fly*gq_-I_S;xsSu5x9nMOha0q-nJn5LJiW}=GQpl_bEGbx_@WT~!^3*7%tlV1 z`CH7SInKl$9nzGkk_vlIiNbyuif*~Nw`Qc#Y`pehj>-hJ_OWJSIj?R%@U(UCL z?pJYR;?YsRPdj2r&7|Cp|FE+hB=rQNcgv4)JKVTemV9)Vs3K#ss_+-vug-RD%SbxT zKDnHWZ?Cd<;-gH5UJ$KJibXN}77Zp_^h#CSgzX`OeXLzK#qpR;t%!NRqqm&;Fy}uh zHEE7LBGJA6HyUAFdF9mv-E#|ve@5r_Cwv8w{G8#>=v^{r+=QZKG&*SRpwho=L!~eM z@_YLF%k8)!gBx;k?G2MHH%(2cn9{is>nGXEd_Y~b)LQE`mtySY$cqmvT3E?I1PlQr zO%-?2wG#vh1g+)(Y?aVyLv%7!Llp7Y-$eiBOzem)%42pOx|0C(J06X8P!mDH##;3P zvCssld&tx6-Gy|}L#D;KSDrQ)XOMnr+z>epfu>T~v){-$5-h@8%mxI++7|&Au5W>i zM%OZ*^j~uywp|Rs*HJLS zDQ*81_O!XgS)Sp@XFQ_ESoyy~UsVH~5pX&4>WCDlPNo%d zRGKMT>U_CW@(}w}=-498gzfBT4Ws*Gx3bkK#oH!-)vG%s$1 zR)1JaC;@2>mhlzz9)BX|F*X8V9@x?H@L%@vVVT{gck?*&XqJ{kgss_^nq9u*J{$DV z#_E*_Ypq8dV|$ zMO@WmhB1J*fcO2$HP+bO2P4WYZ6}V4Zy++bsb@+SUhoV^axBROooOYggc__~^4zGZ zWqt^K;bmTWh02@*H>j$&@OZ1UcNW*^ihj#+_QIgYlC#M;mbn36+Lhi<={agp)lR?s zM_1IjchkC6t$kJNTYhDQ!$TUABQh&0f~#ElzUdkhwT!G`Ri%w8S{m5}Y+S)0lLeO_ zF~SQt7gDb?23NDDd+S!;bxo_f4N;3IOcF*+sz+w0RUjsFKpWNBOP78?GiLUZ72sKe zOtODmy7&blIAaZZoUgVgj&GkyDiVAB1wqB{RUsY@AG-(oy}Gd9an>DP(skj z89_QT$IF(13p$RvJ$s49WyXZ@^xkQ}Qn?`+!q9YIhhN~lx7-ptTpVKyX26xXzcvj7 z%tie`XwNt$zx8jLtsBfQ`~E#)zeqa~36L7i<$4fH(+}I|!e8xj6kL8vLbUcVYa)rb3dMDWn6Zt z5~Eu?WVccodR{0{i6Hr&iJ}_t{RUs(Rtf;#7ducM-LHDPL^Y@k7pIfgEyok0 zZ=|&Bp}prEjNCl1-(KjsZbes%J&~8Q<`B_e3>QWq5|^ z2f$#+spIi7OZF2F+>bYzbe7WuRYV8dM{nO@xs(92`e*oz0%*Sa{185#?Xtg9nK;ed z6PvkDRl1F$% zky#$hWtWZ3h}STXsZ9dO!?mf6X(tOkz~zV-w^<__&O#5(h1_aA-!=(uPN9?i6KcwIFD=?lxrMvL`+DIBvIJtkJ`IxI=0Ch+>^OpfQJFUUbc9d2- z=S8=tcD(V;ZR>7KP<5R%<2M1}RT(owu$%_mo|8O`BG#?NmA$U>41pOE(7 zc2dG6H~2qal(Dsx7?E8sIc3Fr4{?2n1_ufU-t^*m$+lLRmPV$LtuKjc#2BbxVI?o* zvXKz$pB@;^4WJ=COR*?Wpq%Z4yQ}6N7*#Hn(iERGs(KwPAa(kqLC;h>6toX!x;tsx zV8$rmUb-G(O%=As3c#u`WyF8is$V`1&%84(U~IWzo^LVb&8vLB*Y{t~KYm-(bl&PO z>0HMwuCVL#^!tuV_iOOIjs1y*G@ykZtI9ft%{E(DncE2RU)I)n9TCMSg_-ERw+MTGbS z_(s90w+G@7_n@zut*BY23A=1)%)L=sQRK-GP<-S3Bya$WKhI{nS( zxrRFLWMetY_=IzhC7pqN7o>aq$?{LSIGJDne7_S`a39*FR1-f8kZS4Szmm`{$mVT& zgw3$9e)qBRccmy+=c;OajI{{!-%L7~fQ_ZzSU#KC;B7JBZ$Qe3T5k19<^ymN@7Fpw9#Hm8LzJ zHRsp{pr#9t1+DU?BB#8vvu{ z8=Jo}_h__YzZDkF5X$VRyDb>Uxwup1a0RsKz~v({le7!{zS$ofKki;%JappJr^^p~ z>fJegZw;-ZCEW)wSQ)m-Hg=LEM?pRSz{-RiWHtfUDII@XTp9uD$GTcY$gxJkF8YOmW6{iO zr9p7Y6dLM*R>((zl_mW#yl`_lT%h_+vPEi(f$@3E4FEPFX5>02$m zcoZM!7(_0_3`v<;_RL$Ow%UUVMTXUeTKFdXh@CP}sbD29a?J7r6UT|t7g}aa-WH`O zcdm+OrKXqFTb3fhWPv-er#h*-IsCFNEKh6%rY1cuwFTE>&5ETJXJbI zxlaSzgJWwDRuT#!BO`-NJk?^Bd!=WQyh)E*gElC-u8q+>hGgQLcbbb3I93>Wpy=;)@5z|u$zfI*z2bjOZwmoXk`H+JUQ+NoHqD|g`-xKoR> zoU(8>R~A3z?Olf5__x+Omuy~F_KW!PwLRvThHR3f_N;3XJjW%3!p`j_B?R!jsE4v_ z65qRQ27R#&ZT&I&=z^8p{(JW&?&2Z=<3&RVQZCU4sl;abFV_yhjZ*-rw(OlLzR7CK z1Em%0`RcG_!6bUltCmKmRlb~s>r`n2nC0!*hC1NgKrY>P)P88XzY*@3!*z@MGcP9H zQq|~G?%#l?4(5<9$7ei=*c@&XR>CM0aetDCG`k17kt&sMN`4a-lFgv=1`@X%<#1*& z6DSJ22Fqo-cR%Sc0?U;0(4Dg(@_}^bal}CMjW(>$a5#KUPN81-uIq+UV2*s|DBf_k zglm3v7XE2AWt4j*dn0bX??or?Kc(>p7~O&s+OG9W?bJQ2jshx+*?%go4`gh%}LZ%7qw6>!jV!?#xpTZK7fC)i%QP z-)$yOZ|^O`EnX}z?{I{1!kg40hc{)oo!F>rOiH8?pYnai*hz^SDf79P`HmQvWW6O@ zpIhmBjg%!JJtE-zJ{@~S)3WTGN&f=QNz3FWEJHVe` z__NoV23`KVZ(9f3{#UH0-379NQ0FfH=xscYHSu%EL^B}erJ6W$!}ZB@iB(dB=OFJ8 zNjr*Rz2NO0-P?2q?5TIfSh7$Ya+H_wlkhu_RV+Xp^%(U3YE{HR$J`4P|*6**xoLD6~_A6 zqV^bY^|+`0iQR6WjFra~*HXs>FiPSOb8uFZ>3kU;*_HRfuA zu;Cwr4G6;L;`jQT;>%`* z-_!mbW#vN>>%wgNXu+{0U=DMj@a|OB=jFPSfH=+4{N#oqzCIlT;ZT@mUqI>mvQ2RW zI(NW*v2a{*KY=>B8&qmxn?cqRvlsxrJ8Y&^@SNP33(G)f!>!#nQG>4Ujy;%~2Uw+Z z8p%NB`SWktmIO$cr8Dppp4fu`X&0SYy}@vYQw*)J{mD`5S(m-^C1gx812+G(-uNRH zDK(r&z#GTj!RCaSJQQbDgI$*{(}is!NpgUk zoN{^4e7yiH=P(l1f~QrUBqydm{8%MH;wUhCH#(MR8eJ1=UnX|pC60-B4ywuBcv&$+ zg4rzuZ^ciPK(724+eI%Ar`CSo1Av}W7(F^qBF9usphiKcK@}7FU~8$C)TDvG^kB(S zsGDiF6P0ERtykJ2Bi)r|n+02&3uA-WzQQp86nR01&JPILSsp~yUE;+3d+^0 zypAMNJ+c3|glnb|Y&&1PX_87qnk@B|c7$-29*U{5y>*tw;h<(*6%e0X!~mn3I}i1a z!_rlkdfXLbakMB(wWL9=0~^FAPD|r3W1+IM7W=qO)}mnm<)1Nk~oP_`%eTBGzVlgFI{D5yym*jy!-vvbVDZp% z>4Nc3)u|iu&Acu{Tm!W}HKD2waoEUD*6H4bbZNDzFIQuY5Qx}fc2c8R`_@NWa8?i= zC~D`GL+)}A{nion&|Z!S8=O%Q5~**+@CmVi)G>(euz<*DD4#q@9x=926CqSeF8Xn5 z)H>EndtNho*D*n+X|c%gWTss${}{LfNGmRW6(=EZsheODbY}C89GQ&X)C`VmwnDfu^n1M`RN}^d><^7n+UrWY)zZ&SifIL<1=r*5-8EkyBi8 zr{^llAq{r3Xye>cjpWEbpDn}SyzWPIy37L26@N@%gBpJ`jyALIvT3c$rr;>AhbbK4 zzc+TiyivbGHH8vpD!ZwY`Rp;VN5E9uOmZGtGv{k=@zmw*R$bNj_TpHRl)LM-kwLW# zGG)<6nZBO5?==cb!Gr`dBLkew);V)o`^tT!n|Yh#b>6EX?#_3r@V6Hn6l9~I%?k6w z=n9?T={ao#G|wLsO)A#z_y6rZ>de0rB-i6H-IRORjGOJWQS~)_)M4Ln)Ybg4b=A&eZsx`tg z*l_}RxwM+t5JDC^R3VH#pxs`&cc6BxJ8xosZuW-f)AN~oI_tF*^?Km{eh>3|UDV8& zG%&uaa%7AYp^-1-M3>6#>qV1n0t>no7%I9$AsUs=CetzE@%#FC#mMvf_3iWZ;c?VU z|2=b(_x)H$|8+Ec@_o{DqWAaZ@>P%jJMDy?|9k)b5fLrVZc9#UW4P z-N=9z`Nh|oMy!KmfD9SzKoLHA@vGIH?~C8>cP|ei0>>1x(sOKRP11i(IgZ^%kuZX# zdB zEc>%G2EsfN1DoOf820^|moR4%+Z%SMW^_&Yw(}iw68Q~U28~^$hg2lv^mOX<99^&R zjk5MPDv%r+sR+x!Xv#*$F>^?y4|fX&eP)!t2lE?^&q0fc4nx;t#rpVnb=$8>Yk9!0 zFF|6)?y-zrk0+R=USp>&oJlMLQB#HI#SdN~Rx=3sN&LDSu*{@4*Q0(d%N({w5)6(C zxlR3hP7DRm3Z`-oku@6m`kUT2P$mn2UJB@GK*OBK{-Kh&CDpWhVp%n& zfo$1sI9pyVGuJmQ=lxlr&k7&w=&jFD8!J|==};oML-ZhwsxF@EQ3KX<%WErB?F?V@ zFKcIT+Cl97`c)3=*0M$QWl*xx+=0zUykj*HO0p-ikRhSx#0UoO4ImPeJOQX5JFVjmD#N`1jcp^4sl_9@sch0*lGch6 zd*WJ{Yf;{N>1#=UQVL>LbR2Yd14sl82F#+rlpbie_5#Wa{b`_&&o>5qw9hz)-;y8F zDa>^J$W|NshdFC!9vLkyIgNE1-g({-b1*7iP~!`8FJNHMnSEy`$h zPcV04_z3=lg0201T1|OFD3kmuwm!Jf`m0-0Yc<4u_faA_({{q+4N}3utt#KjBE0Tf zNVaZCp1={t49lQFUA9~ZtlCUbQLU_0-p(_&ykC2qz`JNBII>J}NYq-|B>>~vS&BF^ z>B(0eq{CA8*FHcFE|tH6#^I=r-_Q=yk8S20VlgX6ng|h*Od?cwHBnw^p*L_vXymmtqzSr zRc*cj_Dl<@n32e8L4rmf1c%1i07(N+ZSy$1s#ccB%!>9moK$?0wdebOV6SmD;Ek#@R5f!-Fzys8}wp*>k2a6IbBdT45yB);@ zc-qNy`?YGB|7*iNeP(;;`eh3V5(@!x)fV870QMIH7(+|hnvwckRJu?A?+8hk#?jW6kMfPUWB3)kCz=U|)m@{7X)Pc`9P(=l-75|z3P>&*3)!$R zlLO1lYZ)ViWP!N**Q@~!hMhlx8qGYsqxGEGu%)Yf5?8KiWJLp$`5|fW)s7eui8osn ztT0qm9*+y`2(pO=McAUcKW{-Jdav7ST3g9g`Q#uu#nD$^0}pd)xPy#I@$HeLu?!^f zY&yODopoM;m;iBLs)BWi>h9nnzZc!;=_KkLi-`D+c{eR0$<{3W9bI0))Z7^M`H0j= z65~Npu(+FYW;~hSYmH%&tJZSsP|S*bGB;8dl@8kKYCL1ReHUVOHJY`mVQ1}oN9jT# zgcK&JzLV0T0gDidSinBGXn_Q1&Lg{kvRt|#++qRUV z%k#VQk$ojogHk(|9speZ8 zbi$3nME1IqsPSLI_G)f^y@Z}qm)ZhAC+3Uci2LpRD`>=Bt2L6(JgXpL4OW;&LH{I3 ze5H?mjuVGLj|mOIrk+&pgcgo{$=l6Be9k3KIB9_6jodNR{&aGi|L$}B%eu9(E|`2C|oAAp|_K9?)lyobk0-?kC^jjIvhv_ z0rtVWnj9&q2ymLF0vp2Vq)Y2%kCU0j*-mExE=IUMTDE1}5hfB^Ox*f;fw^GH-+59PcrXQMt8N_d&WX0Gpb#@djXsL(o3OD0g07UGVLgZNO0!ImM) za9!c6M@R0rpLizY)>Z)zRh*NYnUhsHupNOO%FwR$yZ{8pCKK_92*r{@oIb zhXuheBeaIv%w2VzZCB|Kau$XE*Yv?*8&z_K4Pe|JOV=2vrr+in!%AA#nzr~n(dRGH zEP45~GeSI>sZioH$T|hs4GtNe3J#DU@BWDDAB?{Ja8{xiZAHR^M|bPP52G@iDvmeno$RMO6^U%t{k zL>*_sbw?oo=&6;7z`c#a6zl@qs!3Dk=<0#8sfzdRPmaThRFb7~lR^lSb|Gx(8f%j< zF9hXzr!;qZQU<0OF?n`voN25;-0ANDIS5<)2P?#@ZB3h=*Y=+(1Yy9ec%kKu#rlo0 zHIxGt?}BGJ&`?mL^XX^=xfKW$L2Uie*4Y~1(CKED1}Jk4kZ$`prRAZw$MW+7HH} zw@V$0nGOzEQMLkWro7-_rp$r5(Yic-+b&i@N|PPSIl(i{h=_P0s;}5^{THvNme|(W9Y2tL~a+#gRy6bpClO zufMH1FQ9mqVt{!_Z5BpgBy-O*luB_4=N8CpFKSj&TSkmbg976wVUCoj5?j|wStbZ~ z`8`pRfxf*P2_~0VwPq#Iy1*MIRQ|>KKpSnTUwc5>Xi3W0?mBH!j8JYFxgpUS>ViqU z*)N%<3l@;H(_@&|kZ5aYO}%khUXmDPQ4D~x^8s+BrXm_7a(eu>TGWi6PeRRj_L@rk zR7QA%N;8^f3`p)HQh-_N|LSpW^iS@s6TG^$3f|dS1Re5Ad<7luY(o6=i~j&*^&)GhcG2~4*wB2Z~89bCSxr?o9-FYIfYi5_N0W)OX?{3xt%|_>vFf} zY(@@ZKy;b#+lIO@Ov~{(}zmfhT<_nSJDuq@y*pohm{@ zyG?yfv~azZ#EDM}Y}V@X?0IRet0Buzi;|_}m%5&%^D4{eyeXu;3)fWLO5s53VPk>np;-9>JwBds@mP1B4{D2VwQBx6%w5hov=3Gj$i4% z9^bsDy$a>O;DBliA-tkCeE)w}ke=KtwkgN96W5{V*pj_*0#T0oFGc zSyi%%;6yz&HLTs+YysVFDT=tyRn`^niTz2s19U~H4A_xxi>VhjLh%D`V3P#ezsrjm z88h}q=!DZb`!-Fbr8#;hm?5ERQ{`v%<4LACZ?MAz;nUC!#mTx;UhzV~#!a@)?5GW| zXa|tDKt?BK3BBE&aY|q4TPMor+jJ2$s07ctfGzZ?b%?1R(WQ{bgh62;+-!tUpPa+c zb0kGDbN#WKJO$~~%jziZ(5LH(P7(PSVa&P?YW`_!U-bJt7Kg=MbO;|28%!<*KoqZq zvtX%%Zd+UbhTYZ%Jq0M7Xu5$u1wSzw%@od_p`1R);Lmc%by|$goBbMae5-`iX-D#h z_SPykpUzM(nZ=pa&ruDsnKhR)--}NFdtO{$?gc8~XRr{)P@=>>zQ5F0(x|TRR0hTz zk<01y6+p9NK3S}5Bl^{8xH$Ozx>F=I-RU^nkI%F!4B<7VkAQVasEcz+IAv2G_V8+7 zAJ*L3k8il~Uw!XyF9}NDOKG;p5WzZ)Diw{na=0rey9__xp8Rvz^sK0gp7t)X&*yk0 z9Fut=OPvcJD~Ct+LT5#`ozXUf{ZTRkp99>FqwEvO>W*9@G6JzMxhjvt$_G_^CQ@;M>4DytpsKo$sL^k78hJz{IVbHNYVzXk& zI=4wNs|H56^^t=+--<>CauAyqoLMaou@hQMU?_bp&Luvr8j|b6^j_#IN-^^E#PSRD zS;?p@)X_h&uVk)m_);_+V=>rvxM!cFvKmh}H)*^)m8)ib`gg*Bbxj=P@}=f&=tUmo ziag008#98@^<1V3!iT}^K6p0O8HG&pNK=#GIu`N-%#@+UkqA|X&|JvaW7?omgEju=tS+1AcX@q|a*fig34Me_{iYmXiry`qO?P~uhdN%Nk zCxTl9Eente*3IUB{ds>vLvAj!&li_%XroS2M{rVam)k>XoagB{J6D#HUNEmbFDVh) z$f)4EyJU$oPF-)4JTID-yB{Mfk7JXc;**gVrb=I8D-MJ<5+0D1%*sme9GD`bIF67J zmp5kfluA-W2=`647XHNTdmmUf3LfXl9DP;}8{_HBdOqlKzn=KX2@y7Y!vA&Oz~Kbx zD8PHF&H=m==>Gi6>n!FGpM3KuNz9vfP#a?NnWEhe!+mZiW^?lW0N5zC$t=n%X0++&&LhN`C-dub`F8-O;G&zG6deI<&P#P)^~R9` zo&m1U-g(0yJ3h6uQJMjcJaXf01Qohxu-OCnQW?U8`+0mcIo#+f5311yL$m-Cg3}%X zY`44A&WHa1xy;;DRNf0lK>>)=pyN&80;WkvqYIv=ilD`*LwQW&GQoPjqnL0&a-$Cz zxKie{X?Y@(iX>KLv30!)i;Co#xv*M&CYv$1mBkMrq+X3jqbY{})9=dk5|0M=11#6$ z(W(o6KxnnT)?YpqNy-iKyc@r~>d+Y$rC*^CcYZ9j z_`tQ>{V2Qo{Qtl8*}1kBL2>@mQ%Jne{Gw~toBSe#Pt*VVD}VMLcs^@C_I_S}dupIW z{~xr(IWM`a)s>nM&NjCVnOa`yRpK3Pr_eIV{u+?-gFwnVw^f?FiC)wnaZSMY+F{GD z9oPP7Kr~=<@0a$n`M=Tp&UZR!tATe0M`mEl;gSOLu{?kWoWULBE#iN-QCnL z`$q3*F{l)uj`rkIkst!w4EIv3T(JaBk!uiM9i%>dY%td&U_I9g43?6n#BuqtWLS_g zD5iXFrfzizA2GbylQvjY%Qs$y*JnTBsI-IL9?UifRPfnl-=TkW?{KNsh*=`HiF?Un z67gPw{bH*9Yl##_MgxXo$vmyx^Q0jY61&ku68kLD;mvGu$<%=l3`4w_-vvcQZn%XM zr5|XS)G7be$;tmTBp8j$8{$h|m!Zr;RH8W5b~F^$d_0O9uL=bnJ zTDR8a^bziZ^a-g~b{a$z$3jx3Q)1~yE{v2Bz{yAm3(Py^0ok(conRs&qWMRgeFV_* z)%$=il7u|F@c&xF0Ql>|-D%!je&lh=T@vgdD}8LSj-A+Nfrxnkp1#*oIQ`9Xej}y2 zp$E-5b3cfPpHjU{aSJv2uk^rs(W3JlwyYS`O*Lef{neVpDzK~1?uGS4u{Dhp4uu5t zb>*uUtn>{Fw*_zmeL~5b@mp_b^df&Fo=jTxBU79e!_}$6V33UTI3CGB$5~b? zX_oVQ!GJ%OiS9NI5}kj)JFYg+7l&y4qux(JZ}YyL2-o`k+ZBPuIK&@z`t(_3>{mfI zLh$Mp?z7rle2%UzCSIFcmy=|*5o=V9VTp1cszE3j81MVnF!K<&=hNrJFXEVy z9EMGXi`eOV>!_f8s1xf+;8$Q5DwmJ`!QwTlWL5A|n1U*KtE;2ht!(SEtbL{$3+Zk% zUw@*QCqoP(85k^)?F*iPow<-L>(HhYmzMYT_){2FH<6&>0P66T_ZUo3$r|*6>AXeZ{ikDIS@Px>)}Ke(<4#}I`lla zWTdlXYkrrkAxr<<7B6~3Fvz~f9JFk?W+-FpSO&a}FX_qQNbvv-kx7Ds56lQ%WDaaI z(t&nuVPAhfiK|F(55zy@Em-`_h+46JT}@C}@UG*+`67D}{;on^LvA|k+-VJOGGsesP_eLOuHY$>K_{u`9RvA3uBm4V@KH~` zlgb-)!k-p46L^C^w7{-_2YSqApdI?Cd;e3f6;@$P1OzevF%XNLvk6&PXLU<7puFxl z{VVSy_^|Bat>qx5Wn#jk%=vP&8uu{b`it>~rp0FW4@53FJkLa5ll64dVPZJqxY2@vBw*4^Vrl;S)iG`+H?0?V&J8j`(RRt> zx)6C22v@%x-Z|fnkB{$6p0zt`1u#M?CI`qts`yr|I&WG#N|L)ttxJ#V6tZqf%(uOwi*GF=cv6Gr zj0q9ieopTJt!FTC0vXs2j7-WNA<1J|jNm}`SZ2{8=Qx2z z^XJ;j`~uu#6XwI=m7KkH{~Dq0lVnYo1l5{t;?W@gAi+286Hwb)JX|`9TslqAuSiHc zT>hJ1Ae-L%bH-5W-t{Vd1NoUTW$N^__xXO`gtKZ-w3KwGlq24}b_*2aOYH7Bjjm$9 zeB``y63^qom^P&G@L*4^ri{VC|A$CP4urNoUvn(^RH4a(Ur*QPCC(2QbixhrHH&-q zj&NL8RK}B28wGpuCD*)PJid&-nJHhpy^WqQMmh@HMG@hD7zH56k!IpE_b7UhTGsef z!1sAQKQ#VGV>3G>u%=;y5^U{nrM_uMlqp8l(OLoI8CQj!A~Nv=!xa%4yF+2&3x!_j z;R%I?#T#625gNCf3y;~G;rvJ5`;l7V2?u?DB&+rRPU(882!)$4m-B3Q(;mE#GlRli zN{(cz+guLSx>;RIiM-czJ9g$NMNAM3M9%rL_aS(MokT5s&4uD}ap26uAiKP--L@@h z|IjMq=}7`wwSO*BQ2iB4M0AAT_%F9J7SGS&ZICs+>pEOA6Csw7uCB@H~y>8HN$!!C9@u0`{0{G>Feor2aILHf!7L!1E?#-~d&OA)- z0}B7pWXw~4z+{T-<)#+Be{oVTOenLUDKJ~Ks!Q||HAkc=7jPh(BtsW$Rj+;z)wwWw z3gjmo;+(cL51}!Q_b?A(S>Z|I6#MTpEU6QzR;#Cy8$~S>y~%K3T$vNZ*g;0z$;a2V zrPr9zF*xl>OPu!ffG9yw3}$;qub8y?eU6#ItvcJucd@bzBt|B#j!KjyK(mWZzR5pF zP6XwqWX*qrC%yRiUoYMd&v{>t%{*_7FVEf2*Q@W(o9}MtpIUFd6GilKt*-n^5iGwr z_PSo5u>a)YRe5V7kXx-K%|7V0WAxgWzJt{uIZ!Sy&NJ}Yo5K>FI%5SQRkvxVxVA48 z){EUf{xa)koX&WkM|g;B7}#b6Bg8G&H2EkCbiUx7=zF9v(3}`TwU#!I7~Fn@5ynDT z%z72jN}k@#h8B#Q4$mJo6`M_kgZ4Bm1+xJu^GQcR9mr3nAVE|mVBi3uZvxH>^t_`g zHxrzhbcO+!g58+8}snnKD3pTV5x4 zfG05`z@q*6V$kf$8ou}`v5*bvlW0kJaCF{Ey2PBMvL1Kl~jSQr;Z16N4}JcTCIY6lH*JchAYSBn1qX4QA1r?2g% z)Bf8K0rV$ufleEDRVllQbKdHZF_!vvEizm^Jag!tb*t0Zmu$8qJz%kFml9%CBDJ0_P3SIh6mlNR zw?;&Jq3Nqw6IV#uLZcuF9G#rVj9g4Ef!ew>7bpfQmME9mrLhMCkoZRc?~nm|S^K@c zQ#FRgI;!5T+-7bTpy}?;YkHNc7X(9SrvZYMc-a;okb}zq3uTTw52 za<9!5-p(Y6S~azPkP!PDw}?fZbJm1Hm*}hz-WGV%u3NI%7y;Tp;|XMZ57Q)0G^vd$ z4Of?Ngjpt6X@aaFA~MQ9tZs8Q47VlE@)s&i~FzHLQw4D_Cff&RZYYU)?xjI^uu zL0-gbz6*GSa5sU!p!;};*W*%ribETuT*=mtYy*RNetm%%T!BY1%q5I#z!G5bXZk`! zm(9ImX;x15W?22K5C{tt!iqxmn3Q+2z1_ETEx#FpPcyBR-gF}$< zzw0ZdoAE)R)8x`IUwHfXR)1}qmt(;wfh!c%hTl7FK_-D{p%vMrLk!6mOTQ4L0+B~5 zz(@KXV|`(v5}=r3!nlzkI*@E}j+O_PsD9$+aaDSL;=Qt4ANULZu90*;*xYWsxSo6P z5izdTSE#vY8P@faID+hZdl>3^Z1Z~b<9cL2Uxf^(-^8X9Dm&K~O8 z9_m6qphe+%f(MS^DdpeR2@ktT{K4@m5MA$ef&FD`bstcxEaN4$*WT*5B~`>uG`V;W;Q^+wvXhvmDDi zD@*RphrC2b$pJP=;W)mi?i?M-k;Sp39Ahx%eC212`f?Y)VAKND)f@-!%mC^F< z9*Nck2CX`INq+bM1wp#orf7z&ENm(Ez-)D}?j% zRtG}ugGYq;Xs~H0Ai@O8=-LRSM}6CI)9h5p8L>GSH@k)7t`7+~4Ld#$o#2*_xF>g`O^Hg8R9 z->Uph03TF#(udD&2hJeXd=pL{9ucqIExe&B)+n#n;wPl`z{$5d=z(Um{@Yr7I=r~8 zJ{Z^p8bYF2T3xZNSFH%hx2f&mSp^Tri`1me18{ z(8Okzy+2XA*j-KdlWNv^x9jp892d85tKe-T2-FRB^uoL~WKq`r@88ni_%@aj)Iv_!(%={ z7>_^s1o3B}nWWxQ?~(dF>oe)k(}BP)Dz|&H-roAI%|B^9Jg=n z7|P9uoSmaUq~Z0H7})kKMF`pjulTqFNya9ZM#5U%2nXXM%e#W=NOw2Ax!;yBoL{e_ zxANk8nVGR+KRrC(u2$;&x?dkZRwjtwj^@(zmQ>uWfujc?dXNy5(#K`Sv6B@lSj2a~ zr=@nDn4+Lkw<2kq%tlXr<%&2Hovd+Jq$k_tZ0J3-Ctz|9%&*oSAG8lv8PW)PsH(?U z_Fv~QnQukxRlJ650jcHT~flAbCVU(kwkk`Y>Rk$gx0 zEWd4ug%y!hNoq=RYTz84a;pu?Wr2r%0ZKHArScesr2FZbEANhoV8N8Fz9+G2OAkE6 zGW^61&$p}Qxhzg>l#v-(0R}9*6j~9~)n{BN9|nJJoOwbeDPs#cO_>M3WX5pmDKHRy z`=l~8Co5Ahp4x^l_kxGSa7>oBd*wv}4(T6#kcvGYfr^Aif4E^pM$=H53fdF5%Stnv z!QKb+U}xPozvhkQgJ|^7T0x^UId5i8TZ3;l-Y_PYFrgFeaZ%=OQZtQ4jwI&OMKm^- zr(OpGp#*^m{$eT9dQwnHG>Y)3&);@3?PHw^T+^;qq#&BlAq20l!l98_Ezfr{OZvj8 z44EV1VinEzE9*j@QR)^(5WM^{*xH&8hS^ePJ?RjNrp8`Us21Z<=x8pJxW9sCG+r>h zpa_5=J5AzESgG27uqG%h4c&b%n+3aD5)M7&W$I-g*TYnbm!{ORSE zrE1-d78Ql|H3B6_lhXYU4iw~go{iQ#(vIZ z>E!wMxh&=uEk4inPGzG_G?i-H@d*es+lb#g@KU7qLR3Se$I!Vy5?)T#6)iXy82X+P zC#RSy#7YT(NKeytCeX7k>clT|fGbntKoRulYfEz18Zc1p1&kV8u&;f}-d+Cqj{+w_ zih&$hTnfJ)saMvyFy;oTgCi%q-Ver3$w#8#xVt_L+8q{zmXMp=fp2iqQRJQ-#t@il zNMP>mQ;&`9AF$1qvDYrcApvq^Wx%EleRR%!{;fN(# zdgu2V*9v;ckGy?kRQPClx4QW->cs*ED6RYQj|=(`KntuIXkOkekGF5bP)5&}Vvj$j zRh`=|_{(+}ic&7{nnv8z@%gKzctE5_r$cb&e4s9%UQ$@_&DAj?|)j5!eZo-pVuYI$VTv}^%PXZlNkA%wF!_&nmXA6Y$}H? z`Ae=8*Bj^YRb4p+-7m_gM&sl7eXsht@CR`Wm*&auHI^3KM3E^Y37?}^NYrrXG_Ron zGV)xgiR5Iwh}=d~04U#}WJi=T;jZ{y_*pG~zfTRUCU;QAYn<;yVJcYS?(tj%r9W%d zcM>dg+caOCWkFRLwLm%a+{g3{;kwE%wV3X8+}=leMKIc^q}yloN5*I;-^E2R*r>+e znL{x=2abCWp})v?xn`_)eNoT{ujoTp^siQc9k8IF?-f6dbn=(x3e6nzXhz1~y(TH* zN+u!(HBGWC+qr3dAz4|BoHoDG_aViP;=+ADZ9MpVe)P$ zUg&^d6;(1ZFM)%UX+|7rmWGV)OotDadVs>=UJAI`3jCI$r7EzJzUuA1qmPM(Zf98E zm1yeHLv%>Pu0fT@IiBF-EI!>XL&Np`P-!{b*%v$v63Q|z!88H#z&Bqo$h~%8X0Tg< zr}Zg=nN)%djYdnlk~jWjNd?H>&BcZ%doyvqAIrx^U{;Y490+x)4jcA!rwj-2`;U#k zX9vM|3qGu|jo%w?46zZDqfP9~#!rct|N03jY3*XL(}2ChBIv^M>@MGG27W##Y6=Qy;ozzyXMCcgGG^vdM0?tKza5;M++Gh_Zo0eMxPHQL zzTOEZ7C0YPYC?G9A98>=**V@Fwzx~Hm1qANTMQ13T76O4aloDqTF;Wa9F5~YBU+*q zn!)96heWqRcySpGzB1oPFyc`L zDd^{sWkhLrCU?gyg9u?rJP6HI4w)#~O_Y=U1Qi`33{9_rWfQ4Uv`D2E^}FhIM~X?Q zWrY-2?p*Lpa5JiR&8+nscp#q)ul3b}eZ6m|IO_=JGmE>6ch(iZug{X>mpB!TO(8>Lut z2^7ROPtLq2pN5B_4=@ZOs?DJpHB0SI4YM&#Y=$etD*|>ILsWA?GzTaMi|)|$wM|#p zh5jLV`1}a5`n*3XaX}a^4b|0Ss(jTk)hc|e-kzi+K00AnCNI)cUip^gmo_uR;;bmsX zYt%Rwx#gaqw>!ZlPU9|6AR=sfN-yBVK7LQckKwfXFBlg+_iW)1hxUlxLl#vCt03ac zvzjIfdH%ENX3Ug>&naBTd`y+1@D{pI*c32WL)m*I^g_}{He=j9k7s}RdG=KloxfmG z<@AzkB2Y%WF*1GO8#JUwn1rbz)cS>Q^H{4+9G}mlNN2NaA4drdi9x|DqCxo9Cghd? zBjsFUuNnFF3q3+|C9e!Mn}|q+Nm^X0ZXOyan_@KQmys;w-z%U67Rhd6F94EmknV)8 zv4V{IAF<4=0=grUnZTp2{2(Yu3Y?Z- zEP8feWAciCrgp@BP63d=h=-B;{m4DS=PU(8pncV$pOE&Zpt9*bU%mtn9%dMjzkk@K zK%?daW@+d}3;H5<`f_VEpW|ejHg%E<#PLiZgTj^{fmxeck$k86H~f%NteAZrG?kj1 zI(91?#54*A7aKd9#)1`&SOP6%?b0gPC<;;v(^Ne1!FJa}(SEQ#DZ#DIsvVYHN7WEWy+h{hk9JDzuW{zj|75o<6~@?xcSRqc-l86a%4gD5tp8JJ zoY&4zKK`3d4Fx$!xno9;;vj^M&EKf*6=wi4`rAjC54ci3HB}GIladJ>rcI9M*7N0g#UA60@uH8?Ie2ssfA>z4_^CCHWX1_nwVNiw ze!DSPw(;!rZY$bwqRM^|)}>Y;Mk&`8{s^130*1k6bF7B%Q% zv>B%3g))b}(t0c(vXGi5Fs(SDe;%T%PVaw3FIc`T!}70YLWzsQCz58Xi#)Gj2*AzsGuD8g5v4 zod2>$|iGz@Gj^I!Hx5lnMqU-I%i znC7~kB&L;l0QHn@0CiPeKwmP;>U_Hnu9bO``L|A@Mga9MIPZU}x>)}K{%`XyJ7hk6 z!*(Hg`7NALlt1m#x}b%ouaS??a^YTb4+XeM$Uymuv6#<4iX|WQ5>j)GhM?U8lT|CQ zkZY{`A|1guZ%C&Ol%R>}H$u62L;r;KN@LnQbL^wX!&)=si z@3>)*`&WbX(}e)NMRpy&q#3SoaPz9$U=@(vnc*R-a03F`b)J{O%o!aQ8!I$JW+ZjC z<*)bi`$~W3y%1Xfj+tYk_Kx%Avk-#?c$J3oz=ch9Wm%?xxAed#!wGk1ofvBNhS>xD zE+V;(&}$e7>8JS=NbL;^S()^gRRdLU3HwCiR;p#Dia*iQd9cLzpr#B37TL1H2(q$F zrRhHzME@M(4a!1iC&Py_3&dgs)~qszMVmk)Dz5T1GUq0Ab4_m$C6S-9&57qSb+pjP zKnT|1Y1$J4UQS+=4s+wh;)XFYKVL|;I+M;c~qj5Apd}R;R9NzN~7z>e+1#9Jj`|-{)3;O{eTVR@GdMb+6vxaC2+o?&TjPTq~womhn{+=L|70{%wKp%+qI2PAr+mKKWuAji=D9azfkeoND;(}t6^i!D=>!Z47RmiL@nEge zNyp~J+LOQspRZN~4lU3zO2I8n|X@@p|7xr~VBzeFJV zsAeX$n1a;rwOZR6;r0@1i~*g~u~ME!*7eJjgv1axM*BS}#^@i{II1ybiXfA9%;SHZ zx1yq4R{zDNplWFVJ*-w8Kg&niE8SaMTLpXUA3$3@OgwzufatU$A9H zLUKG*4R5AyK#c{7R5hU8i0_SFAjBN^+I*Fv(|Gc6UYjYk5<#8CDJ& zk16;_-Rz{%UKV1NhduMN&8i%ScxRNJkY9qtf#{8!l`EJTNvR!-e2RpgunCg@IRc|U zLuEd@#2uorRwx&v%%L1;cijuCR_-D`fEPY7jKSJ_P zp>{mzEugV8yP`M^r5Abhoa1B7Dc~37D7$W>E86uZJO#7G*~fnU2-tV-obR{9jo-eR z0QGsFqS&jy88s zz&g7y3k>x`uJ>jErV{B zYXhs*bOA~Tz7kvcKy}wWhSE18EBm4%N3e6Yvfhm(h-$Y%&T<$O8Ch1-D{rW;>GOG5 zSWMvYL4mCIt&0gm?!QVLZ9Esv+pk*h4H*p+rktzUvGdg^6pK`+T*^@^v1d_`WZ*ch zU4JX_*otHJzizM&!Vx}#01N-|8w?P)XM;yD$}qb!4uZW}hr*y600*!7HnR+Z<>IsC znh9FCXp{O5XN94k7TL@h*mRYDeE z3-#QU5VATt^fsPRd~>dqIK-G>ZfNBx!1KNOW~8R059sGdAa z!z&b69U--1hkHngZ2U$qAwDh~q9|Ou4mw!ovb%0%TP-zW)0ZAIRc~Yt?t_t_a0%z! zyKZjPo?5NJT~@w2u`&8s?#+Xj38Jmlc=|DLwD(zGo8yC`c1xt-iu$6 z`eLttSaR$iwMF<~?^*3)2eE*~R!hY^f;=2gADCdZJ)P+McGIQ9kU2lfKVu$$I|`1d zoLuE8VuI>nVV+LOB|eI-jXq;PojXmH8dt@#iQ|De4o(NOf@r`7cn~R*+6|wHAe4$I z>7|y!)xCV8?A{T;5~%4iP}%-P-Cm^98>sL)&75>(%!RYkOSr$_D{r-?D$SB>Qsq-F z65KwE)C%keUJ;+Y3tAk;bMMQ)OnB6uM8GZC9sApT^$V`ggG4zqBcDAb5K!r$f2qhW zsTL0%69mQJzB`p5-o(N^a@0SxC_O-;B{TtKwivO9?b+oE-JWy<3>vUy&OzQiKb!)y zPx;kfmT++|mI^oIBA=$3cnHij41%l)z9l+xQn4Q6~5_hx$ zsnY){cGV62BPF%?h>LH1zFpd}qMQq@S?0lD%$xIG`P9ahI1af^HN@XUdEU_1 zR=SAZ2-Lge^BL2UF>amlR|iA!@3YyPTS{2{$IP zafeJI$(n5h)2OVtKjm`M$kLC11pFrM{$6SG)3a%h`}FU2o`0%y?Bn*I;x;Vy%o`!2*}S<}3Jcte ziEF?kOuhS)7KEnUc`{N;7Q48`DClUG^Q*HH`hBuE?Wew#npEdZKGp2z|> zGaO{7wB8X-2}lBlV4mE?5siZ?PcTj+yPI`ZTl^&_eM}C&O}XQR7C>esup}4L zNo7-a_z#Nt_-v}n!bBd5OoM!$Hja|fL;+sa^7DV5+ly&q0OT{Xbbha!F&8v|s+{@>Gx=Qd zuMhYz$wX8?Ubs|iH;fYPuz+<O_~{NCBdRaw=E>ovLp4qh*&TTiB!x&3g(w zgct7D+Yap1R#G>Br|&(*c#dqSQTgLEhnDl={^+FP6*$8~$+zmJ<@y78Kqm$U)mdsSpZAc)4;YOp;Ii%>~eX<H^Bnt0pY2dIqi4kfwBr z{QEgXWfur?j}Z1gD@q}OKLL8~g~vObS2AQt`f>WT(w&~DP1G^O9NSPQHVE9e#BFDF zQ}vWlE&|hflZLGlYkb;_n9Z4fF{P@qj`dnfApa7;P_^69yk$whA@HTew-u6kQ_WVh z$}OvB@=TH2U=FjdXUw&MwExjkt1gTK1EzfcW2yG!}OTj8|8QCmfxp`@VW{SwbpkiX#ehO}SV(cG1IPx1Y#;SUeeT zp5f^ooYgV7ErBlm{BR)xjOr!PtRnbdwg}fe7sTKOcteY5(hkD}^yeFBeWgmZ$W4me z0P62zBb^WY~l*^u@IT1!C1q8jQB3 zJ?=DsAT0DOnTC_9z3mcZV9<{Q9>}yOa$`2jh0Eu`_i@IbQ+u{RG?x)!eHv;?M|07G zV%{bVA99@hnHF4>!V~Dgog3xC&m7+I?m+G}+i>eyCBooq)AemH>Ouj+@k!8qt9Dbo z6Zf#J{I}#S2vYy6dtTHrlmHH-kj9wy9;Lg>RtkX1?|$XED$Ktiyh91B;4f`?7DbSJ ztAU&35~hdL(*{k^`?Tt(U3`@x$LB0^yA4Li;hn}{_{7a-wnVAMMZ7)bm)lv2wR`<4 zn2UOsKZHkF^eRXA!-Y%GZS+JUsxWmI0nJGd;2-3t2d(vuiT#IWV!wdEvT*bIRM#sU^X*+G^k9ANZPoqafmeegPGI369S-0b_IAh#&S6cQ%B$waKUZiL+DV55qf0z z;8-Cl1!-+NrazWMCS=o~O1TOkBNK5-YUVB}p|Ei))UISWY{+mzf_J@nZhE30AX_{k z`+nOx&_lqMq^!trSmA$Qhk$>Vn63W{{GI3Lx$Vkv*^%L_uJg3{v;XdVXF-OuvicpQ zKVy>R&?Cb={w5WF0l$H*ta`+C%*b%mR)Y8a{(DHSrQjXk#{XvdUtonf0Irp(EF>l{ z++ln@Y5)89Ac5WMI>j4)cOmMw^$Sh9d1UNw$*+QX-Qe(;uInHF^rL59j)vtd?3Y zszY}>l@dP~P=P*d4=-yZkdX{yzMLmZ3vi+gC~$fliL~&!558k`L+ke6diisY$G*x_ z?dFtXl~9$|nlLI^^k&6+6UP zrgT-=?)KJcW{_&xfA02>(_-A5Yln%KKG3 zoZjYikYYCRbz~-<(jN1v_YT2X6-_~VIw*I?2RKDCQSo@G7-=dI{48vMAdcG78g3pF zSLkhjQg;cR1W*|27|pkSa~VVm{72*8dKc`_Gd@+3J%Ta!GWN>Vv#Hu0ow$86iah|( zPR3dDxZi9@Hv#-*XG8l|@d3-bZbS7wVapZ9=SHhi4H%BId9rq)c%6t~>LX5HkqsIh z@KX0yH)9e?ee!q(y0MTL1#|KbjtqKvl?zpa(wucqW~|5B5k^zz;yGP?3Bj7SF)MKK zcFSpTTS)AP)5Z8k3Rm+Npawm=KC20Lz?mp+Up*y$X7C=byFJ%^ifEmES9i{LHv42R^$<5uEQ_t&c7 z)Iq;v!TijnCJ_xI?xg!kG1b?m;?Tqzt);kUv~MSfyY=;VFJi!9LUQO4X|wBVj4ps zu=-^%{hGFiV$QKboNpqcB7}WAy?&jcxN%~ybt1aJv^goqe7SpUT|HpMX$J5R<(6n3nUa3y)HIHg6 z=-vwHb>*iRl(}QIk`r`p3RJoeQ;W~D1=sAk<7G3wE3fOdfY<{w}V_k z%qUmj3qJZ7hbSJH4Fa*jg~Zxc8hh1@QzS<7sje(0r;^5;WSo`Q)mSOlW9El zOg~Aub=#k&RciNm;6haGSx~?~6>wE!mHHeyG?oVmMu-VWR9FllYu3PElw&meD>pS$ zO-u`vR*s1_oUF$0-UDo1pt%Ml8Jn&eV?JQG&a+kY(Pv7B&w7 zE}iNRtKq@SvfGZ$u(Q+|HWp;r!{o*#DQFpX6(U7M+GO!Tj4|e2q)4OQle1?>!c`=v zAqy2RXg59H#_tXWj(1Vc>!b=$)##O>fkUz8N;nsQhVk&iy?zbTqKeawC=Z^;(&MLk ziZr9ExQXu)C#j4FPrd|GAex+t(m!n##|X5g(vzVFt)mDLNK+Iu5DS$I@XTMNXpd+Q zEB*!vs^9wRHSP_>>wGEZoeIWtK~uo$!<7>LwbFml^n(qeiE6eUS+#n>d_y|LFsFQ{ zop~r(YV5LTeK^Ex2^6wE8Gn9OJ<*Pat*zuARpq!9S6oEmJ2+#w6V^`(v04&Z_phIu zvy5iOj7I1n#8*imU;)-uY<9{Y@L#?+-{LjZpz!#^;N+4!JP`?$%_Rx$wA60?Bv58k z!j* z!sPPc9W=nUiC&y^_!yfZqp%=s(k~9(KfF=V@BrmhXft~Z0$lzlTSo;~a}33k_ADAB zzSBhG9{e823?Z!WF7)&B^x7C8V}EDAd-d00f* z4(7w?J&sD&?69;xE51mRBA&_hSzddzGOg;N8GbW~Yz(R?^REdLNg3#Y7*QCEtF5c{ zI?Qlc0y&p*i$dQNPL&RS9`uF<8V-3)ghmyYO+)g>e_K zqXa8D+Q;dFB=BEcQ-?SDv|F?UD0Q}oT&3~t@Jtk<{9 zn|>D=O*a%zWz{8}6h-je-Q50oNRrhSm)7SyT z`WtS|M)8FBwRp3Sm)>5oI@3HK|DHd6)vQ*bwKHtLIq^InOd9aqIbL4Aqs5Jz){kO~ zOjS3$9hG-v+?u<85{hXhLz_tMlfN^Lw_3kYZB|?f0h<@3q{RBa)n`F2s9CRes14iF zC|+h+9`9Gh7gV~suC<`EfuTMCcB9~ex5$JzGr4id_Im6a!h-${(<^@8~glx zxYq1=eO#Y!jdeT#e=qf^>f(O7r^X;gkZCNTnoqPa4`HU7(4aT z{)W$}x(YrHS$M0uW-nNzc#+<2Zh*dge_n~2=1;vhk zLQwr39BcJQNEi%YgGZzQcnXXsKvUC?$7QAaY-PhCRv*1xpHFB(8tN0E)x+^GH+aWW z5MAXKz|+kiXI5+>!fzY4RPhVis?=YTGa%W}*=OzR;WLM`v~+76In?lkU?{PhL7X3ERx zSdN10+FFOe*+lO~_;D{_+3h-CAsukFH5-?se?v~St$NYH3PpI&VuOzi2S(UiXUYaA zwu!8#JZ#;*^W;mwv@C-^K9F4&Tu zh2o+O0nA{f0zj$hY2_^38BS=gJ2s8{CL>2zSQ58F0;!TO}L-q&l~ceJctAjL+ID%Il+Iyf}8xEkn&W1yt&zh zXGgr#;GO^ngka!-(DO$2fgp-U_5y2mY%^`KN7iHo?X^CIJaF;~gH+!l;g2Bt)W+&i zTjZi^4GbtorS|$!p5^**GlE} z9E@-JdIP{pVfBW~X?in4cXeKS+g7|)O3|kKBm3ULv-Vk@WLYk#yBmzOUhBGr72jjZ zxfj7gIy(yUcEEDWw>=}<_m=x)GUB#!;Y8}T@^|thP)Qr6!*i~2`3)9C!8WE@v|RA6 zd~0+BU&-ekjLnDFH<4>AblX$WkI*(T{@oak5lGJUc>oU!%*;QZ}jG zrc?nL2QZst_+1nex<2n()+)U;S#{r*KW`mgkHha1edoIs_cxw5zXDdzv#%@c-i}fZq2E}0t|U3ab^=X8npYi?XC><+U?oy;@=i+fgVsv z7*-o>DHqAA>4M+2(toHcSOw}S8Qd8u+6*OAv-wP1#uCYl7UdTQMLbni0qaNQu&Ht5 zoZBz2>M-QCD=);xhnl+?YMCPUCa>8#cpD*9ii5MIsb$!y(0)5p23n)})mZ%dPiU#Cnuyd3&9254C8OugJAqN5&C(uPUg0SQ zsT)*V$|pugPoGfDM`0ATlM6}U(!AMH&teBd=q&sxg;RbrPsxy&%#^Q*uvy7{Wgdk? zQL2JCUq-WjSWX$k*2>jNx|%@np#9erWu`X|nkvDpxG74?ra2k0WPKml3}S#tTadti zkzK1mRyUYJ z%`a|=Jd78n0%KW>m0|KH>MRR%>&5@UYhgIm=9d@kh~d@BRL>Gm;+^dvN_OD)ZT2dn zFG1-l-~!xK|ETaR z2!&*uK$#CZi+XAx=`j00D3Ez2+Lbp$71Kf`wi6K-^HO~~cyyb{?ydP45>GKOf3=0a zq|-sU_%mx94^EVKeCwrxFA89EJ4%vD#;tmkS3?FP4a&~wQ=16zy=kf#F~*o^R8v{l zU?Eg^sZ?x;=uwm)4&HjH%4`NvFJRh_bYkggn!Lb?y)UHH2f2=VZ6lVKaa1o^0Sf%N zd`&p~p=@cpQ{7IyGL?k2RrAgtt{Z4Tq^56*j8koHyXIYm9x2Y?4mijql?7-FoBDO; zSqTQ=8%LyuKl?iwvMxWAFW}Hczy&%VkS6hp6|b_XDb3Cx3&ZUw{VaIcq!HgO;bA!~ z2n|%%qMKS&FiC$EPwp39oDEt^uQ}l?nVfUcgbejD&F1%pGTtewt58YBj(v(69 zF(uUkc%_J?S#gT2+dxIWm&=k?I+a$|H6k@>?7VP5>O#-f$kSlisXjx^*=g;eiS&~3 zEBz6@k#t3C1GD%YvTdnBiAmsvxH-Ef+W@B$NY&uvI;b|`U9qY@rlaxKCzB9-3HuvA!{5E){P!|f{RTh@rHkcd>d z6mX+h5Y{e9Y?v1_kvnMWH@Qy}+lpJ&qY?@+IbV$zq@=0ckb{3mvY=9);lGMa#Q3sf4htZnjbdYmM;?wT-9y_s&dvEW+f zrDoDV;xKxq`zR1+r}eX%2n8W!hg(UMNQ2Jc5Q}Gqg_2wZqe7Vko5K$os82{0fQqMr z9S^JUSs`I?od_0ER2Oa?ciR$5J7L0P`q?Ap54;4cN&jm_?ABo|Tf`E$f;CzrjrHfH z@lEK=o4evps*?_=dV`VmO}MP&q`aPxXy0AsBrH*ZZ!rK06$o z=d&60k8Vlc)jB`#b*y`HayOp(`hdM)x@?fZ59)uw*SKAYbNE8Jo!VP$ryf&tk za@M#2oKaSbU4xYDOI(}jvpn(>X0dflXbv@bLLuykqYH-=Qx)Ajurb9s zWhOTO@}29&Gcw|x6t0BD=5{4&{#n%G?nS>*rZC{qO>0VwlseM4@vz-iSiwXE){(7*WHXiHAc*;D9)mx8%&yFB|*Hl>MZ6k_SDip`iLOU zrAajTrqLT!CId`zN{MPTrv+F=#kv;H)EU#R(B|f3KSS8&+YUzj43vd-XnIK_)}wXMQloVx&`F})-=`JMiQ~F7^k&~8Y!ewOJTcB*RUl$q2bXcQ6|QzfgatL;&^eo& zuS_gnZzkRV8ew{vL^gT&E1zZZsBaDBfE)pAZlrrORqY;EK%<)|1Ao9w&->DrtB_g< zp@qn)!*G8#y(uxJt5`;GB%e&Ie1cYqvzsE49%bxF!C_be+4m>I6Evvff~lYhc^d zE!pf4dpt}}^c)KAIwldVVY(#_zch~RD@ien){$3xhmY$0A$blp?)N0aKN%aWGV8MC-%kziiKJaQr$49$Mk@2b&8)sr> zz1y(gB8l4GP6q}c>`)p#2NLwi$P{fBA1R~j2^FQEdf?qWW!g&C|i zUgg2)8}KM&anowD`dMFYYYBotMgH5;k?!slG*PsHld!e4tE88hzUM%q5p}tSHN9#Z zjE~N5Vimh)@k!?P5L2DlW}r$a??GUrm%uTw3jP`SPYeqe8d%wi>gSR0;_gBBi_G-cS zhhMQGk2(9SELL&zowiSrJvX77ZNsBtCj}~Gm9kPfKA#le3E!!Z(4fg2?8YxL*K(?w z33xSQq3(zpQ1qf|BBgG7yM&|f&Y`t1JS|N!ZW{bF64>?&1{l<&-*9Dv`eN?7m4$*_ zgjiVdgOHMZ7CRkW+zsAV93Ca|Z@4JTLQiwFz_(w4m0`6t+%{CIvKtvLOY)ZU8gy{F zPu651=$Nn$kx~nKAK0ot^;`M=B&90yVbCVC8l$NIkX|-^8UuD?^lqhbd|vP2zWq(E zNp(cTU8e>zpr~3lwbef6A$lc5s3{RO;?x6dhWr@y1%o5LvV>43hbboJenF!q$)p1{ zZ1;pF3Aq|IOODAQQHLY@!ah(Ib}Tdc@{6MS2@H`&LZWHmpX{QcIrUS5jwRhw)NjrA5X_iW@c1YGohKPE1Y6i>Gyw|{J z&XSx}Wc$j6X2TNKVG++K4922A^!O;y7xSbK9(Tosx%VU(D|Nk0CIVj-xUp3f2+Ru7 zu>py34dv!RB!dV*bu%7|r-g1Mx{M}HR&2sIz%w_OH!(q~pA6sTSWlne0jH;7fb&iy z5KmPi+G~mIG;k+SDSOI`8Y?PJpNcrFuiK_=-p*LeU!N@g-uFuhv z`YJ>f*!ix$84JON=ONWy--J%5;nS#eFa=k?NCkI1yJ=ewYJGAu`$USA3+}eX_>mOr zKcUhP9xI?dkPq}rW+97x!;2Qb4AlrH2$T0X!ibYPB2eVRpe&^!4OH+7`F~koo7}sC z;#zEp$E!}N%QXj+9?Be%KK-8gxPeTQKK!YcAka^GJ%PW~DLosG;5%{p5JZBJjQhNy z*_PZtGZMvYzht1Pxm*bP90FBL38>pVhq->QmYK#DzW2@s?UwO`3?ZSGaOAY(uqk|E z8^1kqfM(8)oo|gq9~nvT^z^u;y`1u#-3S?Ryhux9II8mloO6zZKd4KP=Br}J@W^xy z5x3sdwz&j0s|I2|W*QgmKvVQ1E=|p)Nt*xq8C7=t7|hzVh$*(Ie8dcB@avS)j7iMg zShF#7A@jz*xA(UDf=wLZ5}xpz)7Jpn9QMOY-0S_@uJtX7_&%cf73xPf&#m;f1IhRs z3u$D@y`j_zjP>o$zPCHNAoMvn@LmWu7HVM_9YDoZ{D*1&XomS4O&+tljUwULXH^2w zBgpIBy9cy+`h$JB-1jy)M>4AIvS-o|&7JeJA%HhsBy$DEV5l z+bw1$?Pj3Y=}aH73+M~AM-xq$dR;B?oPIM;+ui@i);)$t)Oc7tLnGvkC0_td{LGWfB8&+@G3bp zQN6!N{GnTiO%HE(2QG3{1>-^p$l3!YhK1jw6yq;XTAqZ7l?|pIB$iRM0Knze&&oCg z&VH$!tvfqq=uW9htT`DIzI@oPsG-79QM0ZoKLt^hI_gyjR-1$zl{o9zU1gZwH&X(P zOwAW3sE#qnV5T=4;R?+SzLSg7f3A=6x=nQ8GP0J zwSYLx;%7zyU{TE(@b>^O>1l)bxP<~v@gBWTH+aJmVqLyw6`EV9Evw`V{3#IO8*Y!_|zLQ4T zLPQ?~tA3;fcSR|Gt&X1gh3u$dx2>m|N3^>pGM!0t&RYS)=I}s2@m|&<_u)Y#LVwIG~kY0MYMsi(9g0su9!wG)%nf(d1f3D9m@t^Ax zZ!XBw-2S;L6HdA@wTns$jdSBhhRte0xE#e3?Ho=;P$0 zRX!>*)$H$6R34TrmzTy|gxII0bWkb^;-xOJ9L4A`rjg!pCc7*-FOy;VLcV}vm6Ky~XmXMZA@WrK?Knz9 zQ1vXX>oluExP&v4XXk5$BdUaRkB`-g}SV&jM-pAxG;@DUg&`15xuV1_WHT>`9swQBwZJ(Ux#%=LT z?r&DgKR7(j@nqom>N)6{YeY@aK&(Yuc<5w-fMDY&%SF;6X+^j#SFEB|eoZ`2sd-HTd& z@>G!NEPh)sX@(>m>%8(tY#Cx#-u#em9H{!*^?<5RUjNA!Kxo_)>kd?XPy2scL!9>_ zu0eQWQs~;dPFDVx>Z=Z7-PF{TZ}fXL>VHc+?DVJ^A^oTNhy(wrzR!QEk0tS&?)v{x zeQ@!VjWo-R7EsaKc~437W_DZ&kSi1WW*EO8X8mYBuPIPCL#b8MB?l@sCb^>~sra-f z=U;N`!0fxSmLpg_Ug0J$bd6xOb1*x@J4GDLetG92hgk@>p6DU+z(hfU(B3IZZmk^(EjJ29uR{K)f=@~LoQx7S9Xi#k5YxM)E-gX7MeO^U( z<&zYHBT)|7DjSUKSrB3#q`;Qi?dje%5Wd|Ppm$;!+5C0ZIs0x5+gV#-M;^8MsvJw| z+D4;a7EY6-PHs#mRwRdg0QJiNn0`^CI$b6~?r7P8i90tm$t3}#3J#SWC~0^xM$oas zbkfv9X8tzPY#9}^_6LMBPS*F0wwV+=1PpHby@QnsnZNi9hOnBldN z+hkC-eX{%Iw?9WS6?G-VFjSs5^PvR5pIhEb+h`&#G1H8)$oLn*nPR#3sL_IbD$N=ntrsMbP={O``T1bP*3veK6`RgAS=dbLG)6@-?u^N8XP(1te?nq461aEIPZ3EHG=NijwV7(FA1ijL;@eyuN z7s4|VW=Fq*U)x(Fu^BGdjG^H6^sgr{{u(aWA8!*i?ay;Ww%THXSYpqhMJNv4@ zt|wf~NuNjLwtHn&8$XxYgL&H~12qQpn&BFQ|JNjU`+q)4qUu1KfrpKJ%)bUdmw-P% z0q+4cGIR7cGjkAWG_d{GgUzMu7#y&ntW6{W*1t|bR)ELG|MUXr0Y5EC5t1x^vAfVA z~2f zq-mnEgV@pN)Fzp_4|;wjMs?6MYY%zP?Iu&ylaT;UoqJ}|1S~NS$vK0saCkcU<99&f z3UJIMd`JDHp(xrUyz*;WS#{#kZ}D)@Z3yi`dF!u_z8*`MgRZ?ADW9?(*_QuvvswY; z8sX*yn5vVw7iz%4>E{e<+sCn2)SrnJ^2Qs5A=jQNA=W-X-jLY6Y6DOKFl6(S2_Rf@3dHJ~K z*(zx+Q5?}DI$lJCN@7v7`4fAOZgO$HarS}2kkuhP`wvMVPlJJ2^SZs~i7pjsFU+Py z*dD|zc9!XpP*@~NvSk}fs58U9w4+{Ai6`*IX39BP&byhfZ3)Sg*za0hM$d?OTM0_= zI~6+8XrddZ9+chsLs=C2Y*A(x1A?TS)}V66KG+ERCp*2au9P|~TmUmkDRRQ|X=W|kN(HQ;t4#F+s!F?QCYc|HI$2R&%Q+fJ zCIFWSVpD8F^!smy3IK%q9-KfFlcTF&nWuuFpTNT7%}r3QCL)3W5wb!0-P4WMg2hE= z>I`_Cf}em(7>A1=14oG#YnrztaK4k!*PWC9#me{V_;{h`<1XdHcXBsI9pY85ajBy>f_%-EWS^jRbk<_yMHTyL9|Jq>e*M zZy=}~vZDUZ)uaU;6*ZKEj%KZr*Z2T&wiOrgGn&yr-!j%!JaQ!EeNc!aUe!lFxI zn%al$?Djb`V5-tk@0vGh!^v zlWs0{7hdXhM5)6q^`L|vVd^aPu_2rYbsw+U>aah(4oVyNvmuO_0TaGvfdBHuR~R$u z6WI-F+7s>~gzib_l;tTGoKk?aRdIx8fvQKFN+*rT)ETcQ5paZ)1;V8Yb!djoV8K7e1QT)ge1u3L*zs)@{ioun`H{ zOktaB>ZSPFSN9QxO`cY#>CVB*`tHPChiXflO z)DyTY>+iSOuYeYKL_72C>&$h6o)Hn`ri{e&Ys*lAx zg^tb9G*H@wjE4QMnYz@#tV}63RXx!zX~dBC@ib93v-yw(@9$!FA2Ma)nWEJDLS7ZbQ0#>;XF(uwT(_>1Oct-LxRWNf6*d6q{$AV5I~`HX@vM8R{C zr&pOL+9QXKgPp0zBDe9#>FpeAGRPNi zi5Si%53>yB$O35|`M`XfNpUui*TZBuFzQ$%8W#)={g|n?M*LfoqVe#<9~0H_B`Fts zFygv$E{b5@=`gN9>G9$P>7ef0(DD*RGKQ*JT-!;ryQG-00iR=e3f5$jlJkVoUy|O- zjt2^`%Z804+6I(qZkRzE_TZ1Rn6A_(qaO3fu;f$X%PeORsK2k}|sAIj|ksHXWkDNPL zo`32`#xV?kTW>!d*wZ5cthLQuvr|{t%%{ zB!>6$jGw!A0LEbIGM{s9)ws2&{0f znX{0RCkWDjP6)AIkJfll{@ciQX3VoL4#cw(q7$NN3U#FylPa^t7fs=M%2+ZMyx^gcG`5Y{5*Foo4>9wlm-C(=NNl^1C<$} zobRxkV=>cW0F*tnF#I2eGtv6dlST7<+En@vxss@rQFihCcp}NaTr)a7`CDXmVE7#d zMi_C)Lg?2ab+rq_38Yz7rz{=PTrnMqwR0=&^z{jr#6ji(!dlpWLI|CA|c?0c0)HQ_#pF2OS%#eBkykTOaT5^(!&tFgi&E_#0YU-Y#5W2AjSc51- zKnk^?Z80R;4eC$%r*>L0ZXg$Y%fSpAUDty^;yI{IBV74h|5A$dYhYUNjx~QgsMGn> zk7tt-lH38tKX8<0oFCDdE!7-cQ;aGw=g&z3A;O8GL`09&p1*5u@V$(|3}6#`n(c(q z@l-d9SW?;C6fae%W%|Dl#He(|J(u}x6shdIhY`x%ounfEU<8lD#IM5)`q;{~qq zFJEb&3`+9pe3)qF(*%HbRO*2S>Yb6gMDPD?*Cp7+AKP1=nmQy3S2A7;s>3nZ2h*l9zi8kkdZD&m3n}g^hQyzOVsIH3(3|l~R;gQq zLiK z`DkzEVmwh-3j-V}%Q{#9aQL&jB9)eQ-zia}fFTN%pimnduc+V$SNX>{?(od6?%TJg z9m3JT0|QSbVD-0E3T;;FOP4-S^NZaE4X)P+R^7Bh`9p zs_lwDestTCRaWL(LleiM%9#r1RM9^=Qgp1LDB&&JdY_sJ!n9optuGgB19nRCU^FA; zv^XO-C8m!|ru$goy{afu5rd5c1&Sg&8CgaiJ4_p6UK4aflSMHU8Ij0?s&Bb9{g6@) zqkedPwlI!PjmOIDzBbOX{R)f?GKFjS<43Z7El$r@z9~T^77XWod-qg~`FB@G&P z*3Vh5_3D*{C z2Q@Q&X{xfww;;{zWK2bp^F_J0f*%>vl|8%=HXjyLh-Sn!)t}M94vj`*UIBGjMNZAo z=vFiN-B&NETg+~*B-Bbz;aj(}cdbpFnMY)M--PsSQBk(yS3hB-EpQ`2X;=Bx(M7BOEg{LC=PMr zn9}$Iq_^k|pvt}9z0Iv?CwXXUl;T;-T3Iwc#kmYio7WpAr9_`!4ucjas;5i;)x@s0eI??Os+_kyOM%r5Fzazly`)EYt9{;0#DuP{l84tK| zb@edL^74;H2f1!X*zU}pw|o|em~=FS`>q%L#owM($V=`W^U!-FdkLlB90IswI4O0k z&JB-*-W2Qj8&<_79=AedDf!EvN{D@GQ>+KCWhMV2+g+IGF)-dU5Pvl-L8<&sX_KD( zrjJdW~E*bTe%JL;D0(V3_g0ugLUO#&SBW;;AB74U9Q`JmEWHtojxSVh?hbu zq1NS(s_?zJ-BvB)sEA5aNt8uUNvv-i7Fh8Tp<*Zl2^ZQQR53Y*?ZVl2D5+~3>Wbc5 zT-06ak3f&6-N%yIG)=|9o5gnrOF z=rMenb2nIXVjWdhD$_IusQjbn>jF|@MMWMBIgwhZmaq#b;|TDli3N8@_;RbHS~wF8Cb}pY@@2feMy{scpqkOT$fkbhxwz`%7VHO1U9CnG&M8M3a4M zoEMfoA6hF|-Hd`UhuceQi zA!ZXjz4jtnI<5$6lE`*&ldRNn0=Ojf?)ZZ+hM{-kwD%~f)|x7@!sB9Q;rxnvCa#q| zl@!e5&$7u;DhAF3VM8btHGKCbs7eqOloauWz8vE$=Y5_PXh!$$ce}2idFscjfz?rk zFj;NVIQzmKT!CH>C zIW_=|ZoLL)m@RRDh|~oge(SqLXX*Wfwk&J$hgRTGKg{pE@1Hf<@Wob*hl$&nJxQMB zO0Jxn7%2|0KU#4NJ6}`2ikcd7r6xzKdx3f`_WWgTWXOp!J?u4zN^k_+g=OZ{cp6iA zEEnLIV5xDND%#k$I9Q*bXR^~sO+2+Y>6>lK5~X~%Q{HD-6zDEHxL?^;IW{Z+ulW+4 zjNOo7l(3W;FyK6}@~mRZ;1jM@OPpcESR{-8Iu2FQ*xvB0AF3Yv38f3W88xyQg7{tc z_%K^#Xt$SwG5?FZbq!_96tJ*ejR56m3k(vn~^*))d^ z-5uqJov(PWTQB5pX?K@Ci%o*qE#FZFC!&ooWhPfBRjI|Byy&=JK$Vh7EM`LrV^z&v#M;Eng%~$?ZQc$``!LAv|EvIsKV5kw zy@0Jfg(_fBV7|DFF-_~8NOpo{cWa|VP<)zi#R*IWfJQTz0@WKb&5bkyZKw{*9@S%L zh27`+%_FwK{=Tcfd1~j}zrD%6sFDr`|+VzyE8pYD3j6>kdYuRA<`iYzQ zLCC_T56A!pqZ^a|4(Cpq>FQ^tYg6{Oa8Fcg^uwQ2Nh}3R&uYGb|Ix64qNK;WAt}(G zK}`N#DGIuBdY^CyuerfE7IEq1FgrpWIX5qwgVQ3rx1Kp8Bb{Cb5f_lG(jXe)&MR~7 zanYDw{;*yxj5}d88FU5JtR7?@CxPHIC~S#9>8z?iDezM$%2wFGs;N`k#v0$?m}xT+jiRCF?Wt5Jh~6u3M07o+FT zhWnbYW8W{|qQq15&S-4ValnFVHwN~KkQ{t}lW$9ECZi!3OqHC`V;jGOl&VeYA=omD z!8h2DtHr1wBR5i#DG3J4Lia(66>Dgt>4A&$ri6s=ZF(N&kOWvO2wCm;r+QxZO3-6j zO|bg6iPW+SUZDzum}&Mym(FXx&Id>5Z*`nD(1X9$3Yg)Zr;BeDaOB>{asM(?ZZ~Cc z)2k#*k=x&w_WWX=K&t~oqf>7-A3c+|@c=v_*WoRJFiUGln~aLhS(NPgP5O>~+f;7x z&lJnKfHUjfC9#G>JKOnPLGB2dAW~c;QR^m+0lvijb&It|uTd|^nrcZXi~`tYd7E<2 zbVCc%X)+06SI~?m!G>XvQfsyUwZ9;h`2tqJ_#xp9TsgWpQrt9#Egp9WWTVkZ4;Bv;M2J6a@>Tnuq(rdAX>!shu4d+y*CI;_iU^j?`O5I6_e#0ogwxH_w4Ep$QW9G)#O4x%9^ zi5^E|ji%+doNZ7FDW(##8`QOaVQTF-gpHy4-CK8Er!d>cbVTA~69Hpms#>O3lZlsT z3HkW{=)J ze8?=w3uCh;O&6Hi!q)`XSOAt`9nI($pLQe*&OT zn9vkee*(}dm&rW0(o#|Ku0IbtI)6t&M!^ckZcbRz~5L*Jp8ru;l z=+D6J414$4r}~6IKd`8NdVu8`Jo;KY_Xg?AMt%*`Vb21H$-b%(h@Mo*96VKWxdlp{ zz-vy&#kQ#`R6^zjl4%0VZUXWI zFLM^crbf$XbP-TC{fXJcPZ%oFk<(9#s4#4@6Ql|&J@BsB7s-eg4-4k4wtg#XJD^U&8^2hiBa21CQ6pjLH%>khYM7)U z#5-O{iUd82xT&_X>&wm-_74$0T;?`c`hbsX_m)Pc_vS=B67|>dSg?jEMhludu zj_e1B04HV44yYO==@lqXtF47cX1@#n>JCz8Clx27jW@aUuGe2+AWXCiq!c7Jb@Umj z*S}f9mdZ4YOn??0aM29I}rI8w!BbJ3Cz z%4&(>F$<@q@fGZh`5X7R!tydW8~QtmGtBs4cW+s6PA-Jf$}KXyweeC`BJ7d=JQAz& zG7Ni(e9G@JgHg&i!eLD9c6E;SbZib8y=~XUMtuxeGest<8{kWY*h=N>^<|T)&dMG{VP&WIEkCBR)G5EVQ1Bb86x*C7 ze+I8tMjZ@I1{G4t|J?~u0%`pGK~|yz25oRJ{MMuSr)Wj?{3mzea``?Jg3ttv z8@++b5l>Qftf#^)j+g$hhd_sEg?U2sMf4}Tw@W%dZ3Fi*qrN0wpY99x-zNY^YAtlo zXX9TD@SMaW-C1Skn3z3m?`?&R^dnd+r#u4iR5ZdF_T+s-)`=5>DG~BjPHg+50~`m^ zigfCgsxJ>C-|fxxGfHY(DT;y!lJ1gAobBH38TwWDl&A6S!G*Qy!wJ-Z&_ z&%VJ?7FCHE-$t9nuHp#iF_JMh!=F(U$N^S?IiQiMK=*Cu*8ezOww){1t&V`l`ntpE z)cq1A+^TWj-iO+L^}wS&$CgI#)4{RQy!7`N7xBk$gk$hF@*n=BW#M@x`_%jT2MIxctBGUPIHobSw z)*CSN6O_P||o|*0KBrQUgR^Wt%-f8L?RaWHu7**DyCvH)KB9En2ffI`qCGMpwb=FHrK$Qs^ zU9$j=s#w9eg$i~QO~GpYnpmAFx;F6Ct5C4Y5>7w+-}U++#sp#Zs(ls9)JgNYO~W36 zwN{8f@o#4o5$1^?dagb5%39(~1YL7B)7A)UelYbnYl?>&WCOer20XEpHTdx}blK$O zqM-!D*K7SBo-SKDg83{4ZvOt@moQIF5hR9Z2gFk0sY5#waoGmR@grvFPL;>*Hia~f zW%?U7OY3C@4J~S(;A{96}%&x=}?y=NpM{5qcDjsp7OEzTB<3}kH9Ms zvJ;!^`1dB;X+c{xT|Z$G07BXuOK^U@YXo@rghy!;nW9u#9SW7{;dul>x@>c1Smj%I zn+V3gky|*~+P#P3i=AL`9f#4s|1Kswa@3}UB*m^mof5Bcx~>K{$37uwdu9Vr>cfpBiHem{kXSdjJd-z*`9v>PSGrBLF|og9Bj>ZZSd@(A0<*Y*FJ}D3h#0~ zq<$M4HzYQtM-RJ$vO?=m>=n#x^ai~grWEze8&-}miz-ltDJ z58smQo$)U{d@tvl$FSY*sy-&0{ zjmE@>hIG&cNVhFI8(0DiM&)_KjOb?2!7hdYc85bU$YJ%D zx=#C@no7d?051&^S{>Izy;4hIK(UD)*>C#Ts!SSQ7e||u)7hLaDRfyXsBp)AudWw>m-jK%-K{?_Fi*o9vigl54si3{_zmjvQIr%if@Im5r zr6B5Ll@%)zLeZ$P7HsIKnX6!=?tvjMw2*s8Y)rJ!gfa zW2D+JNU64vtjRq2L^TbZ=HcIWR8-uvd|9~(ncZs*tQ;$e$dpNUkDe5ZEVuQgf~7tk z{shEh+?x7bzMX}>(1pytMK~n$!yjo`f^r$*pq0WIj#;vvCXxhee}l97k?cbpis3;G z9Go=hIoAdcT~F=?ImDTr0u8ORO67$N=Eq$`vXsVZxeO+hKi34*;sK~f&FCY7Dj&;z zM>aC?SQ8VR?^@WtaPw571dBwF;KoB7LPqGau62H`CfQv0*<>XCyu#Ai6SZH36$=#@ zriZ0~c$J3XsFGyQl%;W*`trW2nP9M~m7%O0$bezdI&5htfF5r{KEi#)&i~s>tkHV5 z`7hz6=ts&>^kXviDgP?JHSIx%E*_r1pulP&#_&HDu`zJF)9_+#B`m`{m@2#tUUsi~ zO5-V|z+(CM75yq)j@1S&^v}CoT$A;XnIuWxMKM!9%M{W@WN>Qb)DHB*E93T8HniSw zmNI*WVbbVU&J;GW4YRfg*XyH|Sx?JU@rA&+oLA$Pi>>-@$Q>G`;M)aKnh)YD{ve#v zqCDlD1qVzdL2VO|33@*!3`C?qe<#1>V2Gt|BrUGoN zy*AV!G}DL%I{vjg;Bk zt+`~Pak=}uM8>bn!(8`i3+ppWAvdx7AVuz_3&ELD?qzc^>ArLgmiI#4;alBIgKUI3 zjKoPeDkf6R{!%OEH)y}EmJVGlzgc{!LlBGYD#x@XwA8A>yo>0N-=5kwqR+#29g2?G z78KUqaWT=&FJpOdVYYSK;@#2(0psPSJWef^-EqY%0Dw8i%R@u6hZivw6m6gmQ)9b; zhw%7W2ss60M!GC-^@aV*VF?nFNV`9wIoq1cqqLYYg|<5X;0jNe5TqUHuv#C-8h7$u zP#Ogr${N_%58&qIEnt)#OP4`^t;J6Gop0?;uaCgd4Tj>8x+!ba=+Y9xw9u_3-ntI7 z8W80;3u}A0d3$PoSDIaBQy4;6oCa!^$8%nI-(~{71NJ>hR%JfD^wKgq#tHV&i9-~L z#~XaCHNI=mVJM_gk_run$z&d9gy{S=!?@JiWyigCSve6kF4F>Z*=PNBq$bchOqykF zZT`?Pjuj-EPn7#UQ5F<0zFgAbl-^K}!_BXb=HT^q7N8=kZxolF)BZZ%WYt=Ugfz8byYJAth_Qw?;W|B6Pk9U`=`LWLH>GYz_@MjDv1$#)3)cwN!+QbMRmX$K0 zr=DGm45PNCe~02*5C1aacA;Q3;7<%os4#id!WMO$Zs?W=EHS;Qx9mMTxv2T`RhU66 zzo?x4r4T1dTNylR9S$Z4`z+nFiC~F(Z+)=byU5b)QY@3r#IQ%^aM5Dj!^AXrp$2Lx zHF01gIc@~ZY-(&(6U9N7mE7q2Vs@;!g~BNGVt#BM6IQt_F)>ckH^^Kia*K-0eR7>T zAt)+!iQIr-2r5m9*8E^V6*gro1IJ zo|M$|9LFm2R}kC-@GxY5SE1tq-n?o)((jKp`^IB4c2b)|pe75i0>*lGSGXZ8-rq2m zfYola4*Dv5X4XyaoN!E8bSh-B#TsOUh|w`T>FOgz-*}mrFQ3vO3X84K{d&x4Q#|J# zz9HbvQGKp+g!dG@NQ>RNqWiX}tA?0<;yO&sa7swKUyO~TIq~3%!u1_@ORsO-oCDvzey=>$uIXV?yYlV6cEfp=< z`h?*4cK$lF@%8r|0&7Y7xzAp~4k-GL(Ct(`=NC>pT5GQeO(^BcZ7#RjyB&VH=th)_ z3*fsbGP^@}Y_wen)vf8J*cMOT8`Zvb^Sqo*3=FL4r#m*hNMH30)1bckJyd(Hya;(W zEjva1NGb~VShYL8I?c>&SNrm5$T$9s#yHohFHAff&=9Bh6E$nspyRYR8Xj-$ZpWy1ha|m1-b?t|5lSN~bS`P;uO=dn{=;p4e2*fx`FcZIW_-Qh^SGT**EG`EhwGKugs04Wf>8V0#KZYBil?Ex<0w6np~sp3Tbl*9_glW1VU?5`CT!P#D|9@r|wEXTzMBzuEuYC7A45 zwpy;Ck{$iLND`MHF+Og+EFoiz!_0JWx}hLP2SP1uV5xSq$3=6BKO5mhH8dog4JOs% zHOzWX$XtZ|1IdL|0j8leZWqiCEyn)ZpV`EmkBXptG2gaNBi>J9UQc44PhuWVV(wwu z5e-3k0uhgx{kdbljlb&R%V_LQDMM^Q$kbq}qx)YasdK~*$7>%at8&|dD$jFAEdO>P z9x6*S9C*%xvvv&@TdB_>TR|vMHQ(STR62e#!(X_XI>#kHT=BF<0Km2tU@q|?a96lD z+8#6vzfu7c70Mc7C85qM0SYbY3`iXUh%IVDf9tNQ#C^;|w3j+)l0JuwrHg30Ti-7{ z_E*GnVy)?r?PyCDcD{{8?~g3WrqBUdEgLo}$`b0=K_QpHr~}Sp7_Y)U><|T<*^swu(xhGVw|4B7)3e@KM8mYZH^C8{G|UiAfG@dq+3LZp6^Z{6`c1_X*9T<` z;wc(E<;i-7;iC{D5zGH_*x4%S*2sAZf#&t#HpbcxP20!V%??9gboN9*xumxB{6h_4 z{fmy_Y7Pe~Y%@Y0wCf}*3Cmmex|w2pH}4}iHB+hRg~YhdGu!@Mh_ek5L~y_F4e@*I6wlV=s#@(U!l_hU!VvMNPLPLBMS zSV<4Q?AMCZle9Uz>K*9IUT&e)OD^xwh{Fm^_ttki@7J?;DCP;T4$`Z)_&QWcipX(5 z@}0yt@*@u*4U08h5W)|@IAAh!rDN_K+!NYWSN^_JEqZsMFsyBU-g0!LKP}+fhHLgY zb_0&kkA!|J{5S7r08RhRZ)53QqHMyWa{S7AWiCC9LnfGW5WOugW}}Upr9^5A4!b(^ zTu^$YdO!}_N>|K*@v#_axDyNf9oQ72p``9Y*%UCs$GWxofdhC%XkzQ<`LIfH;5gnI zKw5ug>C0xa#Tez6(4W+58sk#__kfZH!Q~Ux4s=^W<|ggZzYvsU2O*+VnmK~{=GI}B z&s?Qh7-vQzk%^`xo&N-z8yZ6Jo9RhkdeFad{FVEV!&oF8_J;fRJsERC0v%9!3;F2Q^`AoSJJzS{oe?VX$z*?`K6C>t+ zVKWlR$7^!c?&V|T&DEi-xa2dM&D2Pe6`IgsYU&hgbWcxgrS-ux+(6VI$X5@^GP^31 z@GU3}iUx6&bDU2T(Q^i;*eLHB9Zi9OSh_qrG%v~MxwQ9wm~hl_5LQ>x8KkNrDS^-~ z2t_2~fKo`R9TaDI(^bsnM)S`QtA5Vol@!Oeh)n(tC!5j)bSLo9q^lnS~Rhwb=(ULX9 z<-+rJO}EJ0+v6PDzV5tQRgF>4?QE{kf#nKd8qFptsTtlZkhPiQU*8g|nHuf`p0scs zW1`!{IoD52dfFCIbd7Q69>t@o#VOx`@A9j;UgR2jhzP&k8fSg1MC^7*5K8&dI+Mo} zDAxAANLwafB2Fx&b*h=N!l|}-9bB^;ioFqmF!aS^&o0}iKBa*p&f+S=&9rxsL(K(l z5%DBNR1X~f^uvD<2#(pEla?8a&H^w3*#Jf$Y&)ex-5b{P=|!`42w*qBA~2`n&*jbN zP6aR48&sds`;6E_JBok3MIzm;<+OVc+76F#3yb)kOb%h&vvYEU%!(Vdh3h7*e}P8! z-EMH&$wk*l$xk3jTIYmCLE?Nwp`S{+j1>75>UQjR^Yv&Q=O7GJX~tfX6LZq`mrKU- z(r|Z4rjopeaDP1h-M{qx^ahJOD|$EJD&@4hUFZwt%j%ARJO9k%*MA&dzS8|ei)p^n zWbbycV2H`=?n)?uSN~91!j;lb+}Hi^1Q1 zi1!3HXGogzNL@m;evrm;Z^#6F+xRuPb8?ruebXoz((v}NFh+t<8h0Vp(LoVxCX|S1 zCRA_|P+=q{wOm5Y=#rxagQ$1gqG)&BLuhvrD8XI^%)tQg65+w`EQ@_4ZW~@U*Gyx< z@QHe(Ah012Qp_f)WWogGQ?UleaP>*xVptwuZi=1}!!%gv{8P(MTC^i0XPZJy{|6E`D)9aRvi$OsO0>vEqBaxcI|v~~I-%ZgUEIZcWwN7Gs8vmhWH_fA z5<58Sp(X#~jc^ekT+w`Byg^n_5JhH;{@Y{26XmyCv4)C-i~GbqVP7|^#7~c*?v$T>LAxF!*({npu@(=fD{;Xob)#HcS)TJ z%Nwz+gls>oJouN0N?DlXB1$YRtrbaYE&Z7n@%UilK}$6}r~Q!FC90lg&~GF!EB~>i zE(V!%7ESLc?~UX10=hzTxTcIxG?RVve@7mif`(4ppq~a41G(nNM1w^N>qV~w{fw8@ z`Ot#@KXFHaX-)N@nG<`ZdWyD=foh>2{i*O{*Y~J^a%|ZNd>i-NXO(_q)sUgG2cG|j zt#b^{Ea=vDY}>YNbCOJK+nU(6ZQHhO+sQ;voJ{QGQEw=4%gs>8BQ>e*ny+~^7eN4 z{}*Z)iTx7gA$tGkr!q&1uOx<eAe8qWKZIz_qXGj$K%{ zw&y&8piH}B94KA*16z~o=P%T^TvOL_;!$C78T2OMD6pEDbZ#m zfVdmDc1(MbPxj-EKxqngb)5Ky@lRL`gDo|Ub8qZrd`fxrsmSlw;aI^$2;2H~yNH^A zJV7!f5O@$OMZM_&jqUg^4Jz^Ew;qC&*_Y?%%<8eLwajIRzjc43JEsiGv*mokKJFDI z1gDBDPuifljf4eFufC5Jz=i^ogMG4r5qc#dVtW5X_Y6b1nK|DvZ&X|_P&l>Yut@YC_M+&7 zIpepPMG8Z-3E|e;Z*+4u@!9gVQ5cQDrVCG?0? zwjdO;U^6qNgkLkxHYKIkJ#%m(DbY9^KOA<{^8Q3<|NdBvuAP5VT6IF#su8r}AeK*Q zY(X<})1+}w37;Px^5K_~epz0}zk?xDJpwMKayH~N=653~77aBM z5FybjvxV5c-|z?UE<2lo=SuPQDXc9ntu`e@vFbLnC5vS87Rw={AkvU*ed}?S)1|!y znR^X4?TbbWDHB)7kf{SmCYrI##B7Rz+hzv>q$Zo&iQ5jF^5rI za|B(=X{AX@kVM{Hs|)gJUXy(Bz|F{iJ{(oQ1-GPTA{Ys@oeG@EU|Qz_e*byNZoz)%H)^0{T|GKg^x}g;vsOuc8qB z*xsf}Z6uptt)~u&m9lpr1kcn^u0UW%6a^bs!z9S}wkL{dMz!MBWQla4M&=PLi_~+T z6B6q%;)AhA{^SSuH?Mff_h1_tmlr%bl+PSKUVL4 zRQ!tH{Fo~Dwp{Eb`gurryP6B8FW9qq9P1!e*)FGt+H?^FF5>1r<_lh*M}Mjx+tNvM zNl3j0#V9JZaA1(*MWNU=Gnc#kzcI6Ljj7jWVemtiFpW%Q+HAI;HyF^BO;0ZHtkE06 zf&teTqLcL1M17m8YtR11y+lB1Sq#X`FXGPu2^dZ5A|X~7He6dY3yw6N!k>eA=U4f{ zBh`HJl_fY1#p5c8tV#rEdV;NJ>)GM4;`K&{0xO;5uHF4%i10GKHoxoE6rcNl!tmp_ zErvOLKZ3L`_UK)-B2IC2+#YJJ%~RRi1W)B)z&@^{GGU6}jbg|1+hXfunazd#+G<{9 zji9Wy#r8=pB7oWBksw9+#?6Jv(BnRr#C(^51TL!ol1iNeF_*lJ!L$DNjxu?;MV5om zXxA>du+S>F%#T4x;Tr=())joe6b2;CS}`8wz4Bzpa_1rUM@vepYX!s1N3UbaybJ%a zoCA)n2dHU66>~6{D1s?|pU>voV#1#yg#AD;UZ28dyLS7@j*deZGlI{nhJvk19}I0} z)&xE$uHWlkTrN%x@i=0f?Kc+^VN>7+iM*(<5{DA-tRl@V!o?I_(_ zWcAwlOx>?FI~{*UlaBP@+9c6R#?~9e*)un<(d0V{Exdy z#mr6>s5}RZ&pei-xbM!@&6;zNtX^eUT^j{ci1vhsECLImu?UcfLL*1Tw z2Spd_6J32y7kT$GD@%qb=sZYwo$;BTk(e{c23Vpa{K0t*Ke`UoM%Z>5P-2i#_dEDx?wPMxc|lNNjcVjXk+4#ZCuP zq^SBDXL1A*=SHE(yxz=YjYiL7{sExNRXh3fC5JhQh0H;|C;3-H1x(+lR^lY1H|gFp z$%U|HE+O!z1%&@*t4oJVVOI}I)05ENUCxCK{wg?ycdMo7*I=K#dWHd#uH~K{HIq!X zB7wI|CaGU|K{Ol{EnOj{r5Q>c%c^X3+(*o5asV>F2h*=u z3Ub$7fKE=&^p=jVRb-r(l^6oN^b9RZ3dDZ(}>2%SlX8@TIo7N^= zM}3h82~wTXH_*TL<`KsTj{%*!H8OTAL3u8~`KUg#+hNP$$B%L5R*5$^sy$*Nf{c|< z_PNv!q=gdCr?W!)1|^(K)U3unOy8rTZOW}u#WmDf=s@V0X<5(ZP8PdE<|cUN^J!ne0gBSqFp1@vXD*!I<^x*auBg&eid{jVy@8Xqnas=D)?;o; zO)AM->dHlIq<*9)KC~7;A?pc7bp_M4R#J+@=A0?(F_F$f642ZUom*xJ3@FPW21cHV z&uPvWn2w=dTN#9RWf`2nx&{@d~(tvvA6%8ZVAn1e%0Of#1}U@%axkTa?4XtXUSQWLO> zblH`1X4EJ1_~W~#v14@J-!H^lP@_%JeWhLpOh5BSXhi=iqAWYZtJnf-Lb)jEurjqG zI0f>!UEf-OM)sUI;=fto9h|8s4q6-=o_$H+-O;z2yi}!J+D@q`knGr*$ zEcp;ykKq^910w7-eB?XzZ9QjWY@SopIH_*MWu9lRwA&p+BTtV|*M!e;ObVB@cVY>g~4pWG2`Xp?YdVQw7n(n(9{9!RJOe z2UgiKfxG3{CoqwES7b{}uORNIAw%W>wMtOWPB-%W`?-Zh27sYCsWv+r_Xy?HXTs|) zu(zIJ`+z^kHOR*1Cegh8ZhF3+i8<8h{rmk+jdXoguS-g;zvE_h_e8oqTa9C{YUa6A zTe*IfNhL}~Rv-&v1JbPQ@_uc;*Ut?ECGG9scsYHJL21;vNOC*sk+(O|7<2QvmG3FU z9oJfOd*$!Tyc!SU)BPw=gOxN1pgfIoME1sYs{g(Gr(7-+)Q#31@$_ipom01(bGLB5 zNGA6&8qNI34_LtVHNBBw8alPOWlb5WX>_?~y9ieF1OM`rUVCVaA++!_3hRAD2u8+O z+|C+IC0h^(wi<7^D~kop8m<_|Su!b6W6NK=#RnVmgCTi(P-T5_U<_t$H+v18QOF$x zHdP1C21r2Azifp)j`Bg|_qbQZ%y;+aaL(s_jLCV=^1n35Iz$9p{VHRho7F)J6%Q)L zU{~)h7>P=D%7HpE^&=4^&CLn~oH85A_3o*8G^O9Vku$FEu8$@g8r}F^jXOYbBl`Z9 zflX{K=+YG#>?=0h@n5-3KZ@!P6yxoQWpGWf()%r*uxmV(wi^Sh4jYH0=P_P+iR~7$* zm*>d6g=oWaLG<7P28*}tqeWE5zQo84J{fCfflkwlBB?k=;_gyO%!Be>gK|R!JrY zf&qKUriEx9b=^NY0x1b--#3vd7l=_IRx1?;LeWFbIT0o4b<`j9b?h|>`>)p6a6Hc-J@hN~8 zna-4W3NfWr#+9B`O)23)tT0AH_YJztL=K7#4guS5k<8ih0x3(CgN{=J@I}R@F$Fn; zL)P~IKV=c8!}rCsvg^(H>NOcN-4IXSloR-8KQ_Z|X=&TZOi$R)RUU2ouZ^4QAN9d$ zBY!yG;Wj!AVFgi+zd#5rg_tbWRHlQ;Bu=e`Zr$S1r)4NIuQRWr;l+kxd%qfskGHd@ z#mpq;fJtFQn$W9%r!$SYhFT6`flZ}2@t#P;qe)Ga5B`0*pSqDM$^Yf;m8TxPLX41! z*;F!Jt}$!U;hj2pw84_WK%3jR=Y7AQb-&8-Mp_F^L7ZOnn)!Rnf&DGW(=!&bP}F%j zj8N~s>dguF7;Ym|S*)bLoQFjG@6z6I6;KLVBQ#)|BCA;jKK?VR!b&IjW7fQ?JNxtc zx#>jc0le!bJpQSqCjrRZQI1tmE=@mLPMa6n9)X3hLvkCizw4rd?>*=J70oz8t!5#tG|X!sZTKOk6<8U{h51i zQB>mV)+vXaiT_eN-CpVoN2hdrPeewN3y~?sC!%CzEu_*JU*!YEM{zP@_psmWEMa_m zl$~>taVXYUHhPY+$yQufGhx`mTQ_4Uy=ldebi8k5#_Gm{$b=C``8rDp#h_kBfRedv zN0nB?!`7YI#^F~|X$~q;poFe$1rhuWXUFwc!0P+`j4_HBwV#+z#6Xd+-QHjTkky>a ze9pq%_I>De*;z(H+a(pX6J7*PnvC2f9_nJ&>VOyQ;+#B|wci4#b+UsW#y~g$^!(1~ zJmXM>Jd6Wc!ENSdiyRkx2@Q@xHXVVa{Loo>Xzcj#Ob;F`>Eu z01>Ff)iZqZg6Ob=M*ha

}DHTs7N242Gz7Eg;8FzQ{*lX6oosf8`RYCm_;5M5-Qe z@;CT2BGv%4;(}S&>W*Fjuz`hLo7yRpdnV( zQ!Y@mxp8=aI|p%?BYGz*jFjq7QJ`^}mdRLqE|i4)6QDHFU2)&)I( z4_Zu23Pg4x0?A8m5mIfe8=^8O(P7}d1Sv8=C-2#kH}4(BL^iBZ;#4|_DoDl$%(@EA zq!}r9mJO1_D)XVb%686PGL?*HFnAa#@^plYVP9$Px@E!JZ7xWEqi&uWW(e~*U)b7` ztS*j^BvS9hEm_+QK%R6JSXQ>OlV)4Ycilmsg+99My;+w{+Pe8$jV+JjlKc4lStx7^ z)ADIU5p*VXq%n~G8 zA&9qX%L7%q8g&w?B!?{CTzx|L)uMfaA8&>Ds|B)H%ll{eGySsyxZ=rQrRx7egRc0o}g({zC-YRD~QgXYsb*ub7@!2GDCR=m8mNTo~GHKICw5_2eo8I zlR^2e<{3TTzB=o`{3A6XE6;B>qf~H>AvCWiVTxe;inH2{aQ8BS!K>N}{(iq`6P_0? zRQr}x-Zng{5egsf4NAmD2Q|Nk4> z-Ty2ZuNwy{V-2bN6s6Z$+tby=6~+;h)bn!_M_a;)rqTjIsFYC`O7R0UIr3!fLOl*W z&0uy1d*|FYL4yh0g9jsI@_SLph>b4LwnCiMNILAz?n;?x{&)zcOKj7#=h;@9zV)XP zp*-}{MB1fJ*Z6{1EhK)}y(j0XHMjcfRN07xSFib(k+V8cKirlgbTQ-*dP%+{>Ep`{kO0E z(`@9P2k0C+5v}R7bqG+geR=4FjPj_sDp@9K;S<5;HrVc%{YsVWF~5<9$BZObov5|* zxCMRDFFbh;rG=ttj4v#x1Xb}?NQ&T9Ty=VkH_w`5R-~f1q z=m3*?Fa_(hkjxkQ{vJ^nKdYNO2m9zlB|LP3`x5a0+^qSZUGP6xbA`_!`8ZH$~{wbK$ z+lwQJLm>X&)0QWiF!1x#oa8l(8&IVPh+)|Z?X{-lwypx?Jeo^p!d7x?r`(#^d>V*2 z{j;lZ)_d*1?I@m321!5dzEvhW()PBjqJ_R7To)V1IqSd8V3JZTD)Qq=)r(Oy{A(VI zZO|ld!_cJNnF=adkSe=8x$U}iRwckS!(eRVb$A1ylk}6D1hlHmOX{bU6(@Ofjf7JZ zciY%{KSD6UWx7t_HJ#G&QHh+ZEpum5`?j4mV**w>&TY-A^-Cn)q{_|C)a%J>HPj~@ zJ=70dpq`|XvcF_gXaCMGcIKG2aj-OXn3Kzxgl#ntRL=|OF11P>>x4xpt$+V zr6E<%@@d%ff-0RAQV=Q^SFQg$fv-}+EEubv!VqkBteXY7K8D`y+1v9q1UbNtH<(S8 zs*<_aA@<^`TM9wt^{8VT#=7zBF`kaXQVgo z3ZJkZRUFTsg}==qOLt^H&)MIL^`~>^a`&7$9wtBd3gK+v3c9Q=y_HuTFXHM!W>WOW z8*4kF*v)u`Ypcxg>4@;In%`+1?+Xk-q6h{8(_ecn>d-qsS!(sxrXJS~8(1RfSx5i`KcUn(!-Ve)?(P z<`HNWcOy@<1s;G3q-_>6Dlq#v@kG_A>F*I_J0{30vHFF?=7QUIL9KqBOvqzR-JIs# zczKg^R9MntH8gtOj_P2DsaSYQc#DaW-`bXA+L_hf6&mFfF{!vrbrzKyg_E`E2sPAb zNF^p}8xCbh5NQ@~kneqfIzKD$)2=6C1FCJd(2wXdvf%s{*zf9vYVFp;w~<4hI~TBH z-$>q(#L6R2ABGUKJlCq_J)6L4lT;d|ac39+?H+i6R+_h-B`i|*IA0nG6tt^?XwInU zlwV4niS6rc$!|^w=2bI^sDtWhQxDBaadQ*r?9uv#WY(GN4Z$rg@whTJecpUd9dNHR zu4;p{P@GLHpI|GIkoZk>)?jaqdLwCeR1CAL+$fb@w?C(bT`Cl)nKi|WJyU3XDz>%| z>}0|Z{(Yv2rR?*}D(qn!RVmet%fC0qDSY0#Q)CL*&DE)-G5inMang?TQrmpsds$-) zOb|78{{)jjv9|8Oa~N?(GyYZc?;OFzI?Jpz|N0ZhOKz?KnPiqOKFmm;NN9j}j&FCQwIPGIi{wr4R z^-DmJj2e5Tg>rg!`*AZ-H^qUDAm-HRrb(EXEL@tk2jmcT5$$&v&&ejnR}SkE%Dc)h@G|M!Wb9i@jMC2jROv9M9*P>A3J)C2 z1?jhPK-WeG47lAXB`)Ma^97vFdQwZFTWILkHm>NhW`hwot>x;ap6W!T!sF(-2dv-bJp&Un15RasxHWER7n62D&c-`u$u+zf5S zWfw(m&axJz#c3tOrD`moZ>D}(GCiA0+U2Lx+Z$?(6fHg7nhzdLin8_@FhbH@76YL& zow72+C$J?ke-d|P+Hn!NWiYqEk1mox9lN-V@^@jWOG}b*K(u)##sg0qjp*s7081oA z0B&6tkrqLBEsg^x_q1=p6gb$=Ekhr_+fY7AN;91@Asmck(Co&==Iv}meWcogh}`|5 z4$4L{*i32;=4PZ{x;coKBfxPA-&K7SKFig-4hRVQ&yg;}1jEWrH_s9?yI>fwQ2kbP zpafmnmN4mLzmB(I``%p*I+`n^j4KT!>h}9SxEDhyOEozh zAxa5%yEyfYuGT7;nbqZ1ks1=_t!P{+RP!1Qvn~w8$@4D96@N#qZ~~7CuUqwX+X@}Roz!bd8QHbF-`sY zHx_Hh#5dHPmiiH!GCW@kgYvc$*pADp&wJ0=FfjLz*XG(f-mn_p-)-a~TVJ<(K(9Rn zK0N_3ewjcnF_1$-E+$ENUB#N7FlEzpc~Fh=Fg9Id zP*w{Qdk5NRnZoKOUhuWsU>_76yM8+dW=Gg``sTdJfI~>Uxap4j!*XOP=*5=q%kxq8MO= zAp7mKJYW?8;p2-#8~;TZ+%B@+s-WxBsp}T_WqLZ@aH2f$d}Y`yZJQa>)-eh&WQ?A= z=oD5MtAZ7ZyZ7&{&ExGh=b5l}$BT#{vIQM+hEm^`tsk(-M~9Vva`mL)?~~Kf{^CD# z>W_?X6AEL~#?)?cf0CQNdj5hvu#{%kd|TKyK7hBO4vpTm3~ZNUv>Lg8vVng}y_hl8#$XyW%QGZi4C*FkIGq%{U)8pw{Vr~^S>MI1q~eIQe_gbpye4Hk(Il+T%4Qlc(TyVTTps1Wt|r%s2U|vVGL`Z~upg~f z$P4*+MlFMiiEeiIsgS&lV-^2{XJO;K96Jnm-jFkD+zulO$il|wXin`cwFS=<&{=wk zzC1Pj02(d+j5Fp+YXdbx_6wGJxC<(qK58lZBQG&W*uXC7mDEXbs|S}SH^qdB?;H}^ z<}x(vP6&m`p99CWM<}RfU)2EUcEsR&(q({ zQDx>!$>wq!|7_Enc-LAsfC_2YbL6QyV;(UL%63t4AoDn#yI+y9NWD*TZ`xq1=tmg< z2bWFedsM&5K|IkIaa94FbCJSRbUN`Q_b@ce;aX&@!jVG$+mXrsiLM{8yKy!UK7dw+S?7Nw@rz&W!8Cw1GHyxvC#t!@gA;5csasTH& zhWQEE^FI5}jW{CHae=9{9HxhJKtNuk`LN?`2DVz2ocG2t2tDovE+LM5-F~t5kcj}eu7ak zzg9K5w%xNk^Br1%-_by?e=Z^Y^tNW=xb*3hC~6W|$A&a+i%suwk;#X!m8CnAa4RQ0 zR;SmY|EEAJ&w42337f-kQXq$Qv(Q7gDn{w{=Z0aTC~#sbg?%l~sV^r23R3vI=BV_K z2aMd1BqVDk0^?L!>C)rAcr%m-ug8TR4;lO8p5_qRTDH>Ktkb<8trBf`Azd&uCKG(! zu9SbrPx>Q_zi(jPb=|TnGcL+7R+syq_#+w@fD-;FW(nV6hSN{5|FlH_5~~L^dKXyY z2B>IlYYJFm?$gzOfw%wkv+3t6iJhPj{vFE!u*-)(kFOB^9_INAzztHo^pTs21yUT4 zKaPi%5kz8~7ewNuVA7iFCoOI!4%wV~$f*b84KJ5|XpGd`zu@Y9X-c1-|7pCXR^mO8 z96CMhae7f0iPrpZE%dMlo!PW;OV#xinR+JIUJDGw&}^8)iV?6>xL3L>OB%BOn8Q+0 zP|H_v9(tr&$}O=oy(X6vKwy`>Tu@SqjqD4Q#$v0@GhEmRWnSa+-EIWJx507QHbe+Y zsRR?sicd9JgaY#dRMCxTXUP|;Iq{bfEW3Kqa5X(NI$rwwHx7A!;%tXpwi4wR{}z&k2L~kNCvuNI$Vht5!R~ zlH|m?2(1%%fsU?(JffUBj{+6&ndFg`b!8*|ZP=l?_nv4SIs~y#YbcV&b}gQAn5eXf=YbXct82A(dj=n%rI+c%a}3en*A{@nh|T)k;z0Y- zsM!{Q0m|-IW$!EYL@!9^Tu&XG`&BX>uQiR8Oh==eqMO}kf?ZS@Lz)n-fg3-#_YX3F zzNf|Z1L!Z1x&@zbBgWtw7}cH+bDE0=#ofd(eria6iV6Fa7YaFRA0xvU2?MX+2uk`cWCL9cv55os1)xDY?EKyH5fN%NlZGbD4u7ZJn7sz*uoHj#2% zzYV{4f`411%vJ9o&rxFQtA%vCF^ce4cK{|d%uc8QUoJbtT|8c^ScNCD+o0C0oD@zQ z`Z5f)!gVl3!pgAG=N@PREKy+#+zOy zal#9bLuM7Ikrql4WD^eG`y&5$Qs4|eaXnk%6&|(vXkzpdr^DV0FyYHtn#;@RfV5PT z=W4P>pEx4m{v0O^0wa_Y^aTfyqgkY$i6-%W9qMrF6qXi?LF5mwCECX#+82`E@jPuO zq03{X8bvY4eQrh|nx7?dd>wiX{)e5_;rA+`l*$b6q-|u!nqBx+O010-N+_`vTC@8x z@EdNj>GwC1O6cnnJRsqL&9~{+7i;Z8^*T!?Ll2!UW1plVOBj}MIC>5##~yU*hp!dh z&L`F%-XHHs`T`3Sd?N+H8aD&v|8tuLMC}l)K2t!k2t_VDHPJ+gZcC=1QsL?u0(Y0kuPN{J4Vy?@weuO8^H&7aVm5O9L9NmPUy!o73!{)%~e=dSqG zQBy4q#pI+YG@KBZn`uv?ufUbZo9freX|2J&E5Ug`LDHKTkQ`H=Ff=HCRUn&#bOUJR z$W&`WAOl5aT2l=KvXn>Jos3bS7V)!2>G>~FKuNc0Aem+f8?D!z36LLTm+%tx!HOtE z6#aMp$MKvcOxc0<+)v>Ex=)1p5VMkuf{jRSG~dexwa$~G6cp9YY;VrIF?Z`CV@e3L+t?PAd!LhU(hRvyHL~5)Sc_IST9QIP0 zZ6@pYziOhoDCV7w!k2k75c+srNjWp?@Qrbn8Nsa>dW9Tei@TxyIttxDl}F4a&szUw z?VGIc{q-+p%D2?s9|xfBUyo8Qp5gcMkzwsOC4p}9he{V_zhQOhx9ORyhLLdV-M2jM z3|Akh!&6U9ZUkajnHJL!sUC@K2u@#e%-MZ|&I;W>*5U~5>;xFBd-@q~cK#cgRagNc zL|z97V7KHJq8BCq?EV^5VZ4Rv1$}5bj27QFaWDg8?}OP-r0YGH-}Oh)7E>#BH_QN< zK*q)9KNPF&V)lW?^C2>Lc<6$O@M@K&|5hbi!!vsK6Jz2Iv?TSmU;e03N@)@c(9}2^ zKjX%*?W1$NRpIC18~<>)a$)q8K5iuWphQ{v}4^91BoCZ*tb>Na)yoXC*s-M`Dg!P}Eu29}GNDa`j`ti92e zi2NzrhkmRdTo=tQwrtNNj^yX~UeO!y0e_e0IPhjAB5yG{y9)f9-!cXnB)d5bUZ5bk zsSXcWDe5imE$3UuQrO{couBdAc3>cghPAzN$U^9VZs?ME2AmDFGKp$K;#Q)u{B1!h zZvt(2t&<0VV34CpExIYVkHnk{kwX!YXl&rK-SMqLd`!XC5Ng1I&zwO(CH?z5uX8FB zgPH9;nwCi=@a&L`yOVu>)FLDZ*3Y*L?__8Y?` z)g!=$sDg%L=!r3>K{U)6C4{tz62vOqf?QSeLaJXAve^^N6 ztr?W4$&MlkVt5x6a3dB0wAoWq^=#UK>lK*&c==Lpe5-&UUvaJf=DO+=Z^6Y{_e+l~ zTsYmPIuH|hgH-+=)EU=_cg?ph-GR{>sdsUEaJC3>L=arCcghf3R+vQp+b%~`u}HiN zG1Z;)FqYce9kw(QtOeq0w}YgQ(pZ(;o5Bf&gO#5Qk)g|C>xwceYtuk57Pa-A;c6$ToFUdhuQXdok-w@Bv9UwUT zWf5GB0>vG>{p3|J5J)0ST-rsf1rO?!yL@6V{B7YwUJGyhIpM>16mv+jzsxs#?+UJ# ziD`BJ1*!~AhsQdnd?Fh=5j_2bp@t}l?H_}$4{ zIR7iSjx%H_KRgWr+GFx<@HKRsTOJAYHi-xE&-#2)77kIA>?`GC)$Y-~1*!+i+}-Wh zJh-t*m&GV?P=>cPLd(=sGz^~OWuQGKVW-W?IFtdcesMh3ld}*;EqXC}is(y2_Mw$^ zDX}_((qMGA&s%Ogd3Kr$M1v?AO}J&QNY~zb8sp;3TMs{Zsw?ckdSxM1&YF{RsLYzP zgL~nHQyGmrNlk7qKj(qrOYl%UBZ`^O{nQv`y-Q_tjL9YbHM#62PyBz!^!{WsKjGEcdN*4t?XzyC!({65Y%6DN_;iPBy-c$rjZ{}KFcf=p8cy{t*2;tc zI<|cK>}tR|E_ZlmAgx&~Cn|DTZE{@8>)WkXxaSiz-9N5kKM^bD1Jf1g;g(l6gi=XQ z;eQ0tDqr^%HU;7R*H?H@!!T$ZZ7*IaCf%fz8*3Q2((V|UXH=rD=d+dsi82xrg#tov*6~H}`kHdrIW(*uZHqWZ-n0#<* z%PSwf=PKY{17~a~@SwWlj<4tx)g6xX*^IDeMJ>?HsxGQ(?&ZN%3#c*TS1*=>X2Th) ztzpk{QLTr$xiEx*RTS|c&iDM2aQwe<)ejCfV7>kmXBXkc#Jz^b1Xv=OES3&*V9PJr zPXoMi4Y9ozb$sF2B_0`LV@I`X4dD&3Xrd zKopJK^HxY{;MEZwwLt>>u*BPWai%86imqN`ucN?b%w8s^Cd)PlC+pw@|Dd+vlI*&z z8)7N)A(t>;iuTQ`DZ?;AQ8VV)xI`IkF>T9A?BLQA8^eX|E0`meV_4i2XLR>bigaV! zpPc;2AJix;p^rj-s4^3+r4Z_POAOQdD3}$ivcMe%2S*Z2*rsxXIScovBJNS%3;~iT zrW&vHW{74LeA!-B!6$I{J^;3|bqOdCLTYkV^@Oer-@HwGoj{>trdt?Pcf3&fo5 z1Ecw&%TKDCXO4-Wc}qVc(lvI^RYj$vdK#{fozo9)6r1+@5Q~2)4kf3$6fISzoxpoY z$qZ0P?w-Q8*s9sove##u0fmZgGV_<`v`-wMLl-aK4A7xfog?tdj5Ea=G`SGJN(j1) z4%u9yeb+CgVZT5{K(0Wa0GD@zt*iaU&H18qT8V(Vm1@%7sg&f{Yup7H5{F)_)D0=Rg-*!QsgxHQ5o{U)-d=y`rmdFEwJ1_ zsYvy}i$_)@0l2P&63^5|-c){NZ|)M)#)C}q(0jfj@Vr4Va1BFq4;*AE6k*D@AkM?K zZE>f?QmhNN)evewZ!Z_!De3xmj`dm&p0Uf04Ri*KX^>?P3qp1O#YSp7updQcK=qvO z3$*p!$uELFb4rMQ$0@VvGW$tY+V`Oeh`CR>DFcxQekh+j2K9E;NV>=APxr3l0kEe` zY6I`^+?ggmjkh-8hC-%WHYzoc_}R&Gm&SP^_CKzIOFAG&;XWZ#VK*95@14e$B?L?0 z%nC^ym^w5UBEg_stNAeR^S)FTP$g)3?PzmdN7peZ`V*ZrG$Bj}^8td^)(#_43Yvc= zpf5$1EevnxC_iw+aB1lBbcYER+_p;HsB$#gvZ=_jOU*x21Pq+WQ3Ll?+AJg^^M8I&(U5;1@$i(6E-M>w!wI;0NN$&t z4?TNmcbAKcJ$_*0l6xQi<4N~XS~g_oDZO1<)^Fn}-CbHXU=^9VpNCXr$tJL5-f#9M z;*f!mIVXJ2Z6QE9iW3pR_JzPlfUyV+N$o8_3b9zHIT1U|gX4Bhh<|t*)zA5+vo67V zh{Mlbs@RQ$5@p(Kov6!3H092ex*$ZS&jvLW1pKo1Jg1w;T( z(;&m}Z7vDviN!Lnp^}drE_7=lWE=}FaG2mP0m>UK4z!6L2at;QBfxw#f7px_ecx~~ z%|kmrVI}_Hz>Wjl8)#%QQwcOc2^7tHx%RVp1V$DX&3n48ldO*YwQct0bRI8gB&$}KJB-|*4j$sHYUAv>6Fzxi?$=gfsP-g_Xs z_QE;mFam3yG!>llkrd9R1(e=vCO98poL3+__kulSE2{Wmv72MEd|Oy>$3-NwTJ1Ln;0n80Yem2@00M%YgFu2t_BCfot;UL0+Rv-yaH%C3I_jG^IdY6jNurm?p30 zgaCF`duS+M=~Iy_Kt}sZ#0>>^L?PtsSkU$ofgg$-!%}KnugBL9L`+MwI6ZD6O6kox z9a=OiD~X0+TCpH>Vq0JgqY$a%e4Mz)Y-o3JNqI}(q}U8v!$217L@g^WJ(cWzG1qd> zSshZEXSUiHwfTlLL!BX`|0(rR+()t(WvSQ*{v8ZN3G?-ll*`lO50@kNx1Payw6e(^ z&3t{xqof%wDEdws9=nQWq*Eusx4Ax8ulxNh+@}x_rAcyc{_2@2)V8brva}$7P@R9Q zFqdAsoswd>6(rHxA~V8P zS*2;S;JQ@P7`m`Ebb^JLlh$#|_j{tFuZeKqL_d5=i9x1xI{+B24XS|vjJg}2m|r0yRDZ9kp^k1!ptr+|KncXcl#gvrq%*%)>2# zUMlQOCGQi}v^M3ThX6YbtVEW?xWptj35V&akR#cAx9I$xx6;&RN=3k-vw>-gr{2nR zdKYFv#Z?NNX`WeOi7t76v2l6nPcqQ5&jsg%hypu)a{o0Ij4D(sLxTp?-cK0KV5=PY z$3N>Z_mixb-~moU`eoDN>rz=*kuaZ#4kt7j_v_N~3GE0#+=z8RygZ?)dsNsiV>Zrh zj*s_LHCsKKC3%wvIX){W`LoyxDtbp!)^z76drfUd%?K_-+{G5_A8)CA#uW803FsR! zT~oynEZt+2WOWU7&Q;T)v4DS>77zV7rqrTJe;eBYi;M;{voiTN7g6hAXghu{L8%wV zA0k>cwqL+c5}fr#8JdryeTWNc&2uxc1S^oObQR?+n{D#ioS(=ld*%6S4#0Iqfx3O` zLTixV9SBq{k*A3iZIy;wgevH|w5w>}LmlkCnfJ5AP-ymd!X^CW&2eRmtD4*)bTgL0 zY#tYzGZx&x3HxWT*Hu4PH^um?W|$;fteFoena7Fv+zF%sU(ugEiJ5XX^+njlEM~zV3IOQf}SZ_^Wb5*~Eii zcD@Ow@!1%{K~@H%{>x9$rJ@W3j4I;LrI64ML;)NCY|4PnWB&2jK9LP(qTU!4Lzyij zQ%SETnuJCcP%#Hu!K-6`sQ`2Hy503o)stWHl_-NHvpbAtS}lDs!3b^G5}>bVc73Dh zouNkMXfg{G5X`2%&+z^whjFR-_|J7#$+)czYBdGCk6hVxp7S2&w;<7%nwD%xgDAV= z2A<-QAm%D(Q%bWN>~RC_>*-d9)`&BPU+)Be6iyV^5r>77OBG*Mz}N~{%HG(S;moXf zqF>BZ#+x#*wbEwdUG=ifP-D;|=|9faMl1?inMql3TEt)gET_cF*e@rT4Zhqz;FU4P z%+J}H<;uy5^wj851;2qWoEAHsV*d%oR9w!9OPTsq<|%fobMm6fIuymRY0@8Skqca< z+4(xIui=Hs=CK-)l# ztNNWhpSJX`tEm&Muczbtz1|PE2U%T9EvwX@Vc%S7k}tKzLF3$ty}m%((Q6xH9%#Vs zjom0khU}qHio#(;Wa<9^vp`J0iq6d0B`Pnc#T2Zwz28NQwkzN-r$wI-j#Pq&1 zREGN6R5-%Sp!Se%7y1eIx54y(8$ehIF!iDJ3ygo8tz+YjoQkeU{(%l5?*v%puOrMZqS2{Kh=Di_mmFjD1Xn|>GY2W6 zgSvn!ToEX*Q9%MhC32=4nVypv7;N)U1;cHkfVLkHpG0J6TI7-h@hbupaQ41CQ>9k`yACTBIMmjLAF>?HAduv_cyt^6W{PhxoD@tPmx5` z`$Er;nl85&p*!EIQj8oQgWH(rbjgm7p`rt$DdGayKep|Vrb~DCgA7_l3R-G+RN-?t zye%1AJqv~R20+OMX45LlUDu!cOhby8m_CxZ%IB;EB$=e7g^`uvBTL$Sax%c}w#!u? zM7FkMmW!|$x~v@l^}A)yq3hl<4SAo^JR?moSuLbeEmjZ+ZTOKc#{xq~PR^i+~-XpShJvV^vnsrx0>+U0px zE<2>uI8EcM(UJr5S4@MkxbBD0a#WtCRx+BdgS`5VK5EDmtys2zx;zj}1jT4D+Ftl6xsE1Q=0k?bsdwsi z^n%g~V!~lP2}f8mxm9H3$Q_VH%?d9g8~+#nhjykZ==rJan$PuTXuv* zWR`LTkq+x=$uddPsk!>)9nFsVSZmJ3cT6nx>NV-hT8-krKoz5>MWo$tJkp*5KClLJvyNB%m(DSO_2M;o*{%i0(el5TPTn|5|brltLWZY^%^=o*&OXzQ1_? z&1-VLqGIWCu3(TP^|L`lS(<1EQUa{pR)_9rnJpGP;Y=hxK#K{@OBM|8nPbG7LU&-H zSjl_9ZZXt=b{DjP_^X`dvP7Ir&%$7wvQ%KOf#|YC<~bI*){@*ZR-lOu7P6ytk6e;h zndU_X`}gAIbMTleBQupGlVWMKekT-_q^vSV92x5ikF#NM6GK19SJ3bu$%_sUz93xb z`9EBg(doL5I6A!#{yPo+dlme59{jfo|E^B|eA*tEG;pn!OrL|8bzx^5amD{j-V?dd zOdyVrE;+MSjo{EWgtuSmnq2do$*M(h*;H%mh{{nEUR2ye|KdBO`0>!%8jW*sz4bC&<+-lon2mZE(h2g$+@#y zq0Vc*yh-TSJYzQ#a+9!9+y6H7{^pjg;h$k?Mz3ykoc=*EH=&V$HRqWnU3?*wrcn11MsH}_y0F;`)IkfPVC!-^qPohZ(r|w$ zHx%Q(l*2xBG9E|CsHu0H-9NKszNTj2Q)>l#2H9TEeiM^7H|oSWbJfUeaAmE4_bX;= z>apO8qp>4miEdd9Kplr?In0*oC%R_W0M_#3Bg(R*WF2Chdz#A+9}JMvFNauKYJ$_O zNhd`0&IoxooDfOChvc1&wxwG(SSa^Eeh=jLUxWNwnt-%75n#V!G=z0zuZsYk^<8TKBogNl*V zVmeuH@C(Oz@d!%UHV|u{N(L8-B~{6;Zh7$o_$MOg^@c0R*Tq3JR1cuZ1DZw5$+6y? z-4_}QXMGXte9P8X16+N8qqog#SVDQNFabOAOP z#t)3_`n#(-{_?0NS=W}?db7WVqPs~67)e(#QO#ou2J z{Ql}8TrB5epPS$+?(caMUj6=`dJ`~sq(AAbu?gSXB8eD(g3vWmX-FO0pNunb^9{}Z zr-Zw*s0b4+ae5YvqZ(x(}_7)+LSpOys?2z1;WHSEm|5wh%BPKa@{ z{J$#!Scg@~A1BV$^liVloW6uV^NhUt@OL@W8*5OPdO}na$OikVblW*|bY*nVNAe z^7g%)lD~DqYz^&`Tz<#ySj;Awxn}0w$DeA-=2bhlnu03P@zXsm+ZSPq$y&QCP|kaR z`r=4-n9K-Oae!Bui&p|bE#_rfU~UT>&|KPM6~x`PcVcvRAhE|b8=`^TmPpVBHFnDd z`S|tut5>i7(;Z$YJ=X)-=hH_@mQka_8rtiUtIc;450O570U3iYSHJsx?m*++=N+wA zg4=|~Tuq3YkbFW`6OvBI{e*Ow4FriYi$oBVec3hQy4TvYtEH*GH1QZK zQ-qA(Z(WM9EXAu)V=YQgVNH4hOVW5N($iazB2LP%@PMi_)>Elz{I@kJR(2fJ@${YD_4gzCC(Fa8a zGUK}Qs{^ggFa;wt{koFi%KmaqonRMreF6(ag(yiNB02=L&J#2&jYninWt8_}lgINn zfYw2*0-PI`(g_Ols)?g#MkH<2I>C?okg@7YIm(I6yaA#y#7bkUIP^Q}-mC@9dE#oH zoMAB(pfEv=|KZVi#?JG+0;8%&se=qU3o>s}l5vhbX1_s%`Nlqe3|GCbQm+6DoC#g7 z0TD;0hK-YdL#F4%P1=-r#r-a!<2v zB2)n~TbKhmw?$!WMQU%I8SH{X@g`exr57H?4{8ji7gGcAYU3CFV_hT2uX(bPiV0uh z+`b?}**9USt=llz!^HxH&Iw_6tX%7rxu$?!kIr^;h`Ay;O@o!5U?G@$u7(%g=d6}Y zRhjm3uO0cGb|5CUrWenH#5(R`Ac1#*10ERNco<;hbKM<|Em1RAo+iFDO>|kBFR~=f z&gE$0Z~u2Fqu>W~)|3coE-L{S$!MdM4kaC{bna0FY>4{Law-~FTq2BMJw^*N%swTIrFIy zM*2JmO_K}@60O*vJI!bS8kF?FgYJ7yB~7?k?$=~*8{ISkb-1xQ8oX%?4e?5bE$I)m z9N9hxEk~%#e#Jf&tmJUpGpB%l1w;n$AF&{!g*>l{MCOPW436H8=FQt=UNU-X-o2+C z2KIw@;NTrNcn92b@D6M~W4!}g#P*SSK@gT7%Mb=l_Dzm)^RL4U25!h*Uo2|ej{dL} z@Psj2DJwF$W>%!}@k~%|0E@8*40-5|M$nQhnJ^!2p&4Fjs@bB-u9znO)^dV+!U`9N zpcIrHkLl)e4l;~g#f%ZxX zsI2A|m?g1q0VC$!i31Uafwyt5)WL(-#bbh4Cm4vi z|HElY=0e(L$?@ynlD$#36kLN+7IXZ6)vVcMAw_-*UBFUCelI z`&x#pD-houPy0Px6I#kj3>2b*&~6}bOi#$WjRC)xf_axnZ#zvX7D`%iL0-&W^dtuO z{y(y$DiyzD9~n(Q*n;#H{r6&VDHWEbmr&*4tuUlA-5#t@riD>M*&0t5ddF~rr!utW zm?nBFX+@o@QE2V3f*Woxr%O1R@Zb@Zc7gYG!r$Sgg?158oiA*r0Q~8`xsWvK8zU7IW=En#X6Wx`q?TK@f9Q+pKMbs)3}ln5{LmWSAx3XT4nk*Eo^o z#_6AsPVO*n*I*>r$rbIQ-VIkATl_ zHq@!u#$1YP%SM0-Ui&`5#-%k)R<j_o^ zLfiSDg0l;4fL`s4CVz1M^{2LjGo&zM4^gUq52<)-^HYNwrp(UVrmnh@GBffPtnfxc zQ&umaS=M;D$JqVd{VY>B5xj109s;>tDKCw(eQC3$(P|Vy`x0%^x8rQ@s7el~(`Lg|Fsw zF09Z2UHY;>rdPM(B87kUbw9YCZXgd`RG(EFl-{IfXvfNCi%FqYyl@ylo%IXx!Gtk4 zI6PgrL@@2Qf3IjZYcK}usv`iCPVn~Lq1E!=6D+ZF2^r(K0-qeRd zp@v=1QuCzBXi3biT*|W3=Qy02?@#0vOQcBStb;v!b-mf(X1&ycm0YGiKXKz)SPRFH zA4)D90rI!LsTefEotHwEEIkb@)uu_ygTHDd({t&Pj-y<@?^CgAFu2}mh6s| zqEH%p30o^P87i?f07x$(cPF*?dnO# z5^sJ8iUK4dnOQa0V!(I@DjihyL~nBV7g)x#_iy@D>%lCXvDp=8o4Xl|31{kmfn#8` zZVL&ZCMcOrTnSrGm(9xqU4txV>6sB}O%vGa=L06btp$2qmxe$ewaxeh0{`IKqhMkC zW$cb=MF9-U5pp*L%cWdIZ5Tdna`=UqkoQuX{|Q9$HNx_UU+$5=Zn!r2T! z!}OtWJPgXMQJd^?A&4yP5=3<4MI2>2aXO!nV(P-@x+EmiQ@FGb>dk)*|&LIAH#HBU4rz;m}5Y&Bt7|2t<%e}8f zLM6vde#dD87X^`|KVM~JeoOTJjtY;c$BHa4r-ixB|I3^7{x>NoFV&2k5yizaV~yXe zaXn~epu1w*m_P+#m}Oyl-jqR%QYsa*_`g>1J-TJg z3dBKLQ$Rwqq%u;H4L^j&eTuqKd!)Rr3b%7ELZ?T}wn3SGyr4JRqclbB8UJ2yEJj{8 zbdw${RygrxDJ!@+%pjE|1tO0x=!ERfFKaT9)|he4m>ZXpRR7%{liHPG_#RXn6hQbupT(vBDhsKU1Nv< zyJKc|Q*LHGuX>%e;EB002lsoSsOD+`uGl}mk?*B;{+1gb6%gd#7Dma348)W#tlzfh zRO)+X!-i{%K*I*%PP{E6;5C28oR*oK)68X4cF*W~>s>!``_G;M0N3S9h~GeyL$^)3 zB)_myVq#@DtBnTWu4GKX9T(&s7jN+I-BbA5+}KYvFETd40QpzbU!-6p$ttB;Iq}D$ z4m^2*Y#b&6^jceT*x5_dVrDIfRFRj@UOs!#eW5Odbu3Y3!6=urY}y36phzAySd}i@IyDFlNUX43Y$}Z z*)sLUtYOqttYIkQ>4YN@XJUO%*Pc)~@np&G7+LY<3aY-lT$VoR!QOlB08X&8HQ_xR z^g}32Gk_8hI8a`7!FUflP;!6YAIu7TOM!=;wotWA z0yMCz1JnzMi6@kvEZ3R+`P~<8x;strJ&voGtr%MKiFXEWtxp#?KolrcGIFV1Y{!P?4VD8M9k-i49BoNTOt{rm6t$=_dg z^Y^_lX#C$^8Ld9Nt!MW4C-o|vLL9{wfoO)Q_Ux|{Srpe55RVBF?B2!_2TQrJWPx($ z*k$+qnX`meiaBhLlqj>UPN{u$@`_B!^HX!e1zsW8+EDl~OxUK<>6H=h&ARv8Sgx`8 z4e{V{*_n_jJ6kNc;Cg*2GoCy+gzEiPivfFE$$N6oaGtQ&X624mV;IlOKL!mGKr}u7 zu+q?`|J>}^jC?3C29cIMNitLNUsA~OH42hu2&(2Aox`*ADaoo7AqqFRS`QhWk_*u5 zUk|nJwSS0`Pd!oW>$E@I!t<_>f&~?TZUp2Jz#e#?jf8k%MRu{WEDC)7X397AWH6Kf)=;k^Jh9 zxjQi5K0F}yx^BvuT`cYj>=s%uXD~af;2GhMP-{H5?3nkLDK&x+PqA!$7D|3bs^lpv zJ)(#ucEH@-EPLd@x&^{$vcec{?BGw33PXQMv;ISbWqgt&HO^Qf`MM~E&c;y5~Az|D5) zpMa!G3YQKE^q(rlmzedna1mvohQa)-Cezu$kyUYyz-%I;X!_^1rN4UiqR*DTi>`eM z|L2Y1gU0ZSMcdu2^Pa<76k{jvGv2~1z?}W+G%%yTdiL_!ixaaJFHg;?1cvaJfg#*~ zX-C=vm=&19A%qH{C1jb}FmSuMFaxadW`u#vYpG=GGDn|bqPh{?5n_||Zej6j849)c`5VQr|cG^?`&kLY1nyY8d%+2x_UhJ?o z=CfTEz?Bh=nEhM(D#qGa?>HU=NH4td$q_{sGV2Ux<3h2d>N3PMCUCJJX#<)BDMwwrlM-yp&`7}&4F!|C$JC8L zql}Qm#q#TtCf#6DJ%HjdP~s6F;!PY&=JE(jIj0s*%X|kEa~)ln>0Ptd60?kkZ4_9tRtu^-BN_3#Usri0ovCPq z=}`<@moAT=1=%Tk$iYne zDA>Jbuf)_eiUW;q9eh-t%UBR;_dErdw0oWaRJ!hJEV#6Lo*rb{J)^SChCrv?GYCFi zUvb2rj##1qp?VO9x;eQam_4$`9GuAHnq9IN@Ik2g5!BS;eD{;mFNau0VDd*C7Le@X zvH9I|AioFl`>#NLx3K>s*63fJ_C_?H(C$hCWOHKxEzX7xoS(t5bsp*f48!Bv^~`82 zEsr>KW;C&y2bv%PtpU8?m@|&bM=GHr0=zgi+6j8=yR8%CpkPGIR@_Qh^-OoY6`0^DDR_Yy9jHDLRu^QQyuF)@LTO|H{DjCl4d3DQ+ zAHY8mIWLPj@3O-~)dOhqfMyYMa&FoBVGE65EMLSr-?H`909PO2=xy^FR+0wC9>?zo zdHo~t`5kzCB()vp?Xi4)98cecpFb5Zeckr;j*TkmLy zPxtfaDE_<)Z_eqbANp!al2JF&MOM(noEBhY*WX>a0*bu_TP}2ss}mRr|MW+4_j2~T z7qgzU*FH2`v#{6SUA=fd@Oyi#SN(feCaL@V)kC;g&c!}A!PVj4^CrCd{Xg|4VDQNM zfkM^6CVX$hR5AX<7YsDSZ;vug@6GQfD^nk7x%E?DRTGuYcL`z+5xZ?cD^jvd(iD#0 zR@G5gV^y(|GX++aIaTcB`s&SJT0vj>59WW)o*Uv`|8TZ6@*Mv9``@)4+kW{>R{F!@ zLz%Mjn&<3CE>hWna20ng&+D-6mAof1Lk!_cPvv4NO+U}9D$;SN$xeZ>adYWJ*IWb=W>t1oC4$%isF#)if`>xaynz(;o@! z^z0q|WY(8VTNk{$z}M54YVLS*@5hpSv5|v4RHL&f_3-5gictsax0iy{doM=)fI`%D z1?iS{gMsa}5OsGE>Yk16FFqZyp)EzHEe=jp;px_uZ!|ipz%)57{OTUJwCt@C6I;Hf z3@awm8jT2Gn6xbEk{J!dUW69L9#^t!Uv;PlYETbZAqHzt$4Z@#Tyr|I-t?d_6LSC#w6r$C}TNU+;O4NDtI` z-c^`-jN-++)d!AUfxeo~(M4LHvX=7~S;u+T8qWKv-~2GNhMt7r^A;6wWY_>iE1neWb1rEX=mrB&DaXHZm|m9otCrS6h}u?)*hL-D+J zAC{S7k}#!^1yZpNSfIVvg>1c`gM}LJ)!U3J&6B@mGPyN#e=rDCTbqqF5ajH~E5k5u z&9XzSL|lN4;@Y&ci`#0>GNz9eXn`cB$qEt5EDSXJR7mS!=vf?m-k6aY-k!cTT(T2}?U))bZ}r1x7kgb&{-h0o~e|+n85Iq zjl^iqg(`CN;;6s%D<_3b!g<$i7=quCwTP}g zuzU*s_ll8=H;(WYtW;cSBjBeEzRr=^pPc3N7b(cwzg*dddXLi=NVJB6kfwftdR2m+ zC?xtzRWc(LJy-y94Q)zY=I`VU)f9yMvq;_Z zY88~sc|%Fbv=S*R#mFxSNR`WXGL08vj)RXJEBY_9vgi1BlAG4R9MfM|^&_Jx`2hAh z_|G3puGy^33+J9F#%mU7i(KnGM1u)}RD{9yU$*WBBq7^o?e&BYPvj}yH+(9#HKM-Q_hN1mAeeFug z4jxuG*{zMeqk=9?Q$R6Ej{k)FFx=t^8tsMu%!XZHIJaW@bk?vuD_DjH6RtRs(B2yG z3+-EW+;Yy56Z6|MaQdCjYPS(YoY&%IZ|ml^e0+fD86ye~OD>Mc_rCD`$BPF^HhpO` zqa+*CP^)AEKU}f$jwkGqgd6B$2jK?3+d;T7r1nvSn@3Zz(qHQ}aVgHD#H0EXCtQI3 z4`uyrhS7@p@SFa$4m`xx{7lX)wT8CM(QU_PZq9IkhypDhH$V4xbmWD!_5WPHIe^th{! zkRF|5e+^>fL!BJ)!Kr!UrH~MO%mO6jhY*om3a(`rUhlZ&3)?e8{pgMcc^CYZl0;@1 z0@#{M1`F&y8*5Ooi2rJK`yXIZu*QRDxM3W+z($E_jf+vZbMDW^*^Fsv|sD3SQNIjkcsVrHtY=SX5bt z`)5w-B($nNdm?dh2lm!jh%Ztke43*^hNJc;Opn`$y2a*JTs8iVR&&g~zGZ7-&I$-- z-z!!&j~dentirQOv2upZe<7A6W;`_O5IDkuBPm*8bT?Z8!K^1 zi?lva572|2GScPCFxG$O_?3rlD*5bs#20BMd*ro_(-s~}pso2AWcI_#Qzx$?=?fX;vyE8lLJ`_w`0oghTp$8%KUsniyv;ZV`AF;Z#4U(%Ps;va^h4Pfg zk0Tm{zHThKe|tl$^nbRNYRCpDWKs1NU&R9HFo6fiQ< zB`HgIzWpM+_4^kc)yLfP|D3)1&f*p+GM9Q~do>?78dekXe_efeU!!j{e+6OQFH3)) zp#}8$|M=bS2Hpl)Ujl4Rkdsun{2C!Op};Pjc#64mMvfVX-iGvHzFcWr(A}Khj3*k& zK4yO7rn?*v=*NrL1Ad8=O-ROX8Cj@rN?8>X?`g4#BNl81JF3r=>Z{ql@37fH_rsVA z1C4FS>9&6PZKGVGi=KkGLge~Qi6I#PfvYjOT|!S$%D>?u@Yp#{zg1SHapmS~*JN)W zw+su)8v&1DN-DH!W&w5MH-Jep4$wWfZ0#{KdfRUqah<1R&bPu7Q;DsXF-LWvb)d^I zPzrP5jXWsGypp8^XYFFd) z;gZ{3)^#lhd&c&PCY}$l*p`7sA%y3a&wd!kXKfC0Hn8saJTZI4=W{SweA*F|?4=FG z8%IU^;YsS}ad{^`kH$gqiRGjC#Bo!6hJ5AtjK3hxtBwm`2_w?Jg)~^La>_VPGs{kik7fjyD?$C^_&&B)f5~M3b_8VYyFXuKm0+PHBGB z5RM_UP@G9<%&{GB3VIqd(36;eb}|2a4%1K6b&0`+Zk!DFflo@@xuOn8z3~MdV$8-7 zw{g7rDp5Snc%nEtIrq8vE_U-mXjU$0!cIe@3M*DDXC=+L4dC{Bmke(~lZ+~Cj~-#4 zG%L+s)b6lO=^@J00!{4A$^xx9z9s^aQ4beqhf`Cb!KnW_ol5~?0^H%XtV(n*d(UGc z%hCuX&?!}v?|-FiKlFum;+-gq@cXuBI zctHRO31|7>Vmr9l{)Js^j~1R#V>{9Ss&51A*>c_(?mZAG{XiMe`3BFlF8RFD{WreG zq`Hix5RqFw-kDhs7-T=DEF+lO^-lsKRzp`c+4vBTurX6!fCAYG|9GrODw7KE-~E=> z0YYf08s41V!yS=**e7@l_K?bZVMyEAWoJHkGZ(ymKNQa0pNaW9oy$tQ?7$vh=eA?? z%XNUZSz>K1&OQfcZDk$Z`oW)i@Tayv|CIjJ3v`$oj+t=rGA0 zP}1Mbj_$AX&{z~{?`3U&-YE4~$P|UnJ$c2TtpRneWzNTSZr~LZ??b0>;CU|OfFT$k z5NfCp64{@ckc`e*rY1I)9mK$bCa6|be7N{1Mm5*Tm3@h9_{6Ukv|jMRVprkQgrjU$ zz);DGOd3(GM|VR=W$qc_uO#l&^g#tTpY4L2 z-os)}OkDvo0>q|%YVSMTZC4&F=F?Hrjq_^|5Tq8-yBJ-umOP+hIC(_>@~(d6iMKvC zg@}kQ4}Rr?U%CHzWWRF2_AagWc-ws(v1XxJ-g%kl%*o_d;&%>Y>phNPre!mj=Xf?d z#&DimiKz5q`X7XeM5eK4$c(X68U&--P8K@Mb2naaG)FXwK}9gWVg5XVT079guXht` zq6l9t@OX$tyC@zK`ZdZm?sr8po^!y-Nr7rGHQ=Sg=LA2SB}Fx{P0VtZ%W^&O&6pn> z?bX;<3dkmImM-a4ZyY$jkpEc<-XKBsD^HL z67(Y+^)ceF8_<^`{ln$d}3n;O#xtcCCxkZ)8FXxaoumO60bYvp| zaz=%>B16Q7OxdyW?_#&nMqP9p+W5c|+sLUAEZ>1t@u-N=16xa?QCave>^mbZ^}3*j zSaLigj%L535@+2cTquv0pp04^vjxdyLNkB78bT8stheqS$2bSg@iIN4lnEx(Okwy4 zPoP#1D7A0~qRy0QFt^q8D`iF~Mf3Z5fcLJ<5ujPw>hBFjzMnR)7`gJRRa=G7?QJzt zRe|baM_|Qqxq#>fFTpBb4QAA36g+F*MpwJSFJ>idq}}JfKVPI|wWB;W%n@C*--B7A zYpBT+!+I9YP(kV<-TeI=g3Y-01|Q2rlXYT&w0NV64tAH?g7sXJsri4-Fyy>?bGE=> z9{dK>@*X7$O^e!N%{Eb-MB%f=W*tIl>AxWWiX9=~G!f+OiTo zW1XM6GU;%Eg;7)L(pF%HDw$b!030i2PL!a9T1gG|5n9lM>)r@-UD5Yg@(%-qSU}zuExPMwp7L zKY&dyWH-~v9aFOhqi2$5aQzc1K$-;;yg46m&$nmTcYA_jDE@Wi$%^J!mi{3j+jsSm zx@LKiQN6bykskvSf8Y-`w1bLtN;7kQFMl|<>4hn?Y@#5GHiFo{>ul@mxH`8w6u6 z+25SI1-8Z8krS$!09M{nY_fiA)-f~<^nt>foPY@w5j7@6OT-=SBb(+q6NG)@3Sf(H zWnp8ejp}!@j_J_swTH0ki_#)s@Xs>xm5}-?f4E)nA_z5-&^yUpxluy_1h^Om64&jH z&DSL7O4D05BUeV&3Bx6D9|eIjL@Xth(7ZbVgjkKj_Ycbu$U%^*UL}T|7bTlIi3{Hv zuoT#WXKn@RwVU{(yrQVi7b!Gr<9Q=4-B!4~nY$E8Emy(Dsu_6?B2(6XXfaR;trgZ2 zC0N3gqU9O`o4Ix&>6K!ODg()}e*vh#;;ki1q)@u764)t9=B2!4qRtN)AYx(UbsZaP zWCbBfvZ7+iJZJzGzMikiw_eHUpSbjUK^I1Z=NdL;ZbTR7q3a*uM;`#52aY_!vwg(M z=SFZyQh`%7WWhtQh07n#2m1is0@e^<(X=^>)-4SC ziFpMs-raQXdP73VQj%6tR_mJ34*9#HP0>b7-1nki*C-W9Go-s!ex1PwOlV%R07zr7 z8@pGPz`N1hHQd%E)2a>%MRpg_vbN$6jtqn=x0BYI(mIjBcJUl2Y1x`#-a{KX#%+nk zeBa45&c`|4N!;k7PO-sEEd`c3d;#JiR0I73iSCMa*S2mxJDQDZ8F}h!_Q8;*Fr?{= zh|VKoCEYX9MH%NxanFu9-0m^-^eWmRx65g$d$63##>DuDDVx{JxS@t|EBaMKTC=jd zw{>80*NHQJ%YMs5ilZKywyZ zn&B9&OVD{{q=(?p__1uTUoC^TKC(sJ5`eug{4B10L8F;w zAlyceA!JkQC}a8^7vcgzzYy9M_x5fif}o`d`fx zl;BbNMAhoj8l{5%M2^K)O49A(q)rY zD>JKcOIQX&1P8O5pNKb=w+Dt%q246G*&EFG!H{r&S|elVTTa^= z`RaE+!M(UqleBYYS@FP8^-$EdqvoDW!6+QH8}wwps%AlA#abG)@kpG%2a;vtUmJz= z3V7)p8=d7c{+@De0aO7s2PrGcQrYwuhr`AOjvMTraPaxjfjnYqW+W#JS8%1M09S!+ zt#`!7(k4rw4&+#9dBxkku=*YK)U$symusxgp68++d`l{Ph<@O5DQc=-2SRyixC+KZ zD!HBwpJwIUXxY>k>!{QAytMjs#tP0q=udXsy{Jn@T{7yDM)|eslBl67`#zf=OsS_$ z&o<^KeB20qC@OVX55g$!wXb0ydJlLt&Pk>4n6!!bO1JwLCWIWNRTyVVA7l-hWwcTi zk~1~F1MvGxu5PQva|pFXEtvW-nkaXpwZ=C=a#B)Z>H<_Vi)JF%J&bFwOalF;O&fK* z*S^dWO(dn^for;pH!o~+lXfvhS0pL!36snJ_EU*-q3V8zX(kq5Z-T~34~ZAs_twUB zPJNQqVu~&7C#2O-Q=(4gSy(c1Pm3kj&hg7ivQ%Cvjc-n8b%JN@=?cykEUizgSL?jO z)snXnJrcNqe&id;dR_M*h{-4bUs4~AS=Rd6KLQjDi~>c&B0prIZ3f7mlZL{ks=EIY%1{Vv;YB*7dXc=GOC*&HL)$nL0rn)rj6>r z^LUWrL2{QXwOiJYlH%jGqZF#jDSocnqZ}0rT2(|l$<{~X2+^t)r>+h=*x{wWEBRDs zQ*DH2?{0vi`aro9i*rO5rA*`ihjyf5!?gXm?r{RXcZhs~TLIar-z*&odR+#)`=Kwi zHmd$mfyCiklA(Vr30ol{^yyduKLHK0k#d^K_y>KTvk!|AT;#m{Bm`f;QyQe5u2<5= z$%Coz-dpuFnqsYV0W^Q{0v*=n^uxLT(GKuCLt79lgih5a=^C+|!TJf%irUk!HZY?* zvN}?(v?|H7dO4sQ(igqSMJ1|pW5c#f=&qB+D{Yop`ci1gd4wD~VPi-7ep630L?w&K z@XEzwR5FC4qk7G@n1-M&XSUf6IK3mQms~+F6*-^NQfE+xGaR}hWcd*sY;}WDlfB4~ z(1)TD|Gb5u0oZWo1>qlx3VwN%nU@24%z0NAP86mB}Yy_k)Xj?SwBA_~DAoJUs`RvLI{* z*kOrRLae3)5`HzxVcRd%3Arg-x+CinVgZ!Jon5Q_w%$?Rp9E`%Lnd(t(+ASdI|yTW z9KCeF9ve!kjIl`(WPwXTrv6Jv8gQEb8`8q^F*-$@=Ch2no++!nQB6S8aH%Ht_xX| z8YXh?Q=i$^HBcE)&oV4;F!p7JUvH-?&D6wrr@1Lop^i^tLk6@3uW**2L%g0pV(+ux z+n^DLS;Oy&+5WNX10(d5@{k4DOwnwB3z!iV1ykXx8$O|s^QuX>;Z8r-l*VU(5ndM3 zcd~PUN@|%yqH67#RiSdp%7Uu|N9!BeJ90#Y?dUi<86jHlY;hiH5ZBW+I4yZ;V?YGu zMfU)_`l6luq%u?^#K>;Q@Z6WuC&Rdw5~@UHdhS$3yN?hrEHR6`(0P&E7e<2enksiY zi2)eWZL!SN7Sb?E+fRfTnGUF~n^v382qdCYF+LRv?K{4f!wg(jGnJ2N)qN^aS`az= z(9)5d^X@6}Np7x-@@K^8lE@RlD_oHynQd>H8EGa6S`;arDqpOLai4c2Bj8mKyNP4# z)rF9$+X~QX)KH2MkZ|H@d-QTs>!ywUm;C6Um`;s6Db|chx(whau7oqX3}+yKB(4FZ zT3CgR=lvFZ`$r&i#T0$lWFn*-Y~EDEONoO)^CVlUYiUWf1P$5KtPWz!&8J$<(LVdN zzlyJ=xQifylX<;Gy=ORJ^qw-PkD57x)v>(b(U$X-X>WXeYh9*E+bs4Sy=4TQ&2gTS z%mBrecQ?I###M!rxuoM53A&UK!87Ltuh0S~bDG!qfq4yWEElu4QVVvVkNtHoiA~k! zH8X>@@|{}isKG%uzHhRWDIx(AC)G4yP4KS0_Wn$(=weY{xzXI2Zqp>~EeT<3jE)R~=t_SDaS|Zb zObeG-A$|RH&O@0POR$6=6|Y+6c45OWIiXyepMLt_pG@jy^G)AUKNKuWA82YHAviyx z15weTZA*BVHiHsg?kVs6!vjtIXVJ0IptAPdYJE}6EfSN9XiD-*9CF6d0eoQx7IWZQuG;eV0nspV_U7S~K_2#6K*hUauUQ~0$>0+5xI48xD+cPQuDwfa9f-~|- z9=&ZrQ=6LF+!~^78stiEcHM*>rpGnwuHnMSCz2@ihB8~us0H@tT=XUpI{F**UDHX3 zH`PyMu1>hyS52U^$;G(>Qp|Zp@K$_2Fz0)JQuiin^^y}S4kOZ_UT&Pgr^~_q>l9V4 zyYsK7q$GI?*{_U!Cg)`9=~r2so<7U&OPxQe#Uu^2dtPKIN90q*>*q(z?k^dFI(WQ=CSa|+Bh!8p1JfuT z+CbQP#j(>pGw$<_WYcmq_E}LQwY(HF^T*8mzv;~U`%Zd31vJ^Mv+byA)(l$eM&qURk19q;J)BAjb9teRokNr; z!InkKw)x7oZTppN+qP}nwr$(?E8AAr|Gid^J7M{+tQsh>zNN=|J=@jYhSDy43y%1k1a0m0N(TNj#Sd#j9zdTHH9>fx<2`hgY(p2 zqqNH1?9J*HIbUs2*yJ7PUJhN)yK=XfYWzrTY_;6hQFM`Ol(rNSykEfpJXZpj2G8;& zXrw1Z*2L_V8HFrmfjPR2i89x3L%5_dT%#tK4z`ng+h%H-t);5s6bO#jH&LdZ4+KJZ z`5RJe{sz`P{gx0nI!!;R zQk}FWgBzf5Hqys%dkD%&j?t8{hhr@KoBX=iop9fJ@cfO~x@JQcFyWNi5MMQ|cT(Mj zeFB?V*uKYL_!#(4HsWd$RnC8Zj4fxf$`kjp8#87_nqM>1eeQU9iz(B*6LO-uay*+| z4X$Vzl_Ijbm`{Cr!x^l42p+UF4jEMyLh3z{9^mql?}U!>G=W$3p7#vMXBQB?)3;G?Pl^$ipIsbnW*}o zrA%PYTgpbKZPeTg=MqMq>guPnrRo;xS+Ovf<&A!*Gon@Yq-JB|M6;{t4Qj!`$||;u zYnSRej{kyA?T+;>y!$1PNB&ItxzKNPAYJHE zj^c%kfwPEZg!5Np0QeZTvauT4IofiyWh-`T#tbaItuv!`a!#b>5Y4b&>_tjU?M_Zk zuP>L*qctjCfW&giz&{<0nBbd%3y%$>9wQ^A($w??7{PEXj={Y5ZdA+6a@MYi z+Q#LMtEPD2qhZJ+D6q8@^jcZXGAlDT(#1h~P!SDA4>=~rK#&UN+&i#gnQfG36dfKLr^~FM^UkmunSEw2iH}6$A&k3a z!os(0`D_F;4e}w$fFa;+WsLrHdZg~banYW`_KkdRtRbBG-Jgos$|iBQMU_yYzQ#00 z_=7<-kVM*BD@#?$vLX>m$H%XAk?ey>X2>yD=n(qKQxvjg0?O357r?(as0T`=B`37) ztwgKUFxOGHgq`Rtsxm2W#^tp6#_ai$C=TsY4U>e0;}szasie_L(q6WnL{1qzd#JvK z&uIFuu=^E+kqS1<3`5Su>mwBeOtR-$or=VyrRWK-y`{QIxMI1~WoW=|WomULli`|0l zG6-c&IgG%jsgm|14#zE`P*7;t6be78VZoTA!Y4D~rL>maGBUeGj;1@(0UM}+ilw%TCOWhlD%Z?{zQ zgE;GfWt4wduUS{eiP^)~#VqF3*W5kq;x?81Etwa_0Eg&VBR?K~K8?L>HSYEu`z7HC z%vtoAvgh^u9XUy~svae+pp7#Fn@HddgvLDInhDfSSDrG4XVub0jXCv(^Ch#gVt>y~ zYASYkJH;rtd%;hWcA89T+hTE0$V8)Yvu32A z2(O9}MYz2mQ-p%rv>BYhdeL{FiRfJ`>3a1R2JuuD$IaxuVh9jwYmf{bt+p= zQ*=tsJPC|^`b#DUxxEw%NmKEGd0Ld6Bo}oGjJy^`Re)p8NtDH(zjd8eedU0#1M;Fb z5S(PjDpe@rN;w4*!BmXeCdi{rR|ER-_d$!*%_8#S87*!M9GP0&*tl(? zdx#Y`Ef~2q`gnz&Q(=Rre(Sm|%$xo3J1S*)9M$ACP%Tovtt!P&px+6q!-6*6w<-Q? z_<#G%?RLuQ{Ko?-snQ}My9li!kQ>mfd_Y#9*J+n;)HFYJC+tBN6ij};k9{$9vVL}q zTvAt%6#tD$7__>-)=cnyn!|mG^&Hz0g}(QuvL`AYW*GF+HkYjJaG{Qre6KB+Sk%^I zIdtbS{sVysT5@z?fkz$WK&LvRJLy&8@ePNoC~A6dyT(Bx(L64hA{e!!L4VeU4L7)0 zh~d%Shq;_O5>Qs9%jM{jatqm!*BMu{dt(H_lO%^C@YjZNPfo$J&uCyv$h0UVZ48Zs zVrZ{;;50vb$Cs`Vp&;7OoB3w_c{joF9{?P^17`9ynb=CD>uST%+J4JC= z6BZ?f4yZMQw$i$=8=|dPPwgc}KZr2Yy0hi1Q8Sc~DClj>bSaeOm)bg{OK8^O^<8O5 z@{xodt){3*n&k;ZTN~is#vMIoBd#i=mK&bPlYoE$ah?)>+XA|=Z zYK`Iheq6h7+Ug(fNwBLe*xMJQ#ORzX^v@>nY+ttbp3JqSP7`{GbadtT8#LtN${AL~ z_8_*I3>=v0l=%MrC)mS`$chff$0u19!w%X`4`cY7bDXgpzbHbtSb$ z@v2|6r?hMfdHTe17wT(_vrr;cHi|gnqrR*h?s8^~$eetgSrg`ARKKDXV%}}9bNtX` z{LnBhtqLV(!-;u#DK;|W9;m%0wL+BzLCp9 z(Wk3-Q(oK|>%CLLl_?yUoO_<3FIVmQ=573?j=0j$;NO5vC^)+>9bfMT&f~D>lb6UL zste1JAZ$n!wGo}9sCFd%P19^Zz{|h>^fh;nA0ASmAC-wyW|d>7Xe#g^BornlBAcV} zy&d5FK;)E>lR#=)^+4Eqf1M|HxBswv|G@2oG|{H}^S3}*8mLUg&i!z`eG4TnReYhe z2=dUt(TE1q{e_@3kD6}FScUt4Woov(g9UzVA=}*+2WJwoD2zVFN4PY=}KX$jtg7eEu^(ETIEot zp#vEZTPFd5)^#TO(YiLH)%Fm^tw~9`6KkcM!cm5&J+RCb32j8RdQKccX+86WQtgl_&1oSUkcHrGc1hLh;BI(q>6~ z&nQIqkqGFUrtq}IxqG%0($|ZXWW}W@dy9I+Z8j3d{S0Ds#_SJ4_1wDRPz7Dq zjY+z#VmkQla5s7Msgzq+$@DdW&S36D;aq;0pR2d)b)tu+|00FDCYxEaHQm?QnwY?s zv9X7CruHq+3MD=gg`wQwwGZIW%Msre%s>~Actu@@74QrG%wgURPYU4bgZ%q8f*?{C z2yTG=Nyl!0H*P0VffiFWpYAxVPjS)b9fto+AZK>U&v8iS$SkaYNC!d5@LQqw0By~P z>60;Q*<|hBiC>nYeFFoJGzV|s_2RaKqz=wkR zd2eQkANsULmDl6|#Vfr>4a=AxkD0R?9(2B3fTInNP?pspu-P4hfG%S(4Hoc~ta@gW zX%P&yqLGKoTAKlO;pYWp#%LUZoM5pBLu~@CYGh(Rd`Sg8V4~M2j*};oNs=Zo#^}cN z&N=6r>@WM2IZOup=z$6Oj`-NKV+e@n&Ux?Rjl!DGl`a{Vx&w)ZS{FFb_}Dy|m(7-y zg=v^XI0cj%ko1)rr?l7f!$!$q>=h-;!W;1>eWotTA`qRr_wO~9q_-qC6waCrTESxiLxW54Zvm@tGq! z;H;5^L(n|Fw<_suShzw1oJfMpL zbu-l**7Y(CB7Yj@-F+3g*SfQ^pSps^q>X-&Cx^Qff;^NvA< zL%1Z<^KG^2XbhbrW(G|y(V%plztk~ZqDFV!s^*J9$UW;P4=u2*`T32;nc1CneU(#L zx7Rg;cARM)<>T^d4D2YN#Y|lyJ}%M*9Fthso)N8ZeS8-VdO$%6#O$zJaga)tBi?Sd zrd;n%ZAf5H&-|Q^iPjq`#T&hCRy~jAVhA%Vb-A<>J>y*EYJ)9AbwJU-#&>S_mL-M= zFmb_4@1v&rDYgv+E&4oM$Oux-*yisDL@b;{dKG#G zxB-p=`cmkrYjKT85kn^muqtcFoN9*Y8s@H&^a>HDqa(LZ1p;YXQky#q;xW59PQ@Gh z@#1!&F*3a^YW&E*EUK!C-xEct559^aX->e??cOC?EV9k5LQ~9v%sat@pyL}?{DFAv z8BGego*d-mS#Lc+akR0Q`As@G1BT|^TGAvFW~LoPi~3b5hFNuf7skCc(ig_IH8K~& ztIOuyukF0m=)T56Db{fL>Gr|RO{gR~01x2XRm>0yd+Ul-!hiU@CL^uX--w;gD#s2b z=G3h>?oEX+l(Dv8h{4BA1TV1porJ0<2+)k>(sfh(U6_2K?^jk15IWQ8$Rm7w#}Ki= z;s_@X`isWy&GaZb+V$fo8n{vIBB*0cBdYARov(FaN!At6xXG&Z#Oqk+EFN(S1QT`x zWvIh6tPJT_d7n#D(fwV(4krId1>TL+uB_M*$Uub5B68Y>9K}bJQ0xG$+0ob(TJA!= z71+1k9ycEcs02f4nh~Rs5Com_MiZ6hy3%2lVG4f1wKY5~WDKUlHnlbtNfJf-)*4fs zTM^hE(%{TI2%04Ai7m+5LI$5v-lq&ebj>O@6_q}4Da9OJVS>$D2qIFV|;x0Au%rL0hH26G#th@-CA|Ag069i5aC6 z3IboBwYPrPR#}|SMHo*cMEy#HOiID~y{A(wCOlV`W>_9YcPTeFKfp=lP2e+Ef?0WBne)em0Pk#da2EM9we{0*17&Km z0e`<#Ib6<+s3Kllp++S{je;3L?PpZA428WiVoI;T&&%G==eKU*pe-Dn4=?7|Tk0;} zXD-9%9Upuz$7kyI>=11>;3}V55zAsL^+S?L;K34l@53lHQl5zg{Jn#W= zZ6xHF>qJAbCP=-5d4U90EG~9$x7)nBCsvNF+SX7g9C#E3a!E@p41PGDitn#-^yX7# z_0X z>)$?bgNgB48DK+nwI;4t6^vf$T9r+2jgecrLjLy6B2@k+y<+n*g+wNJ#FDZ>pP^F( zhJ={}Dga785T$_GPDRP%@?YTnzskjqLu}MH7v4 ziy@+!j_?FJdTRUcN!3h;8WS&5qDQCSwx=?+H2Og{m@&XTSSLFVbUHQJ)~Yw(=WD;x zZ}Fhk4OSTVmY1O<1Jrl5BZX0MV#&u?fP{gCg>G10upBpy-&gVOEQjuzfuXSx{6`I~ zwbJ5Zh@c{a)oS}kg)hX||4|CH;G)G8YGHdr(IF3$Dn;ecKduox*?cg#XW}pZ+_RK& z_Ld|Z!nyr*%SqC{d~I5z_=!%b-O3Q?pz&kTfNR26baZiaL{k>O1i8 z;?;&eQMkduAE3!0ZpIIKt$Ey~tGKR!EucMWIms!zZXk(zH9hc{xGs@_J$(|6(7h)Z z(`j*7@Eq$_GZBX@O8x2Q_vYc8@f9>DkDC<(>(MwY)vA5fFrD!63l1!T9bW=_aCX@3wRM4ohR67&>KQ z{}0Hp#RcASPBY55Z{`?7k-B5zr@F}Y63maKa?x2BcWh#;6 zA)@J=Oiw&2k@b`IfjGM8T?^ch{f-Z6Em+%q-p;kjSlT+I3vzEcp@4T3a(({&h93y-)8GYxuR1g~-Nh$MlNH`3(YxGP^C ziK7?tJ!}_mT=Qj!r;I)z^qTA%9F~);0I{I`Z zev4Z`3AR=;(*)%%SCH~$vIh^@hsom*H&y1kGtdI}3P%cT_S|z={NT2j-K3q8R$(Wq zcBc1WsFodNTYa)UuG;PL4xck-tBjA*H&H353_$56={}|@_xQh;6JrXad&~w9k^)|9 zK2G?4@9@$SEw~G@I{Hr`M7@m!S94mk(<_1T9}}Qt$PJB|SgWI2HwMoBy1EM&WhTu# z4!k%C@G0*u-Pn&2iaNQdexYk0%DoBep1G?FvOm}@cOA~=R0aX9lr%>*Evt#2GTU#! z`xKE5=@KXZJPHD74~1-ujXyNaMn&1rYg}3}_p$!CRIzcNb_w<>FT0;l#3DO)RgxQa z!ses;Zz;see%~&u!mWs49)=gjX;o%q3S^}rBHSB`*R>Fe|5Q(ypYGb8-t7oRdkaN= zac^Y5lnB(o07yC9LDUg@f)lN?fsFh3i#@}z-DBVrc?P20-J(DQA>IXn-@)%a1OTn0 z0*LcdhvKb?x%EvN0(f#mW{ocTyIsO|954WIJ;N*_g3TZzVIHHSqWSPYLv+-WERDebhp>xJNs4(r(+Vdhd!{2&u@$z1I{lp-MrFNok*INqy`(P~l zQ%@WnU5wW1;)V$JbmbFKq|_#gooGN*Cl_6vLo0K>wFm;+6y>p;CBFaYAj58L{u&|J zx9_YeAj2R{U5gP2l+#XPCV)wm))B)LO3>YMYNdln%3^xvXvo)ytWd5E)LBJ|Fk=i+ z`>N@AH;BOU)Jx*%B^OytRAx!&z5xA%IfhedpuUSo-HxHeW9a3mUA63M#tRZCreQXC z9_CfhwULF_P0T4jlQaD8sRL#4QOLr-=~~)KX&L$Qg6wvPbd7o$4gy^dQsTl|!3suHq0J+K8qN!W1GiFg5WD+B#R^m7pp8zpBAlpJ^peQHOKqQ z4|w;VUS7;xr)9TdI_D_(Yu#AgZmh{kVlT}t*Gv0Mn;(7~Tx1ux5S1N=oLWFM0ck7F z2YwrQyrrUSSIA+>8o`&G%gY7b+FCmKa7>-J2>S6dYi&DM;0{4MNh|-G>Ygq|_l9NF zd#y?-lB|-13w|-oedBn?OxT6lygV&PQet&RjcQ_Rn6@yN4H*8ZWc33PA)@UC@pyfX zl{o+Ld!ZQ#5{w(`kO!`h&76r^H-hpS%$fE$QYX0=25e+A3#C?NxyiyQaKTi}{;WLE z9^?UJra7$?t+y44AUXmkARF|f4$J$TWouF4(-c&A999Sa2B6a8yOm>Gcl8J<0(}Zh zbqHGpa`2XIncZo^FN=K1p04DdgS@PMVoqifB~1eb2RTN2i;>8Gxy+NdZF-G{39&wD z;+<1+htFzDZl9{|g0Y^f_UIpXiJVM=7AZOq1hj-Zo_9Ay-mJgBvb<2kO2`Q+2b{pl zZ{ptX$eDd@tK1=GWF2!TRVmgS$BeVGg!ukfdZ^E(;dvKQwrN#46z#cdYr!EUL5s5{ zyitpu(=nLbw)M5z|H^lHR^qxNE;p<>$o|I2_S2iuJOJsXk>i^;Ju0ei)WmgtbrMj)dKHw6>YXFp3u?`QPL@oxEhxlYd?-yhlll#BBG)SQ%G6T7F8{@#F}L(UP3W>`hl0|E8;*Hsyb;?rg8ee z3WiUWs2P)>^$h!6B2E=^e^BV@qny+H0-s4EN?Pd8aM~2;Bs%m~B#hj}Va7^3*@)u5 z@8@Wqlw2Y|#8rP6TkzFBiZB;`txh?=04MX$T9$bZ3N%B!4Dhz%$uqI$oL1BxENA_c zMX#fJxanbrih8U}2}|KBBhZA>`Orxj(yr^vu03yM6gZWu!FtWE%*qp2q}}OC4$=TM ze`B>xnbN8Z-%zU)6oYHC$Xc>Wzh-Xc!n&uGNZ!t6&Zj8XRJe8tlm97~Bb$w9@Oo4m zj=;;At=Bd?*5qS9*AvsT)Fw(o1I5;ngIPt%sPy7v7)3@%si{ZDk~ARK3?GT2nBa4Z zp^@W|u>(mg1y+L3IN#GkO_p}|A}x%}_F*D?2hZ2S_L!_>E_}UJXTnMmvW$8?#v~V8 z>@-lTLmYwFs*_mN99@I(J@)v`3BL~;(x&^=ys4ZgPX)T>4cA6#SYDoxPx)Rtm$6gE zviTnv8ku>wfv#XTfxnd`#NPP130C80-JBt81>M-Gj8@xikTfSjGAT_BqeUMxVLdSx zm#__>L-~*xO=;zx14gfz(#k|W9xOhv_Bs6OR`!{`6z7|hE=OtRCv}US(oA)6Rz2}( z;|>B2To|DmZR+y9F-NB?SLvvjGp2gRls6`$kebQL_FBfDuaWmQtddapxoG9%m_3+! zjt#+^#F!-RPYnG+D6@@=u-%F)rr%bWgIMp@(W$7*DviR;&W*zD=GEooYy#mHmP(q1 z8(8DE#Jx2sg&Xgc`Q5x0RAJk{3Zac_?F-*Ia@>GCh4(qkd=E`iEQy`8a$aKx^a5VS z2Hit1a2dSaQ5pR-fMiv9zFlXzTbYJwwfedwVo1h}?2A5@+G>H>N~t8QQkoShQ1!R9 zIhk66r^7lw-px=b!Q_xA(8h~?f^qy-Fz1Si0P^&+Rsb(%m{6bz{J=A8MP8@Y2 z39=xv74|~CrIq&OvW1uUa{6^~_z3=BU33mTp}>8o-(x4F+TzQvcLPy{246CB{1KU* z?sb`wsH&#@;(Wwyy_Fc*7WTc?x)1lMT$Tdp1wxPU-^|6Dhi>noLqdfI?T6?kPB>|% zFF||2-Wr%wImnx{Lx$ta+M$y^tVL(c&Ad8*8I;!l2EDDPI|we%UHclaL&k$VF-LipwH2W{r3)yVg03@?9QYZWKYQ0L8hVI=1e!{`eloR2k`o<0 z|AyAcqr}zupguZt;Zxh~CPyal1UsS|7J#KCZ4N|dZrN8*e_>oX(qKB2IC#-{_@YCs z&t;%z_a>V-&nvAjOL#lPsLcjB_kz4#q<3oNgy*#yk4HhHcQq;twa2^roVe{?!q&+X z5dNlpqk7-g@JHOJY3A$L@U_ zeV)S~)b1nmP#u_DR=XZ~eap5VCk ze1f=C;Btq|Y|?iY<%|`O<7c+G@VoLyW%4FcA&t=t;)J|(7)87m&9hG1zm9w3koEV` zULmCAZy8{J+O|wM1r+D#rKxSHNqN;+o%T!?R(+z0&9?ogGQGUnD12n($`kF%`>AgFG zz3Q(iafLdk&5jF=^ND@kt9Pf^MiP~O@eHtRWqPM0ZHb-p$GvDn))&z8XESn5Y+EDD z7bi%9=xv-!3q@FSms<#BozaY7BIe^XE(8jfs3dd6U|Vq;wt@$N-b!3S%dH|Tw=^@$ z*OqOPrg@wwjalD~HJKMusO=v3e;TyNEP|MWEm`Ppp%@4^geSMk!g*3M49RaE#)&2)*8KkZgPh~7e5EbE*erP!rFcp;NGlddZ#BVLzYDkaiL(c?7k~5|X+*xsI-)zXL zm60(G3Z3MIZ944PRd2K&SE4IS635N3W2XD_m!Vp`CN1Q74!!WQIa}Z4HhBjItqsZP z8uq;xoa~2_{q@c0@kH0hw~h0&}Xv@^dp{UN(cy8>z+v_JQk-vK24*-j|O$JLSyHqqEDcc{PG7Ha65j;zvc zUn4wwz?TytHG`?R#T6hSf|P*NI(<=bm1hYL-OPK|jgcE6d-hrS-gQb5V$CzZ`U7HG zwK}?cmXJ9QdIigQs{&g-J}E`Q zCD87F1L$reGMV>TRf_aG4$o;MOZ0Bf=<}WG!)fF4wPh|~#i_*ra0uT&;Bs*^A0^Sh zF&69knW#2xF5IJ#%PaLqLB*^1JiE-o(oeO`yj#2ZbA4!vZ;tw+`Y~lG^UKA!Cfg;a z9%tJoU*ID^WiA?#W=VGgKIxb3iG9U(4ecmRSyKxSK9E;}>8R|p>d*1EsKmq#xJ z&xa}P{@YMu?c9(d`~G_me>a%%PRKZV`dRT3GOP16;1-H*LSroSj!cjzc~j|x#DcM~ znDYU2I{8+|KnJ!U^rd!G*Vnu-3_UsI%R1)0>5A^n^02-ywkt)A2y;0}IjbZiWdk#l zsAYE7`bSc-^xu=_0_h{D=0$XI2BbOHZ3{s(XB6bGFm#}efdaK+E{CD^)giMV`5ub+ zX=j!T-Yd?HF-QxzAVUh092;F_#P}$ifzLnbBx3IGsTeO5&F1hq0RrT_yVU=f#XhjZ zO;oEPDy!+O4`lHdPq6fJiN2e%y_piBe_X5DZ{5`Eh`_aAHUvm1j}Gi2VnSx;MDhT;mcPiE%LD z4U)du1|{wGhwh?Qv1&reXiv#bXIui6QcJ|EGV3D!`Uf@QSxU{0K5GDf5S>BIXBfmJ zMC(|%0PYj-jo+H7%eSrYClBV2eJuNBPfHHnJ`83N91BrSD)|4S&!JXC$i#HxqZWoU zl@ob*#atolQJ1w3IvHt0a-9zu9_zq3@0?q0uR31XXUXTh|M4}$-23TA4v``Z_JY5G z@BA6Ppp)zId0NI>`Q+<)KSrGeM)@uAfnlCTZ-2WFM zIGnFZmE;Q`ofTSO5gPj7AM&93AVjeL2N>=eF>h}`fA0?-(2QYeTmCNCK+pP1C-nU^ zEU0no(Bohi2P}R5t<6^-^nSYZDxifb2_|rSxuP>!S|Z{!2VhjthmUVI`mTX&BKms{ zCN|sjIb~HZUj(O@6g^Q@rl?wLigC;xUuu-}42hg``(t*C4y&-oRR}np-*_l#92py8 zX^G{&<|Qk!)|M%v=2y}XID-O%k?;7n)-s{SUmt2MWye06HF|KakjLzmgblE!uBGlv2u_wWZ_~_FMQiC9vsVddm z!QrPZ+LneR*6>g?y3(ohuo9NEIIqUNVOq8!jFwrF0$9&krD1R!LqP+N!VN>=D=QJsb`5jrGq##2{Ui-hWuq(JEY#a#SgC8F zORtAU!;v8#fm+s1spZA;$IkDERixU2eI;N=nJRufhtHdIoa}3ErJ1S9?PschH^(}O zRh{VB{Vt<%xz;)1D43q3i(OIZN9yWdU)|X2QeFa@aH1M7omUSA)SiXZ;M(baO;0{J zR!3q2Dt`hhKT*mibUa7F<=yezCUnduc-1CqB4x2-8b)zV*+UxoslMtIkA)%CM^XcS zBj~bPMVSHpNJ$~HP#}*)*i?hA4JrbT``(<~Gv`6HwFt9HqU?N#;nSU==dx5mO6_*F zxmqYMposP+^LVO5xWbqije}&GDiPAcv*FPJ3>^wnt*`n${#-rZ7G_E#gou>Z_JY>~${fJX z#0yMe!~EG#wW~zJGgzLO11^>PNOe}IpouH2DYa-e3-OxLA(BI82m_b$tM#2nZ_`TN z^xt~EddE-}-yCA?$tJdFfww&*fifzThLT}tA z&W5puO)g4~hfQq-NGQf~J6~Q=T_|@bRW~iAVpDNJIyu1gf<_ z?Cq0v9ty{J*wtk%L zrH(V$qPY$V;mlgkT3Bxzj;tIxT*u>^A0w8#7Oz4uPk}dh)VJc`T}_2o0gC+4tP?c>qcs?3K*~`u4c2YFxTIzlv!CD$O&GfuLN+*aiMvIW+MrU~? zuK5>aK=}MZ62&Xo+q%t`K{TMN#TgnY6p;dQB$0UXh`d<^l={tWV@Sf4kB0t9q;O~A zm3TEVgJ@nMgR3geVN_Xhop>F!(wIs>Cmml<6kx_*jwx`&A&uy)$4S#Jt(=4kIpb7a z%9Nlgy8Yo4M##}KJ@y~qt!rEP`c>3woNpoW_X-)ix0LxoTWNBwCs0G0m@PY7afJ@H zxotq5VbK-RXCD{a6^2M6(@0wvpdhBB=d6?$xIWXh-oGSR4@^~9bj2zg{Z`sDW<^QX zs(`djo0ZJ>^L~+R$Z1fnYue)Ay9N0+zdyGxO5E$;h=cG`GLi=sxzIQ{UdY*($LG7; z$2Nw${dk0&rXkyInTL&$lh1Fzk=u|&IA#jO1{4pjs^36$kfD?PcbILGcj02iDhD13DZcz(g68m|({x(~eLA3}lFu#lI@Th6qG3Q#Raz7&UhigK4gr*l6n#alQe)nn>0 z9%|vWB{fw?6TTK#^e1QX&k)qcSGW4;w4Y{-0yhzAe2J`93b7mux1;hFBA4#>{&_Yw z#dtjyoRrUP8Qyw9?6c{z*nWz46W#^y{dPY6S|j1Cgu)kUfQyT#G|t(F(b-?WA5j%# zYpxUTd}jGCWs-_s`7aUqujum|JH=ui_+(mw(ocuL=B3G;Y8VmKkq8F~Hi5Ky6)N_W zS8DA5J-g?xPiiN9?6+V6Nz3z@)+~3_aNBQV1AwxXh1k-f3hu~N96_u86;_vrsK|rdRs1{Mm?)h)P)nEV(gdY=@3o zF8_q*E&!J}uuThQ%At-EuW^zk%i)20$f9Ibc^LyZxg-?#Wp6sWvWZwjPxtZnNdiE& z4ufOh-YS{R$l#F4l|Y06Djst+2(NXgH@#Sd1g3TGtsI0-WPMWE=cb(AOL(BQ>Zzrt{=wro8ZyB62{97x}%2l9{gwC}l>E;mq_TMD0 z5Vj<#5RUH^`CgI#?GqG9{(WN-PAPAM8E>p6X@n_H;*cUHA8s}y(O_icAU27&??Wao zz*&lOD?sdMMj^>B)cuI_)7(x()e8M1O4jLptE?bfUtGfc8&F~JxndFyXEpB+D+1nf z+Q*vpJ9e!U5Aq--3#=n3=ketgS(_Rig3MqQu(HF4P2i=0B~%L8;oZEe;lmtX%)mxl zv_P>|wrl5H=+3;?IF@G7*88ma_0On zDf1a72#CGTtz=+Y$e5IXj~<){2%LrfwcmYWr7Lzk7oS!)upXfT$uskn^Ps|GL;JA1 zp94WJg}tfo${t$`Ix*gbx5TX3EcA>r1w&<->q5q&lYpaBc`sz2+(nHSI=&f6&GBym zc~)vIpKe5B$LrJ95l64Ok^eU;)WJ#Wm{~5E-1XNGV$wzk?-mS)f#@XH{P(oIg!EH;sl@xKL75WDBD9D?^t5CQ|S#z_;Q z;6Rarzd8Q2u~JuDwen&S`XNgGjbjp|44l0Jjg&A|Q(j|x2VFL*NQ9Z>o@x1QOpA-qL&h7q?3NX+cx00W24#shZfk~g6)lGJwj_%JBLnl z`oCP*_abc8$pJK~Gl>4pe%d#>P1_?6#=ol^3|&k@oEbe;nruOm5iGWB4oAh`Ty+Tx z$d8l?W~DX9o3UgyHsHBbq*!RX@j186PFC|RaS~?lU&tzmu^uLGZ^hk=q@YA=st6jR zf>YNne9a+)N&V90Vy3;(a%Pn;9OeTg)K%Uzj4HdeA_NqTs8$4ofGT%czLJ!w-3UU> z8K-!k1!52t%@Oz*?s@ewxr;Nnm}2Nj0jNw|oh+PB!~daB{= z8gzO$4rTowfrHwkTiP#bVN>e+1gjDw# zREbc5K&!+P!~aA+u!JCRP7y?2+kHU9eI;afkCfpBLh6cQ-J91Gih-!Nq%+` zYo(Ggjvd-{-Wbv>C?Hmlu*CobKkPx~ASfzROqe$0P6V;@A_U$(cLS^a(q-oOpU zcoWOB?!piNq>=3t4H9sg&W zt5-MHq{8ffn0u$_NWg7fJ9av@ZQHhO+qP}nPIv62W81c^jyve!uU^=D{b%em#=blk zsZo_txl7f2zGuF3e&x~T)Fq-U%S~)5{W3fYo-=Wli|lG)<|BemkcTGB1(qWQ0t_-8Da|TV2hl>kb7b8PM{F zF^Z~-7=@b*?4wCmCXcVG(-Ia2UABNeV03frs8soUIsUHDtup3XHQ0GGc68lIN5B*E zoZsjHY5r?RC$ZyLR+7nS^XW}r;!vnk=+WDE0o|u9*;I%4%^jo$ByR)lxN9D52lEGV zPO?LPM>nIMMm@DdiR}@Y1jgxnTyvEuhq6zUzf@kFSZ}F%lzr)ZoNI|F$HISpFgO-E zt~jEnfGW2ejEQJkXfSMQ^OY^?X@Il~_K+-Cvu8@qd9!B(XcoD~7aI$`+@i2rNjM^a zg-E{45RAdEKkb3~Wqc*?VpU?P<%tvTU(`%C;yK^Zp+ zkTAn=g6I8X`^P*Y-b~6$ghq#=vf_V-=EN7jZK@Q%;Vkd|_!NI?t3tvNCxziX_USX1 z(AjS)@q5_di)tY9yry(a%15y0*?7MA`K=aq(9gtL#Br-;u+^xm#4*?72yZq8wM>s) z8>jBQkWbsqjgCO-T~&j4QCnmF`wF)=0unQ&TSndpSCXC59`q$xFPep%g)Z{HAf(>q z%68Z5FNGL}Ep2DQJ80@r460d-VrX-i%2Ez-8M{Q{e?!(Mmh6+$KRcWImb?MUC0m&3 ztDm0fyQ5`%@3q)J;IkoX<1i&~(=Xtg%P>a>2`6y>=_}=vFg)QygAKT*U7ZG1E1WjT zj8n!Gi;gDaxl7D{f1IH!$5{xvq{wl=K8_649#bsMvPLwG^1f|smwRIIq3s7UVDl%f z5?M4YNh6$06fH@m=*&GOwGw6*^9I)tGmJJ4!;j-QdGA3w9t^S(2fOsMK6Jb_MOVX^ zZ?=Q4X#}|}*p3Tr!EWN4!aO7hs76O&q_JIdp-C9UjQ7H5;zXkp2*0u5wfgM#3g%l8 z=gwTT1O+@Tn<*mC0&BhJNgNenT_95nbh|erw_f)z@Qx}e)R;ZK9|FyCB6i!_JK_0lkWySlv;}oQ6bP zOzXm^fz7gC-7;?lGsWnR?8AyW)}7BphIp^MM6_?(6V#9$-2q6O48&f%Z#oW{!ImQe zd%T4~M;i5uM1Tn==Dk#{_=RBjD-KYt{_|sd z*Gun%_BD6_?P<$9yBRZOskBsM#Uvn5&P!KRCwLQ@r zK(p(gq4RT-Z0q{lFL!W{&LAH=NP(}9!m#xbhX9&_kKLt#m)GN)L5hGsywfYAAN-zH zGZd!_l?y~~&1Ay}DR0XgY0x2635J2E1muiCtVEP$yhya=F~3`I&AG|TR_``W1u^|n zd2?ub1sz@c6BRX{TGFZyjO0_=4d;H4#-dZn^?ko3kQw-)Ysg1xGPL4`mRyjJd>rd3 zQ_7m7N*dPM=K!N@g_}anWgd#L{-G(W=#hsaZ2e1rg`(x;7oZP@RSQ)YujA7FyO&`h zH{j@8;?+jNhdv9_d}dPNqPay%8-?M!*tE+owA0Ih54fjiZaw%kLt)vDwQf)KP7nsV zxBjTdEoedsADOH`lS>%M8sy}_+#8>vbFaErlT05#n;=T@W_TKoq{n+&(@XLJUzo6iX z-!@sy6z?AY5e~yH<}8ufX1nO$Dbp3ikslOF@`s7bz(zcpCo(Bo$r-`Eo4HUyib{D# z(V%zQf;A)Ay6#1|-BL6mr37OFSpqWv`12Kkby9HviWAf3PthJ57==q}%0-c(2Q`}} zLtCmipI+0RHJcMeLyRvq?2ZVP2kp21C0jBiDvrwl;kZrZag`=!w8h3Og8tiSLa15B z>GoWemIc7T)yL2|+-b1>4sxNQrvF&j1+f;f1V@ zOsKrAi{MEUd2!ZL(o&~|w@#D*0#2qc>irGM%y0Bx?s-?t;#SS*u{wqdEPHNuRi#YVzIY7qI;|xx^lx#tS`8o3=mZ)H&VW>6^!;f;zP~% zBHU}opEUKp{r;`}+H4h*dM{?Bw=u8Vlf1h8EdN+6>BC2mE26naofROV#g}O3u+HA5 zpf;v%n5Z(Z>X*^ZbkB8S*)T<|Z7$kd#*lEWPdwSRC{tuC6Kt=cebuIF^g#0RR&`gk zzsbn}Wa+S()vffj75Nbq_TJk^A`h5;5mRm%y9obw>a9FKOeP>~fpMxq$v~}0oS=|*JIS+_AC41La-@(Ay`^-^up zCsBi-8^560A*ZcF+SQ;CzG#e7rAoN;*nd{$=9^3j$R-!d|d{*)IlxUI|qfZtuobTQFmUdWt{F(a_6eb%#65RqZprLnOQsYo=kdRV(7@c!t}lQP`lizKUqWamYXcrUzkd44;i6gyB208af&>E~ zwAZ-YTW@&jd7OyrPm(t?;ctAM<-@CH;vMAM6Pbz-Pa~&^yg4O3qX>aHyoyRhKB?h1 zq6WcW(14W!se^-;kysVUgmfy%&gRun9@j3QHIoHnL*H36*Y+7? z#X$YhT?hmZ;bqN4DVrjsW5qJI`3eH>+;>ZIGn>);tXbXFR&2D6ZQmlCWHyGZ72YJ8 zKHuoNu}|PkCincU&jP`x+$Vqx>>zg8ueA@$N}&8{8dLas#w}I9l&kr zNLt}#qUlI##1>wtX_T~egd1M=La5E``dknk+~;`~bM2H&{x(gbe=SaUF{qBKA0Z@A@VZul69AO5{`QAF3m8Bv|8_ZUqcJ`C92#wv(?$}^%}&L2cSdf2lJ z45Vu+4r4)$?lUCLA7SmF6AHCEcA~%D9iP4t-bRANHhvTF9tk=#bBTEv>U+pU#;71z zw&ec*Ihi~89F5Zvl;rB6L4(BTdC_u?MiR<(;0=uEQ&B4v*)L%s2W}ZhAJ9{8ClZZWFL`l>=uy?-1s=r%dT0>5wrLl06jN`bW zV>z9ahlsMg>pJhRTlY-!vfK;YqIES2rF@v#izWX7Qud-+vqlwciGAu&*(*O2jF}Lr2*~?{<{{^z<6Fu6aaJ10X2MPlr^%&o{PY8!h5?|CJ-|=r6bRsuzNj%U&IU zfZq1!`x}Cj&70rb&JU$$?kL;#wqzaKkEv(w54PL(@4h!8@)zp-&pNN0ow_aC_8ayX zc5Obbn{1nxfT+h3B;6Ey&!f)k{8u^p$gGAxf&V@Jw#yt04i~mi0XM$p<(0=~ic}p1 zLM9#g=>q8@5l73g>`Q1He?@l@;{;^{>c@ypJvJ*~`yk-#y=Q3i%N&no>vHhgrDKL8 zqJ5<>6&8^Mt>g&b*Q(T_Q`-9xKjDBFia0MFtlaTmA! zllgUkLFu%v|6fjOF44=l+MM{hJjQUd_Akn1;@EeOvkCKW|68fOS_mwt#g*rQbHjeV zK65^iWQ$M;SyDTl_Si*FprH#^~r>AUcZ|R2O znQ`oP3?#&Vi}6|$2Emv9wa>Wo{^k=F>S#J$HSa`(Kw9QQM6eczsp2QIo{{3c{6`WB z6DjlQST2c6{1ld7`jpo=v`gLvp>Yij9P!FqiDWfNL;R3-x@0xpu?xw{Or=!30}Jud zpH+S8Afy)>0r2g;r(4Ahs%h#0Z|GVE=n6G7wSqH4aST=MZ#W@<_D!f`Ryo$)F&%}W z$H;T0xiM!qJmWwNnT+jzLh#fo+A>~$Y@k<8>4xY}TCZU!{laF+bl7AK^+{@B6f3CH z=_2$|PulCw!%|ILnUZ@Z`t!SwsyhveQ3EJ(^6S2fOOGXI-dd(!9L?^RCGF=3V!REv zyNWV{DGlpBBTe#VKLLR2eosKK^&(ljF8QZ?ahy$x=QdB4lQ5e0Pi-86$XF%b!ao0r` zsRI75=P71ks#SyQTU~qpg*e}>Ccx~JzH4sdm1ojM^K+E~tG-|*e0p)eefcYW<;Q-$ z|G7KM_-ex~7CChEE~r(z@~|je!`u%=`#S~~b$cqP8>;^)PMCUXtA<{ z+?aaoONL%L{^JBT`qBX~iu!|s3p;(emBj9%uJ4YfZM<&iU0}CfJC}S&fw}gW>6-?yD5hA? z9Sl)PYDv=q#@AsTjIYBdq*F%apAg9GCx*z5^|0ls>kdMQ<17Vl* z0O3`tA*4^Go~V(Hc9dof?p3BE6htWdN4wAN{-Ds#<*;zp4EW>zq>%4;2KuZLgAW9< zh0#Osb$q!qZY&RgYrt^W70K;93Phg&F4sc;bGfF9`OLvENG2rJhnhwbu9aPA`Wu{* zU2q}2F|pT7O2UacDL|&r(;U`cst-hW*D>-R-3Lu;kDPQYX&y6Bw~W7mrp{=?I(A7G z*6{Xd30(>ZvDEil_ejM^=I9m*czL^I=>6p*wb0A)BjM**#dj|;^HQCly95-N7$j$I zk6$G0lq1}unie`y4KsXXBisU;nig#ioi|k5B3m=JnR(s76xta?zR<$PuD%!tuR|wS zc4)ScvuFt{oam$24k(y5hozCRvRL~MfCX_^Jq3jJV@Sv(F4{=p_$R8B@Y=kVA1FdlPkd=Cy)yEaM<#Xe?M!dSiWjVEbFh=oR=2`$ zfoYbi5uDe<=hJ;&w>&?ezAHD1`s_XS2bZBFK^bI@Uulnx#Lv5V5S3Jb>%$6!@4Ghh znZ65DiQ%I@)H+56RF&yQ4s56p$*CKmTSL;pHqsJ5 z;SkF|2akNxm{L;uO1Ty4LYKinuu42q`n_BcR2^h-xhlx5g}F2s6y5YTD)Z}Cp^4gz zR5rvau;l;cfnYlU9!T>34UiL?FzBqv!L&Ffw~oxytN~n6(O=S@NHL@(_#JTX^4^=S zw{KO79YK)_3kHX0I5nv?qC$J(hoZjf6P-*_$={9RDYcb)7m{1ETZFHFyNy$H!qaze-y2| zP_YTjM)3O9>V~e!umg{TgFpUCfJ;0G;4$s~vJbZ}br)-@m8g2T$5eAPqwb?657FIm zYr>pOx}@q&D8>qyWkg#Vx(LYzz#d7M%(&3`XvXM2-}fK!7vWB1mdgd^ujOOR@&~ML zcAwvJqf@v>5PV}XUJAtc<)er1&J|MHEb7>r1iHI^CW|r>9S9I`h$h^1X+MVbTu1@u zr~hNNENki4G`nA7+6GSRrF?hiFjCw42CTJhp%PTP@WMK>3KnnbJa~;^gPn0BJsC|X zEzmdulEIEM$O3z9Mh=obtybMpbeCP3y^pa?D!G6vibLD^+j^d1BQE>)KfHsTd=f18 zIE_ewMZH(w&%zm4%T1*+1M^BYX1cMk;>9iw((O?&_Fz9lFItQr&)^832l#s@b6_~g z$^inCO|G2|<>)`J$ln1=)N3WBvk>`P&44Vhaf{Fi38iHuKr2s<5)Ay`LNo1Os50|O zHY;v233w*Y^OJe?B!iVRHTBwTK zmA^NGgEg3~R2Y;*A`r<8MMQd3G!AtxbqsZ?O1!@RQYPUS1^n^_u@~Mqvg$X-rKL-y zbmHpJ!;aZt+CVzv%2kj#ma*wjsAGpw&>yv8$;7N-B_k0*o)4>H{&Sq_2&N&}jf2OF zklpK51(Ya9C+{brT&YkNrgcq84(CpoVyhkSUrndFlWY2Zb!7KXIXw1h1Bb_YK9qO& z^!ht)8J=EkHcE7G+@t1V7sAU*(7i1PvA^56y1Ul8-B=FpI3rL&olQbDVsDd=A7XE# zf!ocafZP4@;(*&vHj{KEobf=N)n3!)FCs@#h69>zk_trq@7M2BC_i(^qQ3y|JLr9N zCtU@+^Ufg60IMe6lNTvLBK=IHL%$foO0O89qQuvqzZ5CK;vvog_z&`(C;P4^I_!hZ z$RSpAA*j-Y#c;7{sE32pv-rD}yff=C7KH@fOvN5re7aXLHW8I^XolEK6r3aIIMhL_ zGMh#o&x*X@C+%;mRSlKqDXt1_J{{))rQ!6UzMgemd>o2;V~A$+DIDa!jjiM)o~t;w zCI3#?Ur;-q5Rnp%1Stk%@Z3hevU7w27ANRaiLppdra7A< zQfoj_FmotA#t?44N%kq z?xnT4I7E8?mm^P}7ciw4!%&8o67ZF*7J4-?%*4putC!rr+k~4k*HGKmvH}eLx+FjY z=ccd)k9C`jN60Rpij0@7a9Xc8di!xm-W}uZtFb+AB>mwv%M$2#|5T49v&mu%Tt>h4 zhJgOB2Obe7E6^YdzC9DjLMRAf@ZU2PD8h^&z@I09K(IvLY~y<0yNgYb;r}797|`FO zp0H*fK(=N$D-hEW+jJRwqUoUqaJQSMPC1Of*$eu7QQ~jenmt3*mB(yXtak`^9;w&= z%7n=fNt0$H#PRy;x8PvTshKE;^oui`EKKGnf2tWPO2WacQ!-JS{)gXUqAaEV69)}> z$IEyzpzzmlWrdZ^7-|4D^BYOvh|Uw^(hbBT(+%*EX@?e6h+!`Ke+O{04|-UADco4V zdWfb_XD`R)&k^J*Enbo|5cE+qs-odCb;W-NuQsiA0KqE}$G^cV!r0#ysN(zKM$H6= zjDX_;cYI>7!Nnc|4Gi4XY>NY+8Pyj7j`Ajh(vr|2?%j6#k(ba zC@WFH3^Uk$!ql9;icZlhz5_E2O@60N>rp5{XoLYK>|H|ld2kwecm{><|8IFNV<1*m zu0Vk2lEV-DUwbYskPWW^u)m%w3WXiuxp@2kN6(eaQux<%k-}SUio%bPPypRezy@|X zgA&%g1C7y00Kssn`%B@@C4z5}XMt|87lFR%qR%m`gKnq{MEp;^$vn*cRMqjVJY87c zL&3lKBf5W2POiI$jHdpS{P-ch=+s5{s(B;hE$*Z5SQ{NsEv=awz1Z(aa7V?o!#=XP zAsyRx4S4!{ePpxaqsmX=9N$z~BhY==lSzfi08f6~6d_WZpttJa!Kiq6~#i2&7uSbi|wRf0yr4!%wlN!ruNk}oafYD-=WGP4TsraEyW>L&ApPeCY!AJ9(^fwmtc~7zFQ50-Zsz$QYwD9qlzL+#T2}le z2B~J4`{gMB*X^~Nim8!`LE3pZ9N3&+KfaDRse>FYVZ9Cy;^l5FV~kGBuav;IsXx|DTU;9Q5{E2@DwC?YHasUs3g_NRp5gg{G@ywsyC}!5 z0Ta-#UzwGp#I@YqSafQ1%NZzYU+Q>m>(@Bcd_D4#ksTjDsHfn3J(Zn}K;j1|2K;(0 zoRmd^e^KLYgGyZ-IdH1EQ-3XAmR)9PMmS|Po+O)2&3lo?H*g-->Y%1ND%HL9dl?n( zQk_eMy4L+b3q5GJVB20v;Xo-NC!-nK1^XUM_A1F`3TLlgN~k3@9IfAwR_R}prmZ-< zrbUD{CLFfhdiZqYNc$$hpe1C&a{5`7TQXtPU|LmO%2fUH<;^?bdez>B-c$V$vTO=l zECiH!aV0I`tFm0n;3$fYK0>1|Z&qkY#Q-w(^HCt+{WU@1>raBf$LvGF*UMGs*G|Bj z!c3z9LHc+i?aFJ50C>saI`WXDNTo}@#!P=^hWU7hU4Jz;IN z6Ns**$i(f7JUK+|2BdkLTx8{eZQ>|&IdRvF(h5#0*@!Q3=}fiq2Hxb}Zc4*Wdt%5I zzU3qGdvt>U9&eKreZb?xd6-5?!gO9a;35j`%4qEX9_|#sTH_IT9x*H3aXP9B+HSN_ z@MBzLJ+-}yqWcHR)A3|ps2y}VNq3RBIfN)pO}#RyC0msaVX(vAVk={36I+e&9Z@+X z>)gPd7PZkje%}C-EAleO)J8QpB_WgSG-#m#%ZQeM;1W?!Lr!t_kgU)p56RB1*frn)X3{t;gKyy>yqD}qeVFNBRDe$iNuriIk3 z2!wal9DlUv;6!UUFEfHrN=j{(jJ(6aK+uxqT&2hYGu2-NRV#Eu^jCy#iZ#s zC-z5E$;RFd6uf$J4y>9>>Z{3sv@>Xzch!o@5m`31L1nishdEFDII||_DzkKiT;M25$j6sUU@1PpO64vlzYPu9&Hl2ZDBCdK9e{#<5 zf4jbc(*=xM?pLh_^xkO{?4&OcV|(Cm16x)Zl#y0{NZ z-x-j18(0Ib7rlwLQCE|R->kC%_g}>PaS6&n8w^kOh2-knjVInd!Ag3MVZ4a%EB0vA z#1xnA;E>b(Mq2@N8B9gzRJ4R_GI@H?E=+GbRXSM()-zGY?rBWp^v%P zLXC}BZ8SEmY=v}B&qa|$qAX(1V8;GKZoL^QbiLt2(-rQ#FYz1Pxg}z_>y@o!gzs1e z1<%Zx6N#I6PSwQhm5liJR__5K;@p|!*u_|i13_+Mm>y3#Ph>x$9aQ8PRpywHN~zJy zQ8o>4Iy@Gt%!SIwm36IV^0+D1gk?PX?e)#@bwCC$XzUcySV*jA#2W#XEQzR#^cgI z5Ve5Hj(}kT%+uTCUaBbingfv z`fg@EN!q!d;nAtJWv%SHdo{QGk(_SSs;xhNkaA?y;z&%s1l-$guT|%fozTx?72LZf zV9B#TUHukmI^bJ7fa}T%g^^q*n~n+<(cWAk5E(x+3^%320rjAS?~(WHXH%)OT&U+} zA{HQxhLNv4^9y$Sk^)ygo{2)1z(^jG$0#{yCjsz)4tOyIy+{Q3!J}@p5gV)Z$ksEF z&&)2DgI@oE)?zj&%!Yl0q0Sz%4fNv*I$kYrjx3hm$Q3$3oZjfiWJqpO@Y>~3SlTuy zARUMdNC&!GGgVsiqRC1C?smwpI#8ORHYBLfqwf_Ea66rHtPUSU!R5V>_zgAas&54K z3^&NSV{{9^^)xD@IVLCdAE8l|svz0D5W)`_(*~>o^Y7PxBI%Hz!1C{*sf`AHSZ6Y} zROd;?!B@mX2gNk=s4*K|EIZ-pY79@!EQPC1H-FnyS3()6vJUoe?uk5h-?lXAx(NGi z`Lx{fRxuNMq}bb1qYSv$?2J!UQepjY@G$q7n&>vvjYj*Ti989qgW95`$BeCDWgs^? zchrnV2yEpoGjIL2Ht8Jo=iAlG$~YVrN+_6wYs486;eOe_<`LfIu-Byfz(Okn5e=gS z>$yNc<&ZJW()&ts$Zyw9pkrB;_E2)D7y*tulLisnaG%dk&cPw`7$j%~7EF_I&uUmO zlMJ+^8te93PoNMmrvH_nhgN65$#FLtPJYe4K8;{f5tLYXilS+Am+sC(`2B#2zGuLM z8U||k3WS>uZBdH|uv{^`a0=8h&O{sj+v7dF95HKDb|^VgG#n}xx^Pkuc~T1gFeyw` z8jMa|28@u+p&CcaqSVbs#f+HHyLtv=AUxJUeQ2DnX*for;@-&{Q zVBmF)g?nn)s9h5w!5UGDPyj|}(={3ciLW?@F}Z9X01OTIx9A%cd)EQ$Jsn6e3)0cz zDt0^jZwUSB5)eom_OryI+iH0-GtE`)wl#9XFQe>pkk+mCSGQPn;w?PNyeqO6hezPl z81B4JsOm~+0gdF`)-cI&V)xRB8^J$tmRo;l1Zj0?gkjA#tZ>4bf7@fbz} z$`jaY#2pTgi0CVAq{hoU^HtAX-NoitVLZhoA;u&}OsLAQZ^BOm$5Ia_lnUCR7Xp=E zc*0M;JgTOv(TRFDtexUdz2#ENUyPbV?nFrbE;ry|m=Gb35$)|}$l{bnp~-QK!sCLN zMa@k}(*BHLi7DJL`HV2xd(qY&63v|@>)T0JzbM`74)-7hptLiY>O+(gLw1)3Uix9m z15rI)XZvYvuPn($yuAJETdm?9b?al%z8^)G^Ia(0c=s3xK+gv=)ea7+CcdM5t9Xku zLu_D`8*;x!;ZiQQMpNrv$dki4Oy}#7O;61*&GLEj{%Bqjf=$2I{>BzBCFDgPYQB4Q zQO~?BeQc<}jE9ISgCM;pIKkY@scz4B%1F;Jdtq@&$p>OJAXC&hrpecEnqrAJwMt5%b(^J^I625Z1yfOEtFsq`htk3Vj)_!MT5S`9{ z`x5fzG7G6EE?RZ+xMsLKXl}yI{u3vBX90pzJ z#b>a0<%x!1FVwSIN(-87=bj%wPo(Rps4R^RECp6dV4xPgOTl~bvs_`D%nQSZ;SxGdg&>+TO86Lg| zt!mUsA07`og1xh$L|o*KND;Z`X;8#hzRNtNC!(vSSqrsQe7@X&?r?q=ds^P#_DGd^ zJ`POKBljytJ`Xycr;uqk+!vMo0qXCw-Kc-VN}%$DyFdKd|Gf+HjAf$D6|Ybw#7=Ix z3cI<=yZQ_=|7Y=xtDD?Y(%)Ky#I-09ncIL8Zv5;IC(@u3I))`W;|i6;vRy>nsUCXe z{e7K{*upv+opV=`qU)cPNaDXLk(I}MSS-D%D-oa)nf~xowJ0V0EqY?)HQx_VN1_0A zl;`?EtylRHm(JbBFz%AJt)T^eMba{P{CxV|-ZaRB4LARAPf4H=607`ySmY-KR{0%y z$j!GW20S1@%e5&KNLE!GXzra2F}v6Dv-maU#9>#$mJEjQHdR5f5=cCaCa}WnTGZNB z@)ZP1w{)Az1W2VW{&KHF8r!v;y|g;WZLKvK5>fv*P#4h@(&Tl={D|i=?DhObmCaL% zG}aA_ZM9t*_hh%-BR;jMVh|fof=l^BL?4Rz)C+@)g?O}pG)hFviOMhB&NUDGj2bW` z%_=BY^TE#KK$X3Vrb8V$LQ`2pWZZeYVu`@e3>aj`6bx?eTMjEj8ekO0(#MWEDvS8e4 z?n*GQnm7%&D0zx*8d**Z@H-v70U&lbLr^%wL7>+C`-!?>a5&EM5^Al!HEZ-eB~IY3 zXo^4$VDMY&Vj%r6RKg?8SGA5nB3RDy1Mt`yZ{UJSkTmF(@*7!AWsczl%uocKdvve8%s zH5O~nzIN(Q%{0c`XqG-l7+;tJJ0u4ilA%p(sJm94m^QajjlX56o@CI8B*pAc(?814 zp6K5)bW8NlGQ>y}a!05>B|*3|IF1DCt*6+-IWDcem5o(=lh5hE(N=MFQ75GQAus(? zhjhNU-PS`YTUf~AOMCvHzYVXcj9PH#|7#@rTEvAZ%!<>GL#!#ppN8 z@RzyHU21s0dHhU}MWIX(6uwcJdA&H zRbqd0Rhg1+N=lEtRbh8AsRhK+J0(8y`VIH75#9m*mDJQf&I-g4!a|kjZ&}%&R!DmM zI-Qi+`FT)6e!X_O)lTgvLQi4>3XOa@zFa+997RpUC7{=DQV=Tcc>inE1H)N?3@MCr zKPj=p@1PJ(WT{CZHtCk1w|IFrPJyZ$0!AAhx;w2wP)X?iDLnCyD12#QZcX$U>X(a< zRgKpX8%70N!c#&1_tMfX-<^x`kpMp`jRVjGfgiokzVl@bZPu7Rc`<|P%O-e(8~OF! z-W(G)$cI7tPD~ljJK|zKXsqR0S&6J*kVb-hg304e^er8^qTh0)(A||UB#VS zuXkaJoWe%Xur=U?53McYXkO>io1YKG6}|s2C#~i`4EiYfq6U#1Eb1V@JrgeKsjTX9 z-1-8w?F%;2FxqRLi|naunW?13T2e77CcT(f;9+X%?>1ulM?VjorA?BaRVo{hHmY4z zSy3QXpEEKn7`nWDRfmu36z~`0#su#$2Az;rW$PDQuqnd!*hD&2f=H+l<<(N;*c`Ti z@AERApA}W{F!_-s*m!mipVri_$SVyoG`sDYW#f-gBWt~CRd5nYBi7^(?~YnmyM& zZE+F2-ug`^%1d&9g)|%K*$Q{!i_)gcOnFvaNSYo}37B*Edc48$u&vRv*co4t<>%!Q zl4LeUMobA5s>M9oAR8hjBrg()lsfx{w%$T)y2>+MiBAkq~Ee80P4oIb-RA7f% z4p9B#3B3sL_%T+CM%1}ueO zEh_AlP9*tyY#Uv$={brVz4SCFh;TQcvFh{O_2w7bH;GH|2f!-;cfXpDN@mN=X@!1JPTDXb}17v*Z7+<(OK#aPqmo@Ab%t6CPC1pE(e!ULHk;% z3xO$1POYB%e9|fE7^&h_dwUXCPYWiwarMan8A;J$Qfg32K+jVf!`WxGr%!# zAh@hYzwJqUA?R>;+&frRP}_USPg-$&wd%jy#;@9**2{c(ic#2mpB^sbinj0UdwD93 z6&XDp4@;#r8FU8U-0+@tu&1WDC;+^vE%YE_N) zM)@*D*P~cXT)0%m;_;bwA?74IttvBK7^V&(J(RL#4`R(pSU_X2YG9Zt;O$-hWeb-F z8#Iz$Doc!oE#K&g_hagS!o2GEtp4}_kwIUo+Dy%vS&AwVIe$0#z^h>*pGGCeK~v?8 zHi^=>s@j*I>>w$XEDGJhN-8uGzcXw{t*UbgK6+TG0P(BxM4L8S#>VL)?t)sY%pwuw zJ$BfIQj_|0d(FPBM&O1((#-l(T;plqrQP}ROFkvCvV0n89G^Zvc31}#n_xmJO_{g6 z=KNchsp9-gR_eL%I+c2}+f-?jtC0QjNx|-%^EWQKbZCsq-t>}{lT(4l%=>orU$}l= z8D$6?&}8aIvBN%!HNm9bTeL~b*W z6{?sDSvVJF<}@ifvC-(SRW*_OJs6iB;MZ*7&$iTz>vJHk{r7mZl@!Fr^%J#_2MENr zDq36JRdojFaR)p67LX+vMH;~xAbyz|!(pp^?qz_Gv1W|a(qJHJ5;u>V(neyof%LPV z+E{nB3?B%%GS?q)mls|(&vTvQ{JtqEuK9}f;jM3AxpY%g$MU>?guTX0CDY%qBJX1I zT*dLqE#;%iNU!3-!OeaVE!5md#}!cN;I*oUa;YI%>nkx~NyJw>V@ek-U(05bra^N> z|EIy)?HlxLe(Lrlr8Rmuy(zT~ z7=IwI6_aXw`c~SEOXvqkwf9VYP0 zy3vW&u=`i=gzMe@;|s{}GP``bg>?BrkhQ76s0bUrqgmt=rD*v{8cfD)c_S!Z2CW`7#eSgzbfXyg0U3{+jD6Hq|RGs zPt66k>%u-rS!m@v!1?vS_^u+^_~R2*LjLNIOFivTXlG{=%TKVj&xh`9bdR<>NK$ zmng0LI0m?6Y`oSf>7<*Ok))@{OTG2ZXK1BNQ}U$!N7(%DmV3rI8?!W6I8DrlTRuDP zqEfEP3%B0?gf;xEeEX0vul8;Kd>6B}A87B=r78BeN};pSwQ06-o7cjg^QP^6YjPUL zmGOF9ZlZxVnm92kX|7zr^D-$`TQ(`Hn#^0G zoX}|$cQ#Ao)kODAt#K@Swlcz`>YlYCUi`?>V62N){skL%DNu{mNj$uDoOj2>(f!1t z)#p{IrT$bOG3{(4ZziHULAh)`MruJ@{>Ltla~`G(^#pKbLsw}6?+v?FA*JmG8Hxdo z>4FxCZL&M~g|+{-%zpNU$oXKEb&`|OL02-bd!1f#>P<`5rT*}bXX<$SujEY=3l!RA z6#6@5J_`)yWfgZN6+Sa0&YbPWC_FL!&I!BBsiPhj%x~&$Yj!%W51p_zuOxnq&OSDE zvgZdGq&I$p(71M;R&R<$*l^lJLaV2voK7RoXZc!lqH1|UgOvZ{{0$+!%xYI`13BV^*u#X|8+p+iqWB@CqPKZuuC!gzrCZ-L2bah4y!2ZrPB){bECec>ZPU zSVz!9e^eSjupBqA)E>;UrAW&GHwoYGJXqHiA3|VHZ)r5LcPwsn?5_cP7!i>J0(%PR z6W7%@keIB+w#c~v&5kZ7>*CTF$R-RdeFL}S*OAadkwnq2%xoe%A4z+9Y(eu~WXT$N zQ7s5rx++8dtvJ^xc~%3L7zLBOdif(-K8hpXu_7OxHjI}H>)K!+R@x>jclER?ef&~@ zPeDq`>$Qt*A@1uON?81dLIb>#<=DRaa#sYLNhnaSc>fO9(%Q`L(UK#U1zWMi^IB2V#V5!2BW~ z<;_LXZ>9V)(h``~pHmuTUf+Aow3L~%+>R3;j>L~4+RcZtEw+DBB3h)Ik2E9ATuZPx zr!CwtFwE+E!Z#=Fi*{2#xOHLXvxu5|bpo7W&HF+fRFV?849rnSY1qhXOkA(70&WGx zj4!_wk(QOv>p-r%NuJKpd4HWk!KW+ZpUK$(@87pqoo~AyaRH-o0Swq*`s|<6IRU4$ zJwEK53gc`jvd@1F*3aZ!{u<`%Wm=JPor;CGGxlWygPmO*in<>?+`juPAtfn?E@PTh%LROq>&ow@7MD0#I%j^V zwZ_<0KG0dMX!+O199E2VYWlq06km_%+(b#KGlRyp#Pm^1$ZA>7=Jg9pBBZRF^`$ zF!&@=T0Xa_ScsWzp!d!ze-ESZszn~8sS5Nfb#H(Fd|$%Ty3vG>AmQ{}O1MG{KhGUN z{Dm2Al{>iCDe_S@(+9{}Rr7ruZT3kYpv1#7OF7?>;UC3q zq5V;6T%qe!4QSqg(%Y6iD-wlJn{0UHvdr^=<=5}%z8qAKZzXY4^{_f=+VCIGG{pRk zT1g`YvBmgXuy?VX^MKd#^YpAgij05}^&@Q)d4oxMR{V3M5HuhKq7|7DxQLn%ERz_~ zHoi|V1x!4P?Dni2nzz*pghUSYWyl-`Zv8va2}~#iV40N8;wFxHyI|oH2rxRFr#2I! z`FJ0t4MbN6gP|f&IDyZu-irOLrkBHTxP{HnRTxE6O5vn^QdBHD2EYP{qORLijGY2! zHH5$-G_Wmn8OtzW!4%7oIa1-*@cWtw{%&896ezi3@*=5FVob{jKYQeb;Pc@A**M-i3U>7CC-et1Cx{ST=uQ|h^uY0HF>jpM7V9IEi@2=%KSks3K%AQNrF>^g@shD z%PnwEQNvM#U`8Uf6QSL#E=g@T*S$ z*atqXd@)fQaHO6A8l<|Vifj|>s)<8%upu1U{6)L7f@g5;BTdm44>uYooBpqKRWQn( zUgUOvgzP^i2M0poMnW{12!a6NDv2d46@|uR^fvSGwSxbTwYLn4vr)5lNeHgNC1`MW zcW)$U;}YE6-64VC?!n#NoghJiJHg!{IGl&~-Lq%Ud^6wKRp(IERCiVX?0Rll*IIW& zy^)<{ELw$`yQDcZw~VsApQ^j8^dgsFMfH)cglavWk8%4()Aw{WJW)>Y89K5pN)+So z=i46tl{1Cq41U)fl|@VQfbTd5S;>i$l&1xl^el+fIlEId;@*m+$vnU^j0fHO4p@dU zc8UXUl}&+VnC`zW!#sdx*mMf=bRTh_7#Hc=e{&gzBl5X*4+22@MW7Hx-!*;gSZ0Ci z4QA3Fl)zyyB1XhsT(BeQ{PF}SH#ADVD)Ak(T}uSO4&%rL#<>-;1t6yM$N*yM+t)54 zOz)RgO`J~H2kM+d{+8X}m>e!_tf6k|TI?_%3V@A5;SkIIuia(*n{QaG1ZZ(#9Dc?v ziGk61HP#hjQp@D#G?+xq)!-8?;;tbUdGocP4s;e}Y7l64dF-Cf&aL_dfHq)Q7#MP0 zz3s*3%G6^oFv&FTj^{!^pqkiKCleJHog*Sl|GF7CY2&yExLD64PF@*bY>!`tvT;gX zK5>`v%XGsCv3UUHbh==eUPrO7($a0SgRpk-VB)?!YKlj$6r?KxDuJXt( zfqpK2j+>SF)+(zZ$jTx10?(;O^ux&;qt^M$&^`4}Fp!{RSnvr@F;fZ!3X1Wq%{V}m z{&IWsn|fp;AHtK|3X@=V%1w6R-+lj0V@+bP8Y)RPlI+ChsQH!}lQvEoT$3ln^|KOI zKBpJloP7FqCY|+s2K$oPii5^Xww8s&9F}6z&ksZM>t6lxJ@*Q0g_1Q{uqxepe#+oM&U!$|1Zjt+fj!b{njM*h8#&Z>=`(-Rz$t7 z<{xZ@97q@e-xlvQ`E61D-fUiH{GXbI(IHGq&G{uma$l|X`P8fNzq*4=|L+GCKzEQo z3Umi|(+WgF-VoPsreS{9PQ$3CW7+5_LDW{@AsWoi$PAXn01bj_(9cETEc{v*4mqH> zE9rB#oz;j$mLNJF&U|ipZ|)70_p2Zi`!TffWoAiQ-5TSkNP$?|Pn*=2dfKerZ^q2i zF*d#+W>nK~%Ov!@1Bi%8bxzymxBt04T)>TMjvUa;bX*zJuF@stI*9$rH3||Ankg?( z;#CK!ezoJ`-t@F{a`0j}a-vSWA%3MRGFAo?udLv(yomBklLroZly_P{HEG^l+;N=a zqZIu&qhqEkmFbxIkxjQ`DJgVX^0*6Hml#D3oewbRy6|;6P`M}2PK1Ny)al?rm*6#h zVl0fENpS{G=yFczZ;cA5yWT|A;6DE@WdUL14>(`~n1aN5^x|rg83$s!7?(l|WZ8C} zionB??^7v@(KI{&-Ar>NhF84pqh3@SsOsXw4n(V2g&6_xylN;RdKA{lepWJUg^OOvvY6@RtfA^ojd7QvbaH;G|D z^zSbxsQhoq+Ek+b(%L3|`FDaKwcwKd6fjZW%D#u?ko^1|^fvb=nw!(qJHjPC{}>8* zF9TMn*Yrk5C=p1yw!-rLW29Pb;t3Cb2n1-pava!NqtEf|kgMI;OjHoPQSGM;mYi;Y zf#0CFmVMb0ii!mzd(aLo>|0{ei07(;uG=ueseJPRWcLJ~uuV95T?p!TP@S+DTDF(y z-K=PqZU<0mDHP*?3LN84+ABiEGC}4rnVT%8&mQ;r&^eCS%)0G>(wS#pM|7x}>dV>z z8g!LD1pa3TeCR5qBsCxQ)X!ZYB5*0(z^vuls7ayUU_#h7>39BWDa2H8Q3|>!I2f`-ZA_kbFawY#4T9$CzG0oc*`OQgw!UF@o!2ba$9f?a+VlsW^=LmK%>2N9bk z@^eg7;^KQz{6J1zoNPrJk5)hOuF?`C&dF${-YHzoqf+gM1-*Oi_k8{rl-W8f6evqg z1Gy2Op47x8)vR>45f0ORNM#E|W2o$lfMkH1u>H<|i!o1MHiTQkihW#1eV z%f5+lodjr)45x4=D7FH>6Vwn?=l`TVa70w5>ZrdH>~#tccG?*c{kybB-ja)=4M2MY z+u(;-IZ86L8lypfHh?IIV1k$u!traaeUt1nSo=zQ*mJ;J@4TgH7M8a0i^Wghf~If> z@}0yqfR;fxHbNxksRC;Ng_;9O`e&{uvabHq!iVq-3f%Dh{%VJ^D>K3JUzrVA6_8pW zf;T0Z(X1(A7#l&7BC}V_-Kt%(<3~6#TmqE2D^n4+)b_|w^x;9P!>BkBtxB}{@C?Ni znP(QVp{A6LdN+(4K!KhgJ^ZK=zVe^4*f=1I70+(H%3?$w0{fF{T9}7V0g`F9dkP+% zvG=<6GEfobsuW~M-Kx0JDwq~>K)BJ@4~w02zw*mqF})Y}zVYQQb*>4qz8QVThK?6x z(leF{cacrMpZx>ryUhQhf?ZAjzp7wv&a!3$A}BA<7Z*ptNf0)ErPHNoG*<>(+WV<+ zHcp>5^H6`xl%h+51N`pkKy6CF;ZxQnf*oz0oS*a+y`9}|2(J0O8-Wuy=jlZurk|h2 zhR*C0S-bnb-Ygv^UV9Wm`O$E_1LnQQIt9Ovv2Y!B;^1gr>I4RIl@JyUCE^b|^zCi} z(z!FulnwnnyWqe-28U&PD1r8OUCws}Ef@Dg%me3F?+4E3;TS_a1w*iV>3g^czisZL z4xBsv%Wvz4@>HGvV}zHp76+Y5uFIyu$61L5L>I{KHIzpwA0WJU_jp}V@5hjWIxaJ= zGp6XqG-4B85s9)GeGt_@5ecs<8qS1QL?Q+cKqRECbqH4OzXDI86D}BFBh2?#kRJ-L z5rzt}lLt1!NUs~=tU}D!jWEmO)Rq<0f1maQ)L*B)t>9qAW_|s?r@dHOtk-GJVW8*l zY45QbnD&N9ED0LuJL!UUlc7%i4*nae2UbF9nvsBMPrac{4tNQx2hQFJmkC>v(`nfpLMGCmq9)Qy z{^N09Wz`%oS6LT{>QMH0Vbc>0^&!p|ePHKz&|i*m#~v|m9>|u1 z{wO0qO?9sC9@~#~fy?f`J~R?;awBHzW1$QmH}ejR5yCI2^pJg&H!4oF$UFZFQAchH zJj@$}voQpNy8&renyBTqM9_E_nN#Z28i0n?qK&p?rp`5J+|T~=!OypgnT%YAXY(q( zDy+;ArJ;w6*h8y)^8X?1#k>)29dv5|Nz&nFdftEH1_bi)yiqmb`eagb6f|oLs~3Q( z4J7g%ArqSX{rHDAVS4TlvxnrOAz-WZ+@Ey-gp@$?M6NrXl@F?PjNjhDJZfG<(;Dt4}XG!smbE;n{OuI)5l~BIW z7m1mJr#KCAl~`~y#vszG6dQ*;1I1wxRU1e~>YgdURwa55El$`)lhRj2SE70}&a@o0 z1E)&RjeQyTRe>PrtHQZS!5wp3iurpAk$$lvf}ZfJ6NMNZS`nA_sUtkbNy}7@_a%^! ztgtU=k+#CuYr;j(xqRk6h})oWU~zigDO&XWFF;_?^Bi08JyFQbJi~0S?MXWmVec8i z$t{1QY|m#Z#E_cz(4x4of!Qt`IKwEu?;VsR*BK=A8MN2$PZYdelRJ3D)(A3Boj*L< zVG1L#Ld!G5%bWvKqF`GehB{o-3AbDDwW*_a9(=c8AxjOgv+}sgnsr;_$WmKPE;#{} z@TC}~6vp>rwyTovhg|qzPU2jj)Lv@wD{Q2QK1RnFqX`S2hKUuN&CmpUVR6yVq!wMz zL&i?#Y75uywkQ0>JgV2Ewj-FMqHd2HG1W|eCaR{qnY!u1QN0vbiae_2#2 zWFp8F&5<~!4s?Vs$X zr+$hXvog$P{h|5u_wxCJq_pE^l;FJ2Hw2UC^Z7rU0cZWODczto^bR-6JDrmYa%SJ( zDtu?N7k*aVJP->(&KNaFhgU-!Wsb?JS~JTbmtVp4PZ9EMt^y<>!u=f$Ho=^;z>R># zr6Tz_aF9mca%_L8lW|?QH}|;K%s0dyG9t@fC99D|G}BVjl6Qf1zpUQeo(7Rqh-ssN zwxw5N!b~vYP-l0wZ7mFA9-*U;mnzHAjRL=eD)!k0cdtwmV&Cq0>ne;HI~^c_Sadly ziub)WqKoQq#D{(4nl`3)a4e&QOoxgZ{NcFtIP)Lo2yu%u&B~$@h1o*377v(dS}qGh zY?g?3m6FBD7}cPH(*nvJFjr)4K(S%`tZu7r3VY53Mf3yO92-^U?vh~lz%TJ^arw&( zTO`riKZ`P29_Gx9j(T)$(q(n;hNj`b+rRg`d-5F$2^X+!$%CCR!jSaOcj}-!H|pi9 zd!TxsqU95(KexggHi1{GB6jO5Mj+unTm!&7uLoG3TC zm^|JHDk!+BBs)mxCi8T2U3t3vnLRQJuvM=4eTr?g*mm@ul<``Liu}8n(A2p%v6W}! zAmx3rIa<61Z4ee_ycul4GohZ29;Kp4Ez5EH*P4oDP8e_6xvqn!n=GGSo~2-vqD0gbqi+e70>EvF#mxX%-{7Ck^I-(T;`UyY7uM(}z5(NTM>TRs7) zj;S*%A6~-`8`Kvg;EbHLU|*g~pV+idRJgjYl=qlgBgW8!yzI-o<05BntFP^lQpuw! z+Aw~A1c(WGL1HApUdYD$SD|5@movY`1eL34X%>E#(yBaFkXd%45}e|O%meq#;xJaG zUDJdpHy`gl_5yai%`anWwN1z<$y>VqJqGDmyo?KyS@BrvU*GxT$ik@9E;P&QlCjD| zi(7T)@=44)2x`s9o%m*a>Q_Q@JK1e60a$N|BgA*!OVpII$lyvHTE%MB!dIpK8S&U- zT@m3`(D}0P=g{fAC%zoIj+A&o&c?;!U?FZWER?@@C96tJx|@gfbM#KI5fNye_FV=!i4< z6aEzV=jltz0#OW|A)5KHIb5C!PcUjm{!jj4{Z)sq@%|4#^PgUXA3q~rUtXjiB0g(P zJ(WNow-C|ZPZc#W#XC6Y?db}x+c|u5|9lU7*)lPPeE3Y5jI2+X{4WLg zvTK^n8gEcyrji~XtK=8)kD40XBWNLGdAl;TU;*PR>RkCd)(dJ;9ki`i_2Ugw*>~c9 zsvlrwLo@iAynKc*@eA#QekIj64^qbtcTac4yz(IcFdX^&6&M!9DR6`rZ8F3uut$Cc zhAW%lUV-616tXJ5=>HuUuIDFt1%@}#C1&n|{((rW$p3{%yukefk??l`5DCH}0Fltl zM%87+XhXjcr)xZvz~2P_6On+(p`EO503SqqE&Zo=h5Rq?N~t>FU8(&b9wx|Pp{aUF z?HZ|b#2YoD8US0y&dgi8u7f>AZFjwJULJwVLIDdGxrhAgqfn0w6kO8~0s+Bo8e3I@ z9~><`w3?dq)uJ$8TWx0z zeJg9#Gb%`U-F%_$(hpQ_34i%mUR&*hhSyeGxf63>)-L$9)jnwL5o6c=-&$=M@UKB0 zM9jbSkM#PS(H-^j|4*Euy-%B5HNJ=K#sJzf3> zuJ~i(?SKK7r;0Gv!{k*ru}ho zgRtR#1b)9iC02P+%w!V`xyTa-dg=Q$5|x*K5oT0gEK^mUP+uQWSNhPgN>hdfJ+XQ~(nr%Ut)jhLW9ZC+V>lGJk^~#be8wo4p9#LE-?S)87*vo4! z8kd5@Uc09hYpPstM2ZJkM2_@k0RhA7d1{*wp6Hato7V7{mXx9l|J0PiIQtM5xh%~x zk}B`r9QT@eYRd||(sCY?IZgc;N9`z0uyd?OiEx5SVBG~9`BT)- zzf8wH`BNKr-@C=ry)8;?9q_kk{;I%WHL**9tw1kX|6%50)HDY8Iy-vFHg9EO=zmxENC$feN>FVF5gKCEj zu?+R{XZ}DS`O!}tC-Mi8|G>*AV*tvt&%>VQcrxwf$}U~LK0!qa zNYmnqyW~>i;6lSBaa-lf?%pP_$UC?)vp=?i1F+XUwAx!tSV}MA#9beWs^}hk!}V!a++L zr9+H=s%`9BfZA508;8R8{N3m9u0-aP!rTMI8k-=|&e!A;4^ZMB9IEoYP+OC6Y&!A@ zMo1fs?%jElMmtE9`4ci46qu9otFdKexFc~T-INMd@x!p)n0iB>$5Vsj+)|99rwmf; zRy)HnniFthcZ)mtx&PM8im9*r2gnHjba+}FhX;TBd^BK z*gK}vWnQWey5v>u`;&pu;^BfXVDv;cS}DgrXMofBS%a*XSHK4%6#Fw8kx&&(*NB0m z#*0sb@0V>Nn;XH%nHMUK7u4_<<@pETIOC7mte(l6noI98FV}4I+F(IYzpR5yY<$tv z0c8%7_SWs;!IoLdm7DdRT_Uuc;&wguYI3$Gd0olwk3c?nEgG8W%zRPG}*>pVXz zA^M;8z8|@zp`RHRtO6^RR>=PpAvMs@sKRiFRV>y97sOlmi@nzxDkE%;zc2_3J|8sr z3iT)KLYInwM$Kq`l4rZ=yaWnop;uHyZLt1B-Zt5ZmuDn6~O&8y}t zwQ}Ql9jSCVy;kIBW^&7LDGfoRg!l%h7Ik}WXBol$?uGbNbfeZ=e(u#Ql$2OeOv~pbrcszu+&m`EfDXi#pZqNvGA5T1m=#bZ5bm)*z ziOZ19Dd{+8ADDrEq-DroXGnl6-6a1~`O1(r(6K^oov>fs3W}NE`4(O)<J(Q0@azf>{1D#z59b1QC=48$)FbJ{nxiHnjD(6= zP_?4ZsWb1>=k8Idj;|kAONBN3dNk1W6?>k!<@Wb$;#Q{bTt=4|E%@E{yWwaom4 zrG!ax**J!2f3Pg{P07MkUBC2Ab|7mtW;K&Rx9W&dYxS?9zI6KfPJ48qtiRlx8mI9> zoUQF056tncKYMV=_o*A2d-SJb+6UipwW^1HpbX}&a2_d!xSEU@c~>>?@cg+UWAV0$ zDkoiy^CRu2n?vCkz6I09@TV{Ih2OHRoOmEu+k+iEU^C58pt@OMGxsUqja%XKp~GEU zfDrUJB93h222Y|_NLnA{s(JC=eiqa`kEPerz^f?gQ<8<>PJ!?MD~zcIa~XGnj}kcU zWov~euU6{albX?}o}Z3-E)MODvvlT(S)(o!ko3!xa?MTj7Lpv!^Upyy`Sa*YF3&f$ z;ms*i7))z>U0%d)6DI*?S|JsZh+kohO?v7#CLdZCWSAxjNo4MBis(9=7wNYp30N&? z`CDSB6*mpYFOGmw+fm zNnzB+ex*wYO-598s)b8MLzzLu zF&xLp`o~yf*+ud6L?P+?COCqEzmf{>FxNp&O*Gh-{N{wr03RVyI!GHOnz1p9XV;Xy zk9W05;~I_e%+0(rp+JW2xmP6ZJb|B~=w90xdDBw`LQLzc8iLlJ-x>>%8xHkyui5-Y z$T?jcA*;8+`Vjl8xIEMD3v6L6*(TfOSFY&DrglbMgyySYH)ScNw_XXmWmM*6sZMP^ z+K%~i@fdYg=LOb5g)>S{mXmtYo(o4iTVcQvy&p2q4Ib6(`=`TL_$>GVuXcuz;CV1Q z$9D|(k8@@9?$a>;z$9+zuHUHDu?DgHUv0K7y$GF6StWj(9_-0BVwyyZAxR#sCL3-U zQ(V-2&-jZO!}5A7`zq9);LCx#gwwXR&d{8LuCo|24S+TDP=&$y#(svE#MWYMU8zEZ z+OQCt_|B-p38CshQgu@8OoA>MEib@$b@!X{s@10ldHf{iQ~53N$UcI0aw6)pgy0xZ z(gCEF@Xs1ba=Jll@;@cx{W&9}jJhMc*Q#hwcmglDaY-SDrrs4xDG1G^*+7oPrizp1 zTP3pAsa3;R@I735`Z+%r54S+*w*;l#`6(s}J8g+ZblEA-=E>@o{ph(*AeUN3<-<8D z>Y2RTj)mHa2Xe<-)6#8B`g=wmOzUfwPbfdh3FBe(Ep4J*Lvxy+0^w}=7JZ@>v58uG zj%Mrj0Y3!CXxQ_SeZ};93mfOkEP(JBxN`Ll+CM!Cx{C+=5O?vKzz3!$olxNQFO$Ol zsYNQsL%qs4G~NY3~)r@shcT79;fH2 zhbh7q$IG<{CEh`9{YT&1O6{qJOK&#l&>h>*iAV9j6DuABCQ&GLlz}@6G<{BTqFn{R zcryDbZ{XfvX%3@Csucpj)AL@bM-!Y%_xKplMk%iwk!fHaHT9MHFnpzR=dRR+=@cVW0mv&eCFOz?M*X!huy!_YXPY*}< z|I6ghF}eIsodMOXUC0j#GE)^XNP~rGIQ7lxZv-3+zx5xhu1WRye5$Kj)d1-5{eJ@= z6NEyujVD$B@G-^d-vl3rdwOSOdPM>7G2zQ806xmL{ZHWI@I>z``1pbU8$AexaAv%_ z^evAYSQw^Kdha(FiQpA{Z1#8sABSgq=O?fK0v|OzlZ)!S|7Y;A(j1pQy#wt(CV$Co zLBK2FI@(8b7qR)q@SN>hfju__CcQM4^>S3E)d+?*9;?(+i;jxUT!Sp8#8!V%oF?h= zFLUGm9$f;R8`PT5<>-j5EDE*HCA@5?1`_*_w1;6)>u%HtT<;cFAa!Ba25|#Ubw7uQ zRkc5=R$J}7fh%3}DRl+}CF_TetQwg;^hsdk?mompnES8QOn;k<&lr~&b_zQ2Lagl_ z`h3gHn0X|NY5bsHBEqD>onE6i6Xx9+Y-ZM-(CfT{QmVE~p1;)FiN;JPbtkx?jwS_lyc zNWKV5Fom7Vho&&IFWpdz)D!JiFV0CncuP~j;2A_{&Dk+BU}ah|)!td=p$Icu%m(9z zr7{aCUz0{i|I1r@eCBXCxc_jk8LCzJy^5>2(&Rvhdyn&zeN)byNSlnh=wu}l8}dnO zI#!+$R5W<#FaM!}^hPpgC~+gDzoiF^NW@pr`(Bj#WJL?`X(r}FDCUq{Y)oB%=3|@= z|GH9W{ERlB+ekAwrJ-`?+=ZfSv%EylwLhN8yIc$N391DiJt#zds!Ri z!yEP`X1ki7%EQLm=E6y3dEbFkMcrNJg8e})*0g8|Sc>XPAD~8+(NfsV^vvCH!0YbZ z^niCah?Z2HYozYjUi4HS1o-SwQmZrW9{38y#kev?z{y!Pt@oYVoNoPf9zh3<9N9dA z4C>E2dbF_z1-{?wo^92pq+?hbytTFLb}e}1Lek|b#y?mx2Ri;ZC88dU5Pbgpz|4?* z_rq{03ZVyE#w4W1TmE*VeA~5oB&qMwU-`UCYXq_e>JY*ReO7Uhqil+DscKAL(;DoE zKSrrK^M_O5eDy8}2O9HXu?2HgJqvZp+%{K0u9pqPk33v$e|Qh)Vw=wv%*yg1*{iIb zz(8yEgantd94gT1!#puQ3tGmOd#aey>~Of}uWtruBB9h7>}b#3=$!QmD2M;_tbf}O6bMDaA ziC%6@HG*feJ&XHx8<NUdbd7!d?S79f@d+4&JSbHhrQ$XL_kb|*X>=@jwbIa zMJq0Ck&_R%oFQkimDpe+J3c*?UcQ6;!DgbJIe9!=AQ|MOk&laPs!^Q=UBmA{Hr1Wf zgwdN>Qj^MJ$WwOAEgvlj1(|xx5*y`faLGyGZ(G%uE`UVeg4?(EPR7>8HF>3<-?Lep zH2c*2dB0VcY%ar_AXp`9>z>VHR$66BoRC3vn7Im2(2Oy8aaHnWi}i2P2)jPUPV!#Z z*_W;0R|wk(=%FM`-&P;sN|ksfX1)*8aTJGd$s-5lLo$A)>Vu1#r>Ey2PUrXf9N*r_ z9TrhZjRNsEvW$}RNjBTco1D9)_lPLo|ErEdi@0Hj<_{D;Lc$K%o*K9}y(uVLOWSofKTleQX6 zr$L~ex}hadoKGNJTo4x*_n#5e{LGNJ&EegRru3zOyYBQ)ge$#L)ZgNJq^P^3sFxa< z3ek6*deT2-$$cuMu0@|&OFeFM$@vX6!z$uNl@I=!zGynXOof>~;R&+d(npkg+_Mr0pj2+{5iZTR z49!{fnXuMjsUXT%QgP-j+F3pYR1}m5kzZ9(DR1V|?7Cm!5L|(kx9x|nsS9r2TD|smx%ei0k!dqak zu~d0se;ROOry%Id3k+k5cZp+)Z=gWTcb?eAmJSEOw8|fe+3?Ep%zGP9V(m0$IGtf9 z-ihZtV~?06Jd18#CJ&)t6$3BiTqQ2Fc<20N$tc?SJc)WlUJ|iOMZ(u=C6+psYpM(9LlF-+IQge z?1#ZdcQc~-OU`;Hg6phzIqT!tA@2J+2AKHH@n|Q*D#W#&MN%bFe7ZmCoq4TSoP9Dt zIj88lHE97?;?2!T`5E8+V=9W;V_xL7Eg1${L-B`ji%!!(pI8XrT@J1(O6!RWJ&wqdV%Ng*^JV~+fTi8IGaA_+nPrHeEFr#OjXn|hCx}plN<|f zFqLH*qe-!ZYT_`uDcaShOd|~zUVeVR^BN5cF4viSxcL0?`K8o{PVz=S8=eS#??kVu4L5u2?-#gfKaPGa#6s}57Th)>#a+qXcCZgFpelWYU){o zU)*33tafMXu|o?4!H&!h1vHNK;H_9))pVCRNorN^M8$>OJp-HQkWb!m;OAfS- zT*uK%6r-Ct%;{y zrdrE>$k&9`A1n$n^&Qs8S}h7Yh3z!zM`zJ z5f+Y)HF~=>2zDZG&qQ?>68TGpUhe+b9VO)LAB}^#FnsWFJvZPaYPkH&`r>@Cs?c#5 zfN-0U=a1^|{~N;bs+s;|8Oz=#oV`&zg}0%Ic5BViAvE|71@Y`ix^FIM0ByEL4g z>YtCcTTU5wvZlmdqYN}|*@Wu}Ym~(s{U)a!M4Iuv6|*>2*9d zR(3pJjs)6vdbppB&b_#tZKNgX`99g&o#CKYZIDwxAAi1Ty&fRJL&%}$ywha+<#g+?tadCsd?GpZcj4if5?3AdDy(l4J;^#ssmUUIxezpwVw1j z(w_XcK=~99L+HTa;%_4sDMT+iC9{osPwR%U{guDX`ehpU3QO=Vsue_yQMZW_>&OD| z5ke$tN@%VP2X#0=OrgDo;*&Q(6eA+G9k(zLgv=yCTb|rs^V+jbKQ*vU)w+~UGr%F1ewXV}I4<}0`u~}=8 z13Me=*Ya!n>r9u~36a@d%eGaYt19OOxQNsuaCxH3$nbmekuM|bqQb^%eSfSiE(n#2 zBld^2rZid(T)~stNa}U*VEhu>+o$Jz=uiu4HJ1$Vk>IszX-ULtFWanEgNxa;eXj+> zLj8o;3>61^2SV}VWl4)sUyYU~Y(299r^bcMN`p3(hO-288|`;Z38ii781^6zP2E@+ zs-iN*reVBe>f3P>L60_4PLRg=@fZ4}QaWm)Oqtab?eab&!Ki(Dxva}A6Nxahn0PiC zH7M^-7e*8?v7nQ-&TpM%kp!oT=DZDGwshW%e4I}yc~?T~OLMB&4xf;90Yuzvr@k3X zPzs-fz2YbzS4sqT6!6frhc#jwkeh;3IS8`7oa<$!J1Q8oYDP_>@~#4C;Y;}__!avp zf%A#va#2!qb;)k!eI;ip>hCINEToS{LwOU8$S=H-RJmJd3i>MgH+xo#N8T65G5W;M zR&Gci=B%ittroIhnva((5XcS3iiJ0}=Q^PXO|-4_wXn_N@hFYwRJ3Fb5+xL`p&S+s zP|28>c?wRy^S;{^K%YKI8CO5rEM(&Gf3E(HYqy<=jb)0ET}%9x4T#MN*~lEq40wrE)a5AWwXjfI2t0I2jC_tLe$-Q1(aMc@3-4bU}oP-dzcwd-EgfkFU?4jDSOa@B7|LTi>Up%B0SY zyXzy3iy<*=%@3Sc)6WJYXQId4p;@acYj=0W zwaq9LZn9$=;gYbWEg+*+eXrkrJGGvX zG-e<6mPu4e_=Fv*nSI}Y7*HnBVsgHqDIU!~Vw1Ym^haYDzh;R+Ud}Jpe*7>aP{qXHR0Ur(o*!gn<8L8Jh?+~ob z9=?t<`x5V<024A&&!azYnxKNf)<_(I=~dJEwYeksF2#FjZ(3EpNyWI(@Q2=9j18KI$4nsF%c&50||^e4@#CTF;8BeA&mw(Ie;B#5yiLW09?Im@X_nB2bl5bGYHnkxL{{37?ilyrsZd5UGRh z2}WmXv3YFJ;WIAPVWiTAcq2axuTrd77}Oc;X=twRJtStcKVj|HehOjGRbeGbeV;B< z0k(4IJ}U}G&tyTn+%-_`d-*xJl`4UvD4pd?{miO|YO^6lcsTe@p0Che33i8B(|WqqOq}ubG`mQ%vDC6bUuOPSF+0k+-zcvw8?RbZ(S~a4Z?I7h zdc`K0ibtM|uW``@wiJ3j|Q@eO?)k`8eMSv8mz9yu(>2(0sax#0>a&5S$?E{Wh9 z5b)1r}Z0g^rrqwFYo%VoaO_D4G-a z9w;(O65(=Jl0>6_qv^$w75v7o*S?bQ6Ztd0Go!a{kD*q!U?LF`JMZSg^6nu86*ONO z4`82 z!1a1vcU@Au=Op%BgNi5GoCPSfE^+d##tidn_@j!Gj@^IyY7!u*d1j86ml*E4owV;d z8WgFd(?pg38QA2m#t=B3DO|cwFVylG+5opWEV~EWk2IEms8ff2ELM{tiyYf4qmq&T zp%F^VU2xU7Cl2;O1EIGl4YJFi&n{~deKh0>BlT<#pjfcLW&=t4`Em0VqS4aSZ3Rg0 zy^F?=HENrbCa*hq-F5L)(jGL?Qv2V-vpI!sEn}w=Fq)gt-x0KMj?Il8_%!~IE1|?I zEiq<@AZd2NLP)Z#=5DkwSk^kyhQIi-wO#TZ{s$100XF8CTBXCbyhzvj#Sy=zvLl0 z49@9b{m)PF$fP7JnpvGgZh0`dv_++(?(XaP|B8JBl1GaR_Be{vn ziXPjQP=A84TQE<&%msw3ou0QjR4BG2CFR&@o(fL2mwZzC`#*@Gyr~5nFKQaVkW}5H z0%a^`X?RP?^0009M~}#7_Ju3?X}fpamrbJv(_K%Yb>v-l3tm)mp0$n3!uPT}RRq6) z3oy-1gTN77lBy1fRf>gJj^cRBnlc~lJ+Sz?2xMd1Ol6wSIN@-|U%O{SJS^_HEGg zfP@T~6CTaA6GsF2)U+r6E)jkx=L4A9@z&%vU8cVScpKka?8I<)no@XO?(*I>O0HZ+ z|MJs2(>CSv$Gvf0^L7_-gYFPkIMXskB{aZ=h5-V?pnJLvp?kZ(_;K9^3EQK#z<394 zewNztsVufIlD+;G7wD(XefBL0GAfz-EGjLq+kfnL%%Hm@w`PfvSJS=Q|2E z4`ul*h6fudn=gAd5HZa79r$-@rw@|d-|{yynS+No33P1rGmbFWBSX_KvjtF-v{z{K%>R)+wnrFwH$`cndnUZcxfY$ zQi{EpTW)}~B@bV?CtaenL^D%dAGs3W;%juBq29A2>~ z2slQ}zpu>xww>%!eM>>C0u=4wfcM@D&gwOo{mjHfgt97PuDNJ_Dd1f@&if}5KTq+ZRC24WTpO4D1 z{~psEZk|30=#__Zg8KZ4^1<-Tx!a;T zzanmW{OA9X*smG;&^Z;rJH;20b=9~fpiz<7ve$qCPAbH>^9Ed!xsbGydCALkP3#G8g+>MYZ3l zvxO%nZl2N;v##oPv&dEccP=Iv!Pqwz`s;qLzYb)FT>x6aS!bsQn@}7wIhA8&do1*9 zB!XO|YttOg;jMs62GYyq=p|d6|0O48OBF{Ahoc`?1t%JI7)xP(k;DQ*^Ya`{P#89* zmQloU4JA+G*st4`8az`~1`I;!U35e6iM>6Av&&`o!q0k(iWwR3mj1JLBabgf6P@zd z&m_l=UR#>$mdqFtNATAfqXn4YX=P2p(AWh>vxKdW2`OhE@uuij;ACOUx`Xi%21|@&lqh1vDwtn&yr5FHNI1RS@xY~^!I&{YFRG-wP-o2> zloum4A{FXS3)NLQR8jHFgy>g>0nZHj0nbQ1@1FeN?md@!-#umQG6@S(?EQH66!sr) zlD`w7U)iEj?1io=1o#lr7u}J5984%lwFr?>wP75w8V$~_DAZUya^#kgwjL~=z@uSk z9#$IW=BrBh!>d3$p6Yx1-Q#M#w@qmRZSsu5dZ@Hi;MZxJZ;c%7% zux!+daKSt@@zYMK+na@qP#-`~STfRir`G>jdxU2|s{~r}z-BKZT1tZW*<64aA+}!T zrws;Hxzku#_y5D!I|kVnEbF4HZQHhO+qP}nw(VYR+qP}nTy5+2-sheB-mfJ33h}#c}QQ5BmxRX$T>ybtx{z zM8`+f!QYGj;Z&Wz-;1P8q;7Ep@M-)_>bWeBBBy9_60sT*-mJ+VMW)SDnd3RKR-=k8 zmYBk%I<@58l~|ngp*EW0S%}kVI$eoiU%#g!JCq4*qz(w}qi37q+A~g9M;IPdM+hED z&dL``5J@u-iLZ`OB!sT8^Z)W%8wq>JEUE$%_{k_zU7FJ@V^E-}esD}?78$F# zxdLqK1z{^E{$ioCHC9?3-E|%A-WotH$klomKal8>(ubf~*HPdaX`H?zeEL-?u zFKG2UL@M14a4KEQ-}29TSgMy8oq)_m`94Y^f=)Y~(5(m9tp?aF7uYQp_&57Q+7{t2 znI3U7ddl3ve|+B(R3+l-`|~_xwd7EUK3)Hlzu_V3chyno&HZO%>9*rpY4|VJrdZEV zfEpZ7C#$c3bmGWIrDGM8qf{|?_v|9Eq$I{Nd9SV>Ik5&zSd7HmPyNfyw#}wFAbpSD zi_%^Z58tMegsbOf#;0j(?Wlw1U((oB*G)Isl1+YMVgngK>_5rX>sM}maJbsyl3o4{ z)}=J_PMA`J4nDVAbZs6^y`zW>w(UT|W@lf4Otg_t{PpV?vcwi~n|A%WezrZtI!8rM z>RC8RX6zEod`=)<_5^JQ2(<(?+hN`|6J7luvNxh;;9PX_0?M@M!i&I-SqKvvp&`VW zqtVO=C+~Z9<-QRZCyztGM$xru8eg$3SI22dg&oyZql||On{_}ea$VElUPkj^t+vDyC0J6B10U)bNtXb$=n6- zKuVI(w>upHJ+E3t-`!W@?HVk{zT=eMXQJ~(4b+D;|a*OBfq2A%mmZ)=AUUE1vV0qdk zPe&|at+k9X5zV0^^o@gubOGK6oES}702s;=Zz_>4loNyzyZbDX7|b}iH93H)raG!G zOWH1!LooYPY<6jYdt2|!qMG**5PMO$rzX5^%=O#sy$6QZ4~s#_lsopnlBk(4attk- zmT;ON49jgHgdKvLbP7*wOOVQbY>o0kd)>$ABA`PYfWBG|@tP);&cF9L0#K2P$N zD>-}$Sn4-fh*i)c$`DG%xFMhH2yPVo%7j$gA*ghwmzl1{#H!iWe_5co4F!u)EIbt> zPm7`p@L^UPRea2nWJz+|Od0>7Up(R4lRssBPNf}JfH^SN0XWAgI4dXzIStaQ0>vD( zZqaufy~gvhMcfY5M5vTa?0zs z-rnZ4{BUl*14b*iv(j_OAIp{%v1Z@a;#*d(u%0YHCJrLOMQk$O6@quqfPC!Gu?&z@ znQ@EmR#ECz$hqmY={h1UqpFwUm#FIj^2=n2mHTEF34++D4Uz^1C3Xq>99;WBWs5YV z^HCql!Rhm+k}MmJ-!KC6BZNIw`_INk@Hge6HR&u-kY@T#DUyMRqwp=0ElX-vh{@P8 zL99}Is)~+l+Z#>1<;}|`cYEjPsrCgm#9@x2Bzwqih$DOw3Bqay9aim&0H(?Xa@u=_1UU*Rzh<;dXO~+6fubT==3*@_}4rMr9>u)CDULom4-|yeJG7jIv26! za1+7w#fl9S2*c$Cf3&UEJiN+(>Kyw*On|`%pShb;uxW%IYp~LB0)l z`z$b4eNMVen6K7{uQDaYw#{~R2W;w3SQVczDnGU|lPm6^G(+lEbz5UCG=oJutE@QX z9&N;7RaQE3HU&oK;hr=i58&(PxR=8juHy*A6-s~ED1>V?{f3XYB&(WIl+i2_L@H{n zla5a?y%i!){RudE{nnHJ6{xU7v9#c{PAyfHv6IVeRe2>ZPmCc9oP}12=CO=IJESqH z^KG%0;m04Mz zZZ_*=oPJR#pAEriTxSeT$J1B{FzL7Vz4x2pfa!0@>DxPPV}bJ+5joGKe4jqXN}4PH z_Z|u7I)VJ2;PRVVa&6{H?XlQ11w940u};)q*RdZc+m)c4&p6?|QrsjMSl2JQ-f0J9 zni-i%vugC~^wL&lwVTYpqTj1G_03-}d5n~z&O}sC@KE!>qG7b+VAX8OG2!QJ*A-#x za4cp~C{g7r{uhWeO{;9=r&~=~&-ynaHsnbcQ9i%rDBMR<$vIbcjfHA@JU$-T>^<_U zwgmZ4^-mb1bVzod5ivy;S=8I+26kR(*opgA7-8Rq4vL(fEE^Kv+=fMooJ}ZVGn*f9$`tj;ut0G6WzbgsMj9)sImTxCkN= zv{{zrpU~UtQ&8?6lF{cna)SOs(!nGG(edhp7@RhWov&5$LtR@XW* zGqfp$KrX!xLs@0-<|a!%Dv=lUj}bEf`$TgT8!UF!O4QwYD-^Eeh&f3?YFI1ht9XJ5 z>T<=SAd(s%x-0z#G!!9a|oedi^r$`5@Z{_eI{W|9H5;Mr$v^g4HeD!mNP)yru}W(5PUZ@7-?f{ zdK)JD`RFw|L}Ggz2UjcBoB#R3`>c80b;!(vc=ty)sW;u}aqLAvz2r-XK||t}2uGiV z$TBxI%UmQT1w1)Zt>ez*{xQ90={jgJR;1xP{L7N{76BtJm~vgd-7ohWR~Hrh*-t0` zCA5Muq@N+K(-SJ8eIe1;stNyU@Rhc@B${t5L2Iv=)6uU4MXNk6 zqYuqeD4mvhJ%dC|S?d!RAKfPEcRHhi{|(I1>U(CQjX;iXbO|AMpZvza8qNLeBBM6- zs8G)s{4M6_8nAo-l6e-BvsQXtdm`^!;oT}AU^PN5t|3j#GCrT*5@e0;dTqw^&*W)R z#&Mam0iRvBIi|91;&|vZx2NhaV5}O=q1`i@gDI?d&xh;JPX>SZn%^hbMkg_X8G?*> zm)mWWkGl=|3;%;?7@XTx>N0)i505#0m^NtwzCTA7mrwJeM{_4Sm7<$GU)n)uu!xEH z+LO|im5_eCWgCBV

b7oXUxV!Z#%n@_ilZ$fQhVj)#o}u0QlT?>W^hI9Ct*$N6OC z#Hx+<-_XGq66HHw5&!0><`G=G!mp&sG%%9XIh}O3Lq0a>)2IQK^u5uf)jlc8{cdM zJc|tF22C8jY!nlu7l@F-*2|CDZ14&@Ym)3CjscbFuvHUx2d$Q(mRwwN5J)yEIu1>b zBIB^%<+muzX%kyDyP%c?5vj(28gWgYY%c^!f1$3BZowtWN}G=1+@5KIt42pdS;i2m zV0Toz8dFx*pqW0T|8jK{up0dR(JHn>3$bATb{5k+-EQj(Hrw)^w5|P#V^GkyNwpbG z8WfbB$&xUW@@ zXgJ6-K%+ zB&BpaYfxZjJC^}F4;fzi!=eN`6rCXs@&vu2T;5}%D zejv@$DL_#WE!L(Me91Mi$c`CV+Mme;uuRiXv=&7lxGMsN!th^*>~QOM4Mn3|Q7DDi zOaTm?0D8aO%hWLuJ+=@J)55so7bG&NWKQ#AbOP0*8Z?(GxSC`6LWA@skznMSyYxp+ z$k>y@1ahbE73T}zhoiDK2tu_EwK$0069(Vzerk|<_0}!Lgn9tubXDrl#G#R-tqSm5 z&^Ntq$Z9p&FPkdNrXRGK9pnFIs@!n1d|6hH4?c9iy71t(V#EYZPPk!~0Jw(I4BVBR z6zn_d2OXs;34}$c*0qw!0+!A96~MlV%i~{5#Dq2!j>stYWZxP*gC-dZ zpVO531qc~eC}KfLK>)c1_1CN%*x5wrrsuFn>%CR`VQlx+#lC_k6@id46T8VH%v^z8 zO*jg|qXI6DQU*B2S^r{hFqO=;VcFjx&%|NtU+LYH^#K!E)p>xmGs9IXO^n6mE4YC1 z2!{NoOXufLFHvRcKU+Oq%VA#m;B|9Mg zXq0yY0_Ns7(kb48mM#+TYb$XPc zYFW&C)p?PBS(0F!AtKsO=QPbB~n_#>IqCPC_OUF1WT-gg% zwQ7SaN!61K7e!F zz`u5?5g#08#8JcCJ_kou7xd2@>YynW$V*AHRgmXeNOpzH!T-7ZK8#j&K#(ppsE1i; z$#gMB%6$m&w{}9zB+_e+ z+3A@h+L*VQ(H}JRp}7%f3cCg-(a#Kv_$QTB{5$A~PyBn@CjJv_e3$o)E8!E2Nz4f= zJtvlxo-640p)(=2ccsB}#OiUUN^5;l=}l>~7x8-0f6nJ~#|&iI|}0Dw(h>YHtoUJE)(R4WXI zjM6z{jSz(#pn>eMr^{q!+Ch(9(KI<>VV%llo70*rtW_)Z@1OG0WLf+Eo(O?;`*Uw< zFIE}#2P{NQ3V+XLhob~unCPNDo-_YWU{Xl6wRcnKYhJ8P0ZY|$iHQ~mF}vP2K{qGb zzInEeapGUEIiuX%-jOg9}*KPvj>x?jHfnZE2=$dsa+ zVS5%W|76)v;UI7Prn_qa>%D$dFlXbWSkj^k@jNe)_xnB6Tw5rpWpe=AQrkGuZ+fZp zqTgr(V6<6KAy%0x&-O^PEVpJIr=?)fXj7a6IJN03 zE2bg5bS7Yx9on+337(5J0?{Vr4>`DXWPjk;OAp~mkC=MFOWz%16C54xl3Kc!-7+D1 zJc*_q~@g^+@%*Fj$3Y-3{x%&%)(qrEx1}XRq)=^e^Baeyc$!+*0{#4yR zw|06z43ip;4M_qKewMy);3uE!rUliDbO#2Oh$m#a67FMK_<}zsF%pz!7_55^gm32E zwPR#8OKw1lBPt!D$`>@r#PMOEsL=m5lF79faNeC;g7+!P7%I^oqf;JH%th-aKm?qs zz&FCwq6gOhxmz)!t$Nz)@tp4;dj6At6GwOQ$pf%pC6pOi_GiP|91Ub+`}6Kw=2X}T z;3fExUSB$^_6_{*QwYW!n`DdGaGMcSm)&zAfMyG<4|wygeZfIRqCyK}UN_Ux&uY$0 z)?_a#ji`D+b5RVC*IRckl&+YMWpd}ar#MeV{-G3@Av~MS;U|YG$6TUQ&HA@@Ca&YB z_s30sTtf|-b4>`;YfK*wxa^}l+&QC!7vJUEi9 z)DVHo9;*o|1Cc_)w%N4jz+PNEc^atn&8Tt{2REVj8-ilii6ULg?X$0)gNqyC^8)Lh zIJ|+OI2-==4USi|2Z}(odWZ3mZ2+=vl5; zJ81+OMy#42H3q`pngta<>(h}F0vi_3NtG%|(d6=|uE+q2S731+1p#EnZrSw*}TSIlwNf$!!I zOWeWd7UCd{JE6+-2G-(j6c%1gigIo1pu^k==VuX9qH-3D7Xb5di8f__f!y`hJfr0^ z#2#LKFW@u8+#Yf zJww}}+in!>cWDPSafymd`utx8{JVwJT=V>PT*f92Ln^PBm5&_;m0d9l7|+ghu$&*a zZRY0PS_Q=T&d$JaeAIs>m%kD?&UXQ^AF#RkurPz%CLS|)t3w2ms zN6bQMwU!#8I7)ID9@u6DR!m_m!FrfJ$BFSHkiiNj%CGZXBG7V&rp{+$*2)hn+Q^ zRLf7k;m!a5M<=7Q1V%;C z+B26z$N&AEPprxk@PJ zEd*$r@liHo!>mV!mn^sOQ8bS^|0`PA3e~n2!MZ4hep1Zbz-u(^lczg&)1}cbOS?zF z@A*aY{6M$g{T0Fm0Q_I{yh1yxpjhAk=kMCJ+7l4Nd!NZG#B+WOitTBK;e0QEc~T7Z zq7Qqa#-70E#sozpF ziNARUV5FTf%2@`{=<7P(OH9j!ikd;h)Ztup2hRASbTsN++ug*lVw1JHlS~G2J%r#H z`S^=sZ$K(dgFzjBs>u#rh$UDz4z9|F3M2H}2j&qy9v)k%3wdBo2Q~xS-c9bHuwVUS zLFCgSFR&nj_Y7h>2fyBNhlZ2o=ir(VX$X_m{YyY?S>rURDnOP796QrDLzNki!>=34 z;(0Q>9_VW*$)AI_ZYH1?V9HF;+~=b0Yj;fouZrewG2uSdc49EGk8QeY)#@Qi6p7?a z;4Zloc!W62J;4$ck!5I#Drs^*yl-%_n<4Lu{ve*(!wIaD#aSioe7#s&ht|8n@@46p zEWz_9W4k~Mexojd2ON8AFy zX|-nQpQY0;b1l2VA3OqggY~CO{~ud_iB8H^8S742WuXQ!-UWR}cSet_xjxf(7qr`6+yUCY(VG=E}nKisHAmD4|Fi z@m;@d3w9ceK-R(832KzO;2T-hSu&||b*7ZL2J7s|AV)EA5+oCiP(2M*6a1coKl79K;n!3>v3Q z$6WZXbKvSr2zc>Z(u@kwzgO33ejsaiQrY*@d+NBd)9sgjwbN5q*dizi%*2T$x-v znOMxzHl`sQ@yl(CFY-i8NxrZ7Hd-xG~ovycL^$nd%vMQS3a2pb`j~0PHhzcbEz|<`}w5piDl)N$L z)*zPBV!kKA=e?Ez?e6Ov;Y3r+uUtRM=xeDUAV{7ysKFGN7>KD5zO9Vk5GTPg9l!<6 zm&tOGh2{VfqRh@R|Je>f6UESE+Bft}y0;x_Ik2~e&(d(rsi^Fh(`s`LIT}!bXAuc~ z`k{}K8Feim(MNF-ol88>TsW~gLz!$dP;<;b7qhS~92pGkvX^XOAYb1Z9J_&0qDLj( zXD2NP%_Vwtl?cwOU+!<4o(B%6pk#j9Z%<@yk&1E$1-@Qck5rWY(h}`Y`E{R+1TyO6 zr>`DrkBgZPI|UQP>`Q6DUU{65Ru3z~dlzCbOsU300E;8dqPSy525z~X=dXIjO(RrfB<#6o@5L*||nXIwa?cQBsFDZ0QZ`0*loq_7DU_<5-bw z`1LE6Kds$+u3G`@l{@1b4$5r5kxKEb zt`W~sK0TlBA3xu(meDxEF?+;9w= z_ZFJVtwV?rq%fE9VzmpoU64zR!o~9VT=R6~^J5t-&6U|{F3!BDB$tH~I7ccLDr3X+ zFhLmgN6c_0&zv4~A#$JFd`3oxM!Q!6E^}k(E;JP&jI{pEj82P3#pR5ftqdi*nA0Q2M%Ug#^CQX*j>A3 zJ)z=GA)$^fQc<4rK9TN~JdJhZfj~-#0{=uW!bi)?mHks9{gMTSgx(VoGaIAu3Vrc zkP?`T&8o%pHwIgQfqL%VL!V?Mcg^^Ov~w8sY<26s+A7#h$lUp((ki5N?`{}FGc(7> z|M*#etZ`4to4M$~5xLhB`RG8D>TL`i;U)xv>H#B3K~TwZFzpEzsaz0zx5vW<(d2E+ zl|e#cVtB%jcs;O4vkXIO7$i3-0k5y?gf9b)N@>k|b8KJ*HoXeF0UE;ZGEDtbHRojy zUy7{RO|f2~=hh!8a4eC`L(}oqEtcT^7~WRcEFA3f%kJ0hN#|wMqTX45m>ad6-Bc;u$IaL| zT|f>tw)cm|+#{uV3?s{lp>@kQh$11}I(4hS=2n_i*cw#TvBW%(zb78&0qNsiJi_5) zE7i2W3qcbnYxo&7a&-XASJ@H-0B=e_tFI(~0LFn)`wl3{a9&ZFm7g(*$gmi*eJ?1? zuus^z?k4)2Tv&UHOR~*Wvu80I4Thwa*|PDMjKhlYyGJP|#Cwe+AA&#{))zly76!USb? z@`)29CD=)O=oMh$47$i=_M+2NAJ?Rq3olZ9Ey`Bu^x^@wq9gmQ6B-~4rLA0<=Erc^ z^#wyu2kM`j#>{sinU-8>uLs(yV6)8hO|2e@l&gJnMM&e;G%!q%n_53^`$p90u02 z^i_?uSc#F0MQ=R!VvJPH8_lKD3z#Zeqc3Y12M+u@BE}j*Q@c<@uL+H9Uu5}2L9gP7 zYcGiB0fb=D9lO8g>5ID2eU3ZhK;L-cjh8rB+p>1mQaQ>!Yk^4HYa8pqrU|1j;63d^ z`zR4_gZss%XwI~Qqy$rWEg%^0BFbgf&LY9=0URO%TaK`_oYuhzM0az8jgV$Z-4o#n z6a?+SJtZ1~Ypqj7Pz$L-P%@6kQOe~+f(306p}iBx#zExFm&(qdc}AGnyQt+5lLf-2 z&0bRxkODoU)Et9n#uLL4IJ0t`TnvihPuwPRy-WUcxG7|OJ`g!KsOgNlkH`o8I2K_w z?K^csCtT|#Y(&lgIEGOxzwv<@iIZravO)^RMAQCN(^!y51wrvlU~8qlg<^u=vlu#q zaj^u`4Pe<*M(cQ59O-N-Q<(FDhR@T6H2n`l{qV z@g=H|lXIL1N(pTn;>hxQzyz&uS1S)76o)U=pbnu$%vBWgSdRM2W|Kc#2S^j*E@0l_ z4SK~2T^ir;!^-@Qvnfs?u$VhBU=pD0YUX}7_BZ-MjqPLvqnZ7xtm>WVZABKTRr)nv z^)edp%pIbNgl4ubtn_xl#A1^Ac%5*&f|fuDTG}1GF9vqO;gPU&G)uG#oAd&!@mK`r z)_iM`r{M^O0JKu(!YU1bL&5Gf(o+noIs!q*uAX8kF42qXd*HIG`1HXnzbSpgpaPMa z>0ue7e@PR=_u$pXuIRXE&*m4oAH&aQf-pQ{UV4bCox!X125)L>>3WDNq7Bf!BYL>H zU3107?`A|c9)&xFX`pDi&>HLW_`B}AQI!b9g7yi}m+%i&R#7kE{AXxM&u+L^ll~r* zr&`*m`n&SD%;%o(=UO!7&z^Y&8i_aTB_=q#%|UTW89nawBxzIT7KG#&vQ*3l3aycV z;Wq>b2O6KaZu;UipvU2^R_&C&{%O$ARnG%hA(xh}i|R(f1O|ke`Jy@w_7cqVT4tJm z9JdZm;oUsm?SM5`n5G?wX2RSL{*D?VpJi{{G375Kq#j4N4wPyd3K|`zE( z{$TqJ06ty~@Hw~eYy}LRiJgt}>wZ569*`C4XlorL2i68Q$hV2zhxBw?pKF>jYR9JP z!FuCNPES+Oe^0!6bqzjfW9XZ&c{Ry^PkcH^t$oB=mb9vu!n;^j!!7G1=qqd1$L%!E zCW&B=`e5=?JK-U-Mq^uZMJEKqZ>=Z5H{6;B2=RGPp%)J!=(105sN6(RFDLIjn3s_g zpx)E$U9v~RVA*{d55W+|TY1~OBt!=0&YH6-op|4&1Z>9k5o)l#s8$GJVpFY-$ywqaXeyOuX!y$b> zjAE)KJVe;#GwD-ozRg5@TPK`s)^oxZjExy%VcD|y3`i)<`8GG7oC4cpSR!n(EqsOFRthR075+3Oe z54{6T3Jn%b7mR}N7HJGdP(q?@E>+hJ!HNO=ha!63kHMl*rA+GFDfI{W&?s?+Mc~Sg z&v}3ME7Gc$X$8!8IU%*_fD@o{n|A7XUoK%xn5UIsCKUCEIv!;q7Sx~_URTTPo`RT3 z<44gJh5zCL7t-D;>M>-9ArMrf?965U`8*z)9Y90!*m?Gpn0mX9nu)nKtU4it8tvHC z(alz_qxHVy;XfS@6lP1?=KPYk#vHIzO|j49s=SCeq1Q{Q^EKqCow;<7o1uPmm#2eR zqAl)DbEEZI2*+@z{k+QC*0xo8sK-5OI%3K8!JC*-PgrCirD%U((lo(nRf~h$1 zTMU+iQ=&#e$keD$cfvkbAkUIpc+G3+b7{^|iDF8|{Z9762rV5}z2T#UK|4B;2X z8W3@FoD(o-?knj`;b9xn#qzunIy&p=`*43=_gXg%f^dS%vi9?$#=kO}s2efJ*xB{;pRXnh6TgkH`hV1s>;-L{0_T7qPJxT=DG1eR22ax&O)Z@+nE z?m2A@pG7t>|I6q`2u4!VE1w8#!Sk3k8>cNMSNZkFCnhZg(~$bsFAyzGA(+5 zLc8&?Yb@*od*pEys1bc#JiB!J2mjJFCI6x1qT+d1-$3S^ec+vf-%*Y*9u(cBdvASu z_lfcByWS%|jA7$@#Up>z2tv|8Z5IMNAu0@C?4Kh_k0OZ5z1r{U5vw>B&M}C+P9v9? zis)RG5Pq{&4=Ul(z&MYvDnp>Z+&ECno6d2B8ITUr8o-PY!U}EOo+Msop4>bb_2~@Bv~N_Gc(?vHB7{S3B7$%yyznaF;F8n zqum^`@u1z_$pUYHLN5yNf*AwlX>`M&TwYil@pneAML7=sZjG}VeX0mDsc4ZXeM=G( z$h>&;_xOwFmTT_Zv$bAxZD5|UB1LM<7LzHaYx&D0p(){62BweiB&amt^dvqoeH|zo#i%8&M2IlUWjqc!Xx4c( zx%fp}^j8*gxg-sSr_ZrINDz_65-+IrX!4;_PY>_s`qAYf_wRwZ0&KS#I8YA&cSE04 zApHc!mzgb%%}38{sus=_;L>=Iz}KBl$|U3PR16kK8t{c))t&y?*5wT|K4Mp^Ux*Mxgipv0w*m|7B3VSOO$3P&cc$cueuM4@2k(Q1^_J5 zi~+p)6?A5l6DJ|{A`v(R{Y2c(YVl9K7k6~p9)!x4%8G9qqj0fa8%2TMX}ZB83n`kR znc9_v%}d7rZOT>vo(JH51PdWgnKf4M4Z_Z%bN=K?x!BgKH9re6s6w`tIr4RS`T{jO zd9%VGJK0au$GSsp08Dj;_1J3J_7>W3rLx5Qxjje)BPTH*cjpFp&Nm|Fd1&kNw%HmU zs$kicfy~ST_-{_O%eO;;T3Q zqWmJrT)T}!{TjO1gu|f!2jtJ{Z`u4WN?+@4z~iDsK5)XL-ccYKvnGfKu+D~{^FmJ~ zqx)*(O%C^vD(y^Ku|=v*j*kX6QwHlu%PF&vh5=j90}hvTDiG}_CCUq1pe^+d4T715 zVCN@1LdShZ%|7oK8u`RMf~3TRNSKmH-3G`|x$EABsU5A%sBM2{+;oGn3Ai6Z(!om@ zr~WlFYtHmab*{3?mBFdDj^@f;0yoCwpOtU*`t|9x4+CsmE|h&+gqPTAj(v+%Dn$Vy zQ#hC~L6fm%U-sU<@J5UrE!5Y!C2#DH^5^u-A z5mi#Fy?!IoJuNLVskmjvfO9Zr9cJ=osM8awS+{UKu_nOj0apT z5vhFC(YSjSPE|ZQf>?vKTnDQ}~-9|12i6hOJ(N8l4V%BZLP7KGyp*)$=&l zW2i=gKLdWfeDm@C(DS~!`u%LrztZ)3_x!{`eBPA?*}?I)!TrUy7tr{&razLS?dBFPEh@8+s zYO*m2k}s>C0r|$eQ2;Ni752=Gcw`i6o=GC_i%UDc#_)*$DHo|BD#}dghCooCGiG;R z6I#~Ov5b^I=dAH>N>XZ}9w)ErmUht_bmAXLj8k^9k*`jh<%4S)aU60jD=^H2IY+qr z(KO+0o=8{7`@_0}W0YD03Go98T3)x_CA!0YG_^@?dj*HZiolYMIYUg^k*S$r0oB zo}QGzf;5g-UTLhc2dX!*^hrU(qb6J!a;BYc`kt6*6}vbbwP?6wRQnN1vEyLQ&2ufr zsRj--IQAzT3Q)QK(nTs=?BEikq^CU&6eGEBLq5oeXx5fWFpf-;g%GyA zpjwKqo-xHt$!Y|wg4Aq#>d(noQP26wSR|1JS1M+s?UPscJ@0v!2|1P#=on`|bPyiaCLrjl5sBOVi55`?F^h;r(;%BGb$MN7%v9`|fgix7L@(_wD4W zYuj}S#la+qhYQgIrgsO$4n5PJ13&~7*t;%$x8+}SKht{^xGm{C`(&)h#Bj(SQ)UyT z@CW~eW~(fmn{_YkZOmQg&QfLCEdFTv23|6&MRTwsFzzV%YUcr>Y<|~* ze~0{9*~-SzagK6fz~{{AhFwdOl-f8HD}8PagEAuA#KrCizR zW;T`OjvSj|0s5mRAGK%mb7*wuc-E$?j)~~(yA2x+vF9}04pn#iQ8KHOOSwh$4ZAYk z`KmV8f9%*REGN(Yjh_&Sa_w4CBJxM6yPV9l0cxaU?npy|$p6wx$eSKG@oEj6w3s~Q z-oxm58Kp9pA1QJ#Caj}O0y-J&}j6Qv*$r|cR7jW>-LNY zuVG6h_4^JQ^KHur;1TbBD2!>P*e%PO0|?&PL-`GS(j78#*$^r1SmKjw*R(#P-b8-w zuzBX71j$FH?M}9FuI>|%f*K|!rS{|uU$@By;a}k}d%ySx*)r2*ZRM5+Es>{NSHTIb z%GcJ`es!hrI^(mQ3u4)a(p>o?6eCX_SQomIGhV`=}d~k zHHx(S==!F+#3kmDh-H|Fu* zqsg0&PCl;totVTB?fgL;muQs9id>L~OA>TfiSRx;mGykF*Iu0SK`%iO#kkePJr@#8 zr;^L`GR0#wVQWBF(T9^}8b8`@BP4kYCc9oA;~IMz(zLt*>VvZpVI~flj>fzcYXAT{ zUf&UaY7vpj2j)=sirtw;+hH)Rd|)YY{T(7{WTn>O9Mt2xJJUmMOVTf~pYj@=q}!cB zb$RRZ-bN;UBujw)Cqp&GO}$HFwV{Xk8b9r=MO#h(E@4vS?S}0?%5zl|JW(qj`8i^DW4Sp#la93^l&eC0gXB zg)jc}x6qSyn$hw25##mxH^(sv!_R+AxAS22p`@B2{4Z_Js~i7in$7I$rgbYaXknNg z!RpB@^6Em}zRz3_{MmYw?f!CWjmI=a(rpEQ!8P6H?pl}Ill66GHH-qs)brru535y5Iu{>;`Lp}pSPZ;J=@?;c@;h@r;JRh ztm;mO+5j~1c{#ag;{=R1#afWua|=F9mW1e_V$`wsU0lERwSpL`FLLrQ@As`j^YAB^ z>XM@dFO`<4Ooz|}j{KzDBkA$vo>7k2}}Xu}WtB&MxtIVu;15$cT>i zwCk;Di!_wqUVJY-xFB^S)Q&qR+L?zrtmD(3ymPLR>{Ttw=x^KoeHweE4DS5O+hbqk z*0`1Mu%d!lngWF~@IEPtH%$=94Ikf;++9|6d+lQcs1K3c+hQk!jIFX&%!t11u5hhP z5j}u1_@dmMKdRh&typp6U4$*`c#|IMXb!pE6s>dXPGmTI>}D%RqFn7V-u6qfd!AXbtN#vKwj^g~RBSFSNYhX0Ax z12!nOZ%RMIpl=-wDXsVtr4+EYeExNSDlq{MB}==ni{0_uX{>fAt>vJGd17KdQMaCM?;p&C(92c=j4xHfE~Vae@@j%Zxq*~yPru* z91fm!pNJnB6}21a7~8-Q#nt;i_6TRAC`M5C5GWpSw42XYhv`-cvVshIIbg>RbCoM!S9Q3j zc+4+JmpLGh{@sSGKn_3(ZPM2F(t;bR?ucV~wqVQODlGx0W|h@c3M>gs#K=^*{Xd-D zV~{LS*EZ<3`?PJ_w(UM`+qP}nwr$(CZJVdNzkZ%~Ccc@Nn23q_QB@ha*WSM>qOx*d z>rNP8-O6~0&;S_$UW(?f+4RGYZN`kzf9o|u;aMVWNuh{>t7kCN{h^Z&Bf2uZb@_X!`(dUOQ(bu8)A`p?ff&b zOCOg-=mB$ZRcskD1`&kzu{6q)iK7NJH{zZ|`fGHM4Cg;Zq7L@~8E-1Z2G5+^a{2u9 zKGHuc6Rer)Ryp?=?yCVhqslH(!rsw-Qv0seV_Yg|r;zO#!1AqgbTy*%c^|*#Wdqwb zW82XbFao%3rM+PzB+6=;8powEmH>mmQ_EUvr1&fE1MkqpbidZMkcU7&9ue3ZC*lRT z{j6CarR@`%D9k4EzAIQRZ~q8rZev9Rs*hb>_GSulNG2GuGS;K(aBc!aHJd8vdU{RW zpm&k{w!L)`OJQo@wmyU`W)Uk1o=yJlY{5oc$JQl{h#)_!xoWj`at}s?N<=hHjRHb= zS(a>4f(zn(MDW)=&Rn=;#%!MXPIpA4Znc=+wc3~Kz;RzJPm8j+n~_{ zFZXQsFeRfjq)b$z8w-n5vZVY#%A!|PyHGdE&u{y35Ii?TGFiBnE$bioM;N&#Z^NW{ z>=tC6;0od{daCa9?A2ex%|(nucCuVzNb`Nj5tJKGQj}+oODnZlV;I8+9cpPNN zKEmV?aII46Dj*0q0{pR$RE2=fX_W0%k`H!6S;}md$aNI;Lb!;@ zsTdv;xR=K8;C1&wW)77?JQiFaX>TeIkg7;%Tn9}}kVU!+Rm9HD$QsQ=dfD(u<3Kwu zTZ>V@!V;(HguRsIRJw)}`lm;?8n)X`<^yJXWu!w(_ee|d6TJ+E9G+S(H3g+>PLP{a z5pV;%+u@>?4S2@0SR4u#7wJsDbv$D=;I@CZ7vYW4X~H1vPluK^EJ23-i9%dC!w*>o zrK!bMDMD3DuC5o3E=JL>cN}DN@)DwaF#Q>A=+~cD#kf$n`bCob;$hj=`m{|x@fX|m zeL7`D*XpFGPO>Ie1wXa>D?-yP$z;B;I-oJt+;rC#M!~i)=hv$ge?ugYK$QRQaQch%s}OtN8@sj z`^iTtrSdV|HpR!bk^L&|T|fqFc!MQ?X?;8AtLAkNk31jd?t(_>phGo3|MqiXNK0j`2in{AE{xRFEx~ot6^uknIenJgq|3%ie z!KW|-o2+=|Y<0Wx5x-re8QTXd&m4na-R|l{YF_AZuQ4T6m|=rc|os1-X)ukYF2DZ7*Zze_*FLz)to}C5IIXv z2VimWq45(4tPnvyy-M;sjDvs~ipOJhcv*34c8EOX0+47c3~KWQSy9n#y{#PS+L7nB zt7uM=9e&G@R#G!yyqdubg;J0T=uHNX>zW);y9iThg!-XoE=$J~?jH}wyNQ-g-npbQ zO+hu1u3Gep7=&R-gnpg8pB=uB|0GEK7uoQs;dovC^w50aq<-rpealMuPCmRo>}>|l zdR#}Qm>44VB69Q4Txi<@yVTMwP(yx16him^EkGqsO?5wrX}htq_LltZD*}QYa{;i# z@!)1H=J%3${g_pn%!g7%jSydSkmmv;{*sbO1L(hJ) z$3L5mw$%pCaeXYTj`4sND@X+*yPG9xry2x@Ll?D`9zQR6VSN;uoBg&E&(2!JV=o-< z&tcY{1*Q&RDIO_F8@TEilPcr-dJ%$9AA*NFz;=9BNr6shbG$#>@h*4M+=%e*3lOA+ zsV>uko{x?gv7Nc*kxLjv7?4@(2J|v=+nUWFp&Fl+Tv6K;xntR+qwMYQzaplEz;hKI z+}uNePp2m&uvbTKgk)h%lYfB@2DyI{NJ<)MEYJle-MDb=9F zS-)J2?tD zewyO4%D=9&T-EI4xAg;;$vY^hjs+S8v4dHAHsW}-f1+V+!oqt=B!CxHns7Klf{#D1 zOtq?vjX8J9JzU;BQ1-O-=zk!hg6wS=bN2oNp4W^LMk8d+3-s$3pYxOk1Set5OH`1Y zP84WbSM1B8kA+b13;H37UTz4&8+J^ob}h1j!yLlFv=nBE#f)3b3~V2RO$Fy4xWY?-}CCY+x3?sP+Gf z;W%sG@2@|Zh5Xx8y?5Sc0_S9uN7O6D$ym1zoXPY1=7BwT*k^K^Fx_%-nG@xrL|@A) zC(bmwU6-a^w}HGx1Jd4+zb=qAIY zjYgRnIB2z|*j!adxfvDcc8W&}393LhxhX)7Woa705@VL)OL0Q100Evq=Syi+tQ-n3 zesLzIjRfT8es?64%ilhii&g1&&T<{yh~LKl+_1RlaEt+)1uQS{cSV^1A$+ve+S<8= zr!DkE_mT)NX_BX}+#mlGUFjYVUh^@FxvL+Bl|f!Ui}&iC!r^}^xq{38UXEFr35%`J zGA$G5ZyX$Z|9!CawvP<$X!-XvwDWB+u8auYHv0OpeSEe1r)ZXoambRVID>fdxC!4R z=hlW;Sa)Hcn5_dS?{@0X1(31ccS@}ucR9||_K6K%Cr;m=XW5f~;w27kg@`kes92K} z%4j%jr;lSaMQfJiO2%ofzxo{91l=dmNl;W-O)?7u29;Am`L(#Ertp+}DdEHxwD#3S z)*ZqjmYub>zo=@U@i!FXsrSaEZqyF~YvV&S9U^L&mNkzl{I)$@>d0!}t%&3h3ou|d zyFS5y%{&mR$F8sar62D`*eHyus24yo6hMqIBz)Ohxv}=rG!m%>&ZtzJUSsX4IXi|& zrGWdz_oE&qhYQkwr|Cw7^)sHr=*#!dN6*j?@GN}T$(&_X44qiHPA>-1LRvUk2a#R$ zuQnXHOme860Tq;YeTYaT$XW%@M_IvV5(<=U8xZgSrKcg)*n}BNJrtT-SCm0&__nkV z8FEgUNnfP-SpJ+*O}7rRd1!H6Gng83*GS#D(gi$ah_S23Le=$=BIy6#y#Dp|6fVvY zhy{5wUDI#t!tVcWMroBwlrDQaJ~!cuUEp46)th5C-P*D~?i4QqC(FD^mPS+LxX7(S z^H$`fElKk-0N$ElH1{hTCE;pl>tS6gU36(nKndwVm+?A6&MqLBbn(^fg-M%3S%@e# z+>jy8-TmX4js30wLZGnluA03-;dhVzjaUT&=6?B-^koOSF|(Kk;G4)uoWlymc*7OS*UwCZpZKFjgMG!^ zRdHWhAgJq`Qwj7e!d=lI?7-LiqaXhG|InFGr`;$*B%ON<9d$ck7o=?sklmH*~R zD<7e1MhQ_P^%IFwHLPS*VA1awjIP@B2QL&M-B350a1!wnNb$vd9%%{5rFdLKr?%vN zTmUQJzS9gC_0hA`fCu%FJ6P%R#RcFn*M375fOR4FO2X;k#JC+-zTKm@a%XAlSgun> zB51}WkBv2(H3sv2iJH|jKnCxSY=4b>qCrdDON+7zhlV~g(JesdK}+ttaaOM&V90%` zr2kMvBym=&fguu$U_w=t-BF7AHb9FZ_*Ms>lK|=Is&PSXR!=3G$RyyBVx5qpE+UAM z&@Lb+*)u)wFAwXH&(o=VMI!@^tbS3tAoW2|6SB15rcRlV_W^~2SaaD-Fj%aFTSS(8 zR9Riu{F@xnk9`yhZtBfN{(M~wQBFzPu%Xp0zdt1$U$gT5$Qqvrizy{qk$ozjPR(w` zOKbLzH^OlFD6~lc(r@e#i90J1^d93{eoxuqFG_#7MYElqsRf5&)QgkEq8GP6lM51n z(A+`uY~u!TR)?tG5VR&%@jObpEwy?_LKTOViai7B1lYT8es*v zG3of{7u8OMhOM)Ej(J>ONRK1L4fItHd>sJg9Hk&sIAE?IwyUX7K^n2dppvZP%&jGp z-qD%)DtR}u1y-WWgDHIgVv1P?yvn0V+-5045@p@qSNX2CF|_O~1@#tb3rmfPc=kcMCef;XQOIZwfgHln^2UY-r(y82xbcoaYZo z5pCk_%lF6N`RvJ08xMN=tk zZ9%6=vgS6r29416bwnG;dH>x}MeuT}k0?YTborlMUD}4qn;%0U-+$-7*Vu43gQwu& zpP#qCkMr7o9zLgg+8g9bDP=oZ4E=IFdP?n+{qv`1dumf-_5T9fj~HOjil~b9o0V@T zi-oR0S00Ma0QtM&aLgtCsIdi#;S-Jc>Z@h|UcxFMmuy1|d|Q9JEx)8)1bv2bbhe1J zHChHH7|1IwHS;wj6d($tw&@0j9P|tZ1;zPhvGiz|EVp){=})p|3g|x8CZ;2cVaz^& zRDuzy!D-f!=q_YlK&c`RLbqGinal`}N(7KI8A-a%u?IA!KpI?HY~&Rc&%!pVz)5F7 zWh6~o$Jh@ts3E}{lTRawG@@q4pQc0yOB8BSlf;s%96yLbrcBTvnUvqbrqK~0BB|Wk z+h8WOP`p@G6pJ}cq@XSqva`+n31K-~eHBtaWg*r`R2mnDs^0_#;i%dYfViJ{ihw^G1MDdXd6qM>?9vzjAn;NNWIlNelyK^c0}j!$^<{=JrxVqEzbO>(fg{Fnj@gDUwAQ%g9A@?C z>>&-c(x z*idjRrT*UZZ3@r3G6TEiENZ=2)jDr7MBWHXbHlFoM_KOUisD z1c{Sqf$~yPR<+nKTfcazAS{{-Y}1kuQB;-0D^i_^!)H8{1~R73+mIU*f2Ns1?eD}H zh&0lwpbE}ZRC?Wn-u{*Am{o*X#KfY^G7{4D3ot-A6ol|KlvG~cV@#Q#AdTzatb<$x9#R|6J%AA16;aJ(| z?@mO_p$Ig(^ZawaF6tS)sg%WS1-rFq+W&IdyO4`sKM+OXDO0bO~1 z9(EN@W`GH#n|Cc;ok1#Z9}=2pBs9?~`hQ^d_RL?*jx2uii`i2r4z3IWzGocC55h_{ zDw@>+H=dV7JWE17OXfp(3vVG~SaPdvsrvzYG$jUTyhq+PKq8T*y7AngWIn*1;0VL;WUyrc`70@9giu||QTjX~K+kV0@WP71xMhqQ3L+>U|^xY|t7>Kd3e2uyAjM9`XMn(dM@xryuYTZp( z--J-{tPq<(YO*j5s~63|aC3_k&h!5t*Pbj6k4@7tcJ|BJt^ZHX{vX8tU*V2rWq$m7 zjLC)mAG%(BdH)OD(@*e3%31zXfQk9vv!DI{_3i(iplSJA*8at7ZJr&=?zj}3(tC^5 z?F?7~im9H7nyXCMFvU+3ucrJNMG>c07+nU+WlOawBE0H7d2h^3D~&~xDOyQO1QPFp z!PG);6r?%2K`TX$0>P~FG%O}(*5t++IQ$ob3U@;Oo?JA7pTrdI1Ea=cUE>-t=%u=_ z?^zJOeNW;N=hCrvM_zQ1dpVCf|LS~!iv*eE9`>8%Lh}nh8uI9Vn0dYwyuS>(D~K}J z9T{OkV;{B}vQJm`AGH@l{Hb+q>QEM4@7dNG?T7_!gI(3<_VKU;=;Z*~F0fM$wYZbx zdi5gQa0x+`i85qqdt*h8*`G%i$V;-6$BQo9*P|)HSn%fr{%gVxHe%*wDP2k@<4PV5 z^PVBpPC@yILh62z`Vw~@JEuR*bW*`Dr%E&r=fnr+`C!VAz2*a@p%f_*5Yts^Qyei* zjuE;NuhQ9HnzUkrk=m|2i&nT zFT1a*@uI7nOA$*$qn%Y>mcgaS@QnV#HkZEC74rfy;hFGlS6?%~WeKuR;13(~6&uq9 z8|x2m<1@|9Kncj@A&YRKokXX8#>gFd`b54-BZRzAIFdQY zAACTQNW`rO^}hcbbAD>tfSX$te<$}K;ZkWe80Tf5OssGiC(jySk(!P4YMa%U_T{0E zjE^32-}r)Suu;X}w5_PI_<==TNs1x*O-&+xB?dD0Q&@%0+5V?Z7kGo0iROV`cx{`F z=E0qkhwSp4-G|Wb2H|i-tGZ96EKlOAj80ImaPfxE76zPoEYZN2U_$~_@BP^f-;OH^ zMmdmyft)2t+BW=3Xev!~SI~!QN19OQ5)Z2iv`(CTX&e~uC?LPTq=+N^%6&*!uxJ#F z%6?zWO5ZVm(0N|s-LEQ)v0Ro932Ex6hRhlm-x(#`u}e;ncATCbSwc^h1I?EDLXh>) zOr9s3sG#6mg_8m$5=2}dP2E+T5S2H(Vn6Lht6WE&OgavtyRc^Fy3HUkyt(q72NK@9 z64l5+URk)wK!JkNU=7Fek=Q^q*Fgw`&| z&}$5?&2O!=i!KvB5ZszPh=zy|QW_qjX_wem!voJuq;?#T$DxALS{5=(|GDY2r1W9% z$&px;Tomd70LDnhOv0@iOT4v3Yt}^G7|cw9c;6+IQbq68GTFnueJl8JUL-TU$Ue7`HJ%Xa%t5rcX>=NUr3ht)>}-9-#hm^JTvva--}`)Sp_ z+)vA&&5gc%E@Yw(49 zc3r+xMiOfP0;nuyG+p<8{WeBkdfotwur{SXO8O$iZw5BxL|p_b`7jl-J;B2id%O_J z+sKZty}x28z*F$j)`)U9Y)c>1F<*HSM||jP?DxOnRhq23z@(*zKTdi-wQh@>-Ylmz zw`$N4@k!H(`0e;@RVobCxFm+0$5{bB?BgRlR63Nq5i_*daV`?5ec;H;$I>M2Rd>bc z`9x2uPNCmW4l``m+reCXL6XrLAH1Ds_5OU8%z3*Do_XvUij(w-Tp~dx8CN~mMU-*4 zXZ3RI!u?*Xl^;x3cTxF|x9v)&FCNO4e8`5yevy=~jg_Zt@?4{)i~J1Wt1yRQt$8?o zU7lx`Eypih8!d+Fix2>GHtv3k0Vz?VNP2jjq6EUrvLU`dz5kl@ivOYM zoEz|1dcTwAo}T_&fc$&f%;tBF=r4Y^`h5kkNd3>o#o@3qwdifVnoff*Z)PhLAAeK%RtI8X(vQsHhP(}BUcL1x(*g0Dg%No&D^`P?c+I)g3ng<=D<8+&-fbtmFuL9;sWVWew4wE$10pY{iy zRCJWqr^XOsA4k2GR!{xenM4_+h{k@xCWDNP!dEa}?=Uqo$uCVQX&+b&lAcSy$3BI* zmnG6%SYGSwa8reZ4yYH9Cm_9T#320LOd%3Z5w2PS zQtIH9MdZ(vOgd<5x+EIPw!)$Z*%F-;ISzkNW(}yk1I-mpYv<})+OEXsPd)GObrYPU z{shCrhoF}+cXX?^VRzA)Lh~0V=f~R=!`c)=%hWFp)1#a7z5O|SggXqheSO`%;Tqe0$jo{JeYb@BjYp#M|+5^|t?j=6Sn|IX;hmf71WK;rJq{OAHLO<+IFQ z;Ylj+wi~i!pG>%o?=hh00fxjX4F5-ZYY}!)smX%?C6jtQQ`JO_vk5o>b;~$y zns=qMz&Ux5 z7zDJLF~yVg%8W!49O3N}rLQp>(;l*~K-pGfG$r<~GeaAlJ`{zCiC{~ypvY&>Vm;^d zksKg}!H-dl)lcx>h!G~l=DMvB-<}e>!}&b&N&AE<$>$h$%d4m@g_a}Fv5EX9bGS96ZdOzF(>IMU4+y*$w)QWWETC8?*;6|H`fA+{_YZV zTAcQ#*M7yKdDMhpsg4FUgEThhzCvi${|Kfq*l%g-uoBviBuB@xp|ak7yF17}6`rRj z7N!a$Usz46tr;+DoCUiVF+f5x|Ill4_+r*2W9%~DjwCWe)8PJTojD|uNP@0VA@6GK~v-9QFcIC z12s+Aqp)9t@sK&w${4F%*GD0yq^+oAt~wfEkgKb#tSK*Z?r!nGQK? zYllY4Q8Js)Dt6)TwNYE&6=DfyDSPhzhT$7`N05(PW?RS*W78}w^JYDFRph!~F73zf zfB?KHW3Rh9t51=@{K#aZXuUdLUl*%~skSpSo7SUR2&$}WjYRRQcbD4tA^DK0Nb*Jk zec+Mr)|WHr+=a6ddnSm{jaO<#T3Qgig%Xv5O>jju&X-Siqc4{~vE8n>HpHzDAV0fu z{zR>+iYyYwCEJVJ95$b0?`88U#wo1DQyc23rif7h5^4zi?0#{=a??I9JZ)(F_+xJP zlb2cM(xoXHpg(Q7Los`~CA#}#$-(iMs4 zT6Js6OaYIp6({Dhpp(adt{31fiL1FOYGUg_N~{FX9fc&*CQ&V_{|gB<*hS%V5!S}W zQWTFe_Z&+GBFGDsKUFj|6OrJO#L$3X5+n)^E@NIFv$L|FE*~_wV;eZi^tYo6ReX-t zjN05IA*F%;`z(OyP%CuWuasU6OE^HJvC&u}xaRq)dfN8^JE!Du&q(&Kqx=91`r9+@ zdz-D+qktD8$It%3)epuZQ@v5U9NK=M5j*ArPBTR=^~B<13pZm#l&bnm%IRY{qD1fM#Lo60@PPI7eEu65QCYVG1nK+)sQegj{Uq zI?Wz|1V)19SJR3s`%ph#oaPL=Hn!x*D<}U%G zOF6}hSKKHo-K57tmL%q7*|{AGC!Szf|3`HG{9$adMu^^^MKzTJC2!4%iq{7$Dl8w* z7gTh0V62$rVMbqEI`-m25;CaCjfqX4baEE*N=vZ+z>*N_TQ13?v%op?OoFlnWZ zgcRfwJf08|be~8sCRtdl7klpWEynx=q?H)#Ix1`% zuwLm*v!LDP87H)XCi!2_s%sMpdCg)LF`vhI`A^Ej$eW7h6%Z!Bukc5)&xFX&1LyWJ z+3y5S`fE1=mc776eD3@kh#IgaV-{fKG)xm)oyzj&G_*Kdw>)TThM#++3tH|`8Q zY&C^R4;Zfxx?BlKp&o(`{i3ClPwN7~e97qyqUl+|0BF-x+B)4CdF%CWpD{|Z*dV%p z47fhyjawV;?quS65Rm&V)8*&Zhk|8>tm_;BcYC_T)2%amEZNI}*I*LjR^a*#LDS{I z!QfBwi9xyGa-fNN6HAZGs~z(B<4ue4D{0G=JRGpc;NmJQBN6KLp^oNBL=VNZJWJ`i z$h_`U@Ks+!&zGJ3#uZ?VN#?@Do~Phq78Pg<6|1gf-OWy#iu9 z|0PgTD4ayk@`sTJQG16~Mls|Z5=Jq@%+!flEe8$|ckcViPI}|XJSBa&nAMrs4t@1` zmz$c6)E?cO0^1zB>j@$0640_qs$za&Id$^A8bf5wf+-Qu>hf9_F7Gcw-TvplfpGQd zIs&xnN?1AQUmpKYs4zAjev&dFE+nd(nE5S+mjR&(WJGtfr5$;zx=qfI-aNcuqf#Ml z2rJ~)%!3Hd+-I{?h3`!=P1fNwD~6sW*w%Ao#<=4*2jMRJGe0P!nKrm-Lk^(VYBI5y zwSIB~h5o#F-O!efwq_G$Aaf}WwI?NKcJdwT?ms%de<$ZN_f-ZGh`5fDw4lxGTpEMb zf3k!fog_7dnGIVPp)<*`!%exjg zy;|h&$?8B)THH4+?z{gPOga6Z&;MQid(=Hk_bcRor@s7->YYAnan~Kcqa@9`(c+?W z&kh6UMuPLA!CiUzBsa|cR<-=^HE!H#am{jnm-wyvdZe23Asnbz+<~0J>Vi)%=7qw4g1<;U>uge0^-L?FtSFqia zLh}ILe@t>G?@yCVfx1XL0i@*r*){2%t$8-ZP zu#EV{t*3(TtN6ypj1o4DppMSBD|J#K$|Ne%)bQQLI>DBFXv*{R>FAYQUuTMXa%1aN z#%Ri@^}hjiS;iXtXXBjlqllsxsWiz`;tP)|&zen~m^uXggvEk8cL0*^{{5E=|G5wj z!nmuh){gBpyWOu{#@Y`tn|0_nwh$#-Qe0T|6z!7mTp}H5ljuG9SE{sllimHb^br^l zxnpHXC>6>YnA9I2E|_H%@DlaRvm4&*G>`RX+~=+(EP4mI-!#_=8&McBv9=?DK8kEyXM)?82f5+Dkv?zy9F@}W9C3Xl-?qB@6n{h>HC+VqN^pM5G%k|gl z%#He%eE3rFs*XpFU*~mw#@JpMX+tNwFF683pjO)^I=`N37MDs@;U2`qft3kavd&evw~HQ`7l`IXl`+SI8u02CSu zA|NCjMEfTp^-f-bSRSTFp96>dsHu!FU)p+)Cva_rUSE8~gxqBp^V`<-zMlmV)!I|1>yb34fSgJ-W56g$APAWOXIi~Y-97vBVV%L;q!FpxWPw>;nsrKy z#P|@oLWWb0(Xc?PrDnxJ`#QZiaFkj2>=qOxLke7(v&pzhMibqH1_C<-U1J+GJo?Z& zckka8>TfMhr6Z{LJJ{Nm)*7Y z0dIqk0&uBI)#PNvf8Xl$?u@198m~^B>yUtf_tG32+ZUO?>RQ#9=StR(a644dT#sX& zmK4A#a~5zvzuOx-{TJ%X0%i)G|mvi$1T-AxA@c zuu#FfQ^DH{%&Z_ishkGWVr?a%6-3Z=rjCqt(LhG0FCTyC_FkW7CH~+`KWiYQm0$ad z3oueda>&%c_Z2q!h0tX(oDz~aNwmwe^vtVEB}nH^q>LYX!q8vj?z}pf6UFy!Bigja zPP>vdb`!HADNAJ+m}{bbFTq&G+s^t(ewS!;Iq?|fj32*VtKDcW3iZ8&rfE-{EWfyC z3EHVojde8c^}iR$)yjCPBC)R!bNRTZSQ2D*#SI zXlSrbQc^{)4M3AOYB#okmr5>3<46 z@qrDBe;I{*5dnuvZ-7qeNBMzwoz~XokZWwzL^J4nGP0x*TfGEhX!vLHCeL7s(u*Agg z1-~2#z>@tP_Ma&lWgM-jom(j#KZS zlMpZqlr>z30C-~?(d~0T`U^F)`#tGw@LGv3f#*$TI^XBDbbEBT?{$Z~CS-S>DA%qr zUO$QiR)W(+gmg{+!*H@SW}i~I2#Hba$zDKIYD1JW$dUE(h2wbyKwCmJ0VM$3JG*jO z+&MTjaMxti>}BriML+{3w`d470n2c^hC=&!Q%gMBegO)ja<)@i(ssVn8TMqHo9MkL=p{Of91vl|9`m1| zRel#6w-suDxkG6-hr(Hld&GGkO6qQk^7YfsVGlyG(0XsqJ|#@F`N71cmp69ejb4w= z)-4N)Caj@@;)rQt`BF1A(NT=29Yx0*LjFQ-ADA;qaoQ{Uy{c7Og$v|@G_7}|@C|Z~ z=?@}&rURxzL*}V=l*1F}4F?olkgTm@dS}dbuIp&yhjGK;8h#Rh8w^T*UP$8oCb?Gl zDw7Tppg-V^Te6MC)bD&95C`HU4RxBJ9)tC}Z~zXY=m^Hj`tY{Z1c)}j4`7l?H?F!u zPR%#w_t@G*J;c3k==6?|Y$8+?qqyr;6G&}xIhkdVGe@mC8&-L& zki=a|0?zN2Ne4V8LXSiNA*Ze*4m*G{r$Jum+@XaEP_-B>g?pWdF2#&(5k<{TwOm6f z3ulkguyn0V&;{l-c)~RPROor@X}1rv z#PrTzi|)^O7{_4*c8=Ajx$R?sKzxzVvDaupf>Fqo4*Z6R7`FBTl)tkOtgwNxh&^bY z*=fiIzRc1D%LIWfLa$h>@g^YJWS&o9ZAC?Q8ExM=nF>@~g)*yldy_D&J)Gc&LB;YC zhm}rg-u)9|P`N!K!ci~8l}g4c^RPQTJ3%LiaoNRQ19)%_*9)dDGVqMx z2CgM#rLSjp44^jdR*)dKi!~NpSpD1V+BN0H5da+k0)Hrl13dE8#gTPjjv&tev=0+x z3G!%qRUF=08RCPknYgfvii+U|(Qir}6g;2yN8eg}2MRIC9ZZex73I4P8Uak|EtOjQ z)+VX?7Ao`>Le3nV{!(<%y%UxBG<+4%5~(diMd&TbQ&kZ95y@L7p{VF^gmnopl2(IV?o^eS^Qu+F4 z6)|0)p#+5pX+!t{grZ7F{naWh%P0fK@$xx8IkpEXOk%KS)<0yUjLVdZI&D;;RMH|< zPx2r>wpL$yMqlz;Uu$I_IrCA_C8L!`H@xvWMtkhSd*sA>0T$De_Zk0U3v<8UPtWgj zV`9D^3_fmszfKEtP3~fCV}6|eHGUrE#>U3}j%k-jR(LtjolHHrW`)v;r|?ulnng_sYJP!kTWOWUuoxg z&R*Wpa&Cy+9D!t+C4NJenA1Vi6gC4c{0y68SfZs2I?~zXR24qavb+S%*Y8%W!J>$N zkq5{?*=P#T$Z{5x6)P2hs$dQvoQ;GDau61B1foI*H~Ia}89{c+pi5oD`v8_!o=zs1 zlWz1=btRuI-?o0G4jMU*KLUVr!C)#-LG7ghi~z<9L95RQl2;6>_UhuaTxZYX*A5RP z&{RgHn0!isOcU!~BTOvMUY!0rU7kIkW#g-j?M*1mGR1K1|GeqtKuZSGimp&1F18f0 zLGM&Fnl`hf`P@6|eOt#_J9PGTi?t2#E$#1B?eBfu+ok-ch4XXn_8IkRSEQ(tk)3MQ zZws!pBGssOVqN$}_jWA`wwORw<_gP_0#BE>d=vypHybS zOJk<_8_SX;80hVq_DzrBv-R|zN3!C8ZU;liU5=mx$j}rYX&p4p+89b@rQ#V}wh$OL)@-N9;!N@C*U!U(mBWdMa#ah>*bT>Fbpbi~AG5sKapqcHd;{bHULIH-n z#TWSQ9S9d`m0R&FJuNO)G4rRZ6BIakeWo>`JXUd#%vA>ud!t8XG{j4NGg$#Ku#dhI zD(nH?ZKjRTG+=B&)_LwqpR505@B(DUvSGVNn@61$)poSTip|Zlk1elL$a`-I0>%&7 z&_sqs^Uo6UlzMxR+k4TmM|p18MnQZYtbH<~YefRPmAjc^Oxx|24^Nh{fu5utwD(Vw zAWa~{K1zb&)$tD_8>sx{&j`pZ28VOX`yH1h40Oi%RT)5Xk*KNwPhftE{>N5VG1-v` z35pKa4ywD|@CtY$E|s&JG~CRP|EQTQF0U^~!2K0K4_8`r&zkEp<4F5?)Rik*d@ajK zk@7z#9t0B=U?S+Ta%bpP^|6cv2rIk|wF|qAzl0UkmmbPZ1VGLqqI{9T)w7LiZ`7!~ zk-@VD`;BU5xu*4Z>eO2vKG6pG1`?ngP>N2#&QDi|CE~yl#p)Q#ZP3$ zTzac@Oc)6^CM$KgrXQqMR8Qw=5wQpb%rZ(Wa&los0QO&9QjZfbUrA9vfmgS0)|0CP zj4YXH0qJS$2I6J>LE;(^CDFRFsYB@0_W~>(2xO{-UTX-v-3DqtVLU{#&mW-jT%*HI z-6et<>N+qvip&_>R`i@=fzS7J9g|3Q<22*&o4!sBmIfB2kYwE^P4TgRK{|lslv{U# zx1l#MgnXy=YXOlOPl8aVgRM;TyQ$0n0)pw-7}cc;qF!n(u8QcS@B90Nya;0#Sq;uk zB(+!*%_kfTb#rd=MKcC|t?z}#_?lK}Lb{>~rum}HVv0cuModMH2HWr)ZN65+%LN3BNsi>nYy+^8E!YX2)+|;cpewOP-Rs zMW<$(90_)Vbuv8gSrcv6_2GwUJ8HufGtcj^r-GF^M`!MwTLI*UPlq-izPy>1H`D2K z+BMfRTM>5BSZ$9ojfv?SYi>AN-L1m>+O?g>gWhh#wQ7fASnSbw1GLpwVJ+^Mv^3|V zo9ApruepREZJ=ey_wQI$ci;5V^_(qa$;h0Ume_3pwH|Fm<+)5}VQ4LEDcnQmpsu?? zw;Kl$ZvqQd?q)~k)O6&BezZXlonXOdmajfV}W-^js1m=-Od@ zK6^`EkR!lB_w^?cCx(`r^TFy5riq^61Kkr@x{3X`pE>}Jky%_xeJU-OJDEr?zvf)4aVs;5t?0k=kC+|>`E$Uf}Vh~@3->782}w=NXI%BQ+yjJ)Ubl9}TuSO(4Vi#Hc%^)7>x zJIhG$VMjOUWH9fgCBKG>fI?P~Hs}__otXLBnZJ>pS*`$^i-`u-2G9yRW1cq`XK%3= zj~_^WfRyualD7Ck$)>Os8PtReij&0<8Qullr^2AF2&~vn3#)8~DV^Y<5w;Fex3tqx zp0GMhM2nM+0S>5I~ z;C3ZckR{VZ=_zrCSm0@p%j#+fEKC=1y7RMly99nmCzD2G;d$duqR4 zF;HL!^@^ZCdPzkp^Q|#BM68a!YB6uD?Am3@>X2yfAiH)MgEt`^9$9vc@X)mvC~;4- zPziWvc_2~32goZn?DTyOp_uycaaqDL+NJnOqGy%*!J8jH;@C&H*DkGRuO2)2)E;l_ zRj10lHFl$2H^&ZI?PHC7z?r33lE}Q+gHsPL3$*NQH#)+<-$9F#da2cYRKs_S_ zky;l$?&qfx4Y0X3cMAsSdAmIpU|%#B7ay=09WbJU%}{~u76w=B(c%R{7e9EC?j+)# z`p9{R7HHVE%&ISVskF1Xf_;_?L}Lwe+Peft7X;~A3$1Dh+Pnrw7TE2r|MG}0NKgRX zNT*##%82J%t6>d#PN58S*6u*V?L~FXz&(*N&B`1MgaN9YV%Cb`=h+?NAWH{q<~;Hk zosqMAj*eOt9-k4#F*h{}A%oaczpEv~@{48>WVKvvci-i2=^Yf<=ag<#15H_BxjLTy zotFGTukqdh>S6QsumSrX0+73w?=H;XZD0i7jwJHsLXjtId1S1;E1_9ZWqo+)Eyie8 zE}1n$U+9u2y4|yH-y5(t9i3*yiXM~CzUnfPiMOXlF%GaqSs+eiAU$@a_6rK+C6CEb zM`}oiQixqWDdWjnCAur7J&uYlunCAt4l=Vm#6apg*}{pRp(zVY=9Ta@_`4X0ZRM!T zv2bil4?B-=Mk~>sN%8QUrHNV!v+;f?O0Eny$Vfp;nw#s#C;oNWPWBFN=a6x!YkG|k zz}*REWAcikhw;Ug0^ajD?gWuG#Yyzu2M?K#VySRXM$aFyHOG4spD3^&!>7|Sd_9te zw{^qL7?v9E>14q9e*du&yK|7N+jBd7rkA;*Z%PIwLuhtUuw)-v=C>a%PMfU)tFthZ z48A8cb@7llY`&86s;9vt2OhQLdR5J5iOd5Wsj1>ibz*6FYNm8dxX3*2EEv9pb`r?I zz)9jq4r>kP*n8%;rv`kkSL%%7C)+#GR}EofH#$ZY;#yki%e>jM0Go41o7tTvW=%~- z#@h#N{kOWgP_g2RkP(DMr(OKnq4_1TKRt{CB|XhDygJUIhJ0W%1mO&PcHS-K0o@y8 z>|^xiIpW@n9^kh_%ar8&*7P5?7mUF$CLzVN{p-$9T>^1?Ud@}BwF{dtR8v+kF#%tE zWco&yS2*X;9n@2(1)re^FcLbzbi;;&2{3Cbv1@wGr%RikaiL69tEvn%p$jw&TxMlM#A0^`nsik2HU60sj?J+Gq zOJl3Z4$R1wb@eP-*_s8QdAsibU$9g1=@$)b`~<{KTvYROs#g(0;bB-yN#V~(rOarY z7*?`eUV9sFW%Soh`8s1%vDsk{@pLm5$P;+W?-W`3&bILdA|Wnp=}GBp5L$^KsM_Br zVAe7$-#$jRI*U)0_zJxJE5={|nD-^ii;Qa4QnCe~kw}}COipaz%E@nBX2p(zWX@7v z<@;dY*is0BaRWl}x?qU-fb?x&a~C~Lu261Hc?l>Wov~5GUJ+@Hw0Uq~Js}vC7zD!! znTDB!*lCo1%9U2J2o*=RiDM#5@`2?81H9XA_HQPMliL*k2Lo`|?oI6l8IFY+jszMW zLqdM&j;Cv>X%+zVf)CV_lCNOtO>6Gx4YCOFK4e_0)c*eYCd{7d-*S2&AgW-F)CF_u32e;L?E%paAdF(V}mdM9d6~;!YJfh zCRoXnjoEF~KWXoON9y#uG4;3e5(hEe`fA7Px<#_s$KCy7U~PlEZb*j)#3CxvDb1u{ z&f0B<*Po5xFChE9$MS6+Ywp1Meh6`IR^tc) zQ*UWrWNbpTlq8d4dE6PiOrV-PVYghtfyNbu?Vz@lutUW+-ECq7^t1}|{67 z&ji-%Ysphmfr}7I*dsVzU!!)P=4+C3WfXv!;e^PG{9-D!y38|~T(Oi?Li23k68C+> z0zl#i=vZhZfGlf(*>KPV_*Sm~PK9pa+l90Sc+l6wOetEfF}a6pmjYBNbLD^qy>IGNRHjp?GbfZT zt3)H@+PsukOpqk2l$oyEGS3zk9spZOZHUGZko zW`<@f=FHVz@5$F7wuS{(ngnZ}TQ=UA%0L(DjFp z>UGqR(F+YqjP=&}D!I6XMsQM^3H_xO84#X?3C&CIUFqj31QH8icPfD=pt(=DkxQm) z3>ABQ4YsST0At}t#uUQmnrw=V9OK+}m~QXgbG{OZ_^+-SbW zwnO+e1!^w7KysTkx|!>C3^cBM>X`iNvi8Umg;S z@YxB&(mjStqMUjkyI;3nyO2YX+}VmTuPkO2ziCKWR?Zf*P%9%fOt<$Ka}<9x*BGD{iZw3L+kgzZk}v~O@gv!|O0^8$ z`otD7(>J$d<419=<6YeN;jAt!V}gJX4!ak$s`TL6}-;5~3Y zo6mS=V4l_*0+U?1m!v>SqeO9P!$K;UgU6pp1{t7;NCpr@`CqSJp7h)17nNb}JY( ztG^erfZ*;XIHF!bOA`#@@o?)A1F%g1)G)}lvj*-5aEM?WLE|;cAxEM!^&)(LQDJM~ z#OqKi>?F90#`yI_E@wFZ96Sbup)M~ zo0E4_3uKe%v0kFP6yjP-#t6@i`ap#yDPQ=S^VS%mnUZxoXj!!NCvRjO zbB!pQa^Y(0Oq$(AU8lBP!$!>x1{`o=PTLL3GV|X)J~&XCq;p<;DP)ONDV_Drru-bG zr7Q|-HP4TCnHNNsl-Cv;$=AdYDFHtl=0Xd?%2JkiDQym8*xH59D1BvMdogICeLLMd z_S>kjae+JQYlFs&@#xP?2gy;MZ#S}|2DQ*eVpLSOTS-|pgTMjE#m0&>M)anXO8F|N zdmY@f#`mo8bv(}+-&33&uz>qKe;-5HrOB(dR%Psb!#p7nC26O9ivl~lq3fBz0Ddl( z&Mf=M_4;jTgq6BRvyX+dht&>G2fbkO79d^H;PXReeZ1!TBw>XP8%WrUTriZTH#$#c zQu(U$z@}2BDbJ$rBNAK=mmSy9Ju-jtD>ORzdi(cbGVqOu0ls1UV*SGIo~g41`NW`@ zId1m5+ky(Cj=rZnGh4k4?*KU*O>b}DEb(VHEC>~)aZ?R#VicNQQDKD7Yc4D0A~h?G z7o^8QSn=h`y`0d3CPwisSt85SpUa58m8QB_=dYlzFoKuHe zWNp5Fyfz=7-GT)khx9At79(C(oi)lgp9W$2V$E288}KOqUa@kGsc`*R%#EP}HoD>| zD}jWpzhvKbo48Wry;F`TJswF(?FGtPE0)HZjJoTZZa&e`S7c{q^hgEHH=pqZ&o`fO zG=|SWLG;ZhzCikjM#)w&^?`!vo6ionb6i37&1Y8vBllTwee>CW0rt&jr}Z8#(7yTH zWwr0Ufcxg7AFiN#bk}<=@V@y(7JT1)Mlp0dzg@^}T!?M`+$q@BJ@IxoeEJH?Z@)WG zV1Dx%skx0`xH~V|V1fG0=PvrSGmwbnixGzvn?BXLYxr*P0Ccq2$oa!P{VJ?6yZOY_U1f=!(kAZ5PGVWJ38!RQ^Mxs}X%=Pkiwf0h z=YriXadIRV3$v&W&uDn|qi>84GQGzu!nE#zk{i%cbu{_T_pwJCe$O+e)=FboEYFc2 zVeqfigo`ArtUDLE6TrIee=T>oZtEX9xy8kxhuQm4-tTRe2cgrRAS2f`de%`=em2tTHE|c1!0&c)JoR>0Zdc`UgBJgx_FUatwiZi9j4P84>H0mpc zg4xx>6E_3H>-hgJ35Kh>#SK$0&7@c=p0XN_!DCl!P}9zZm1x1gASBQ}U~f*(&unX+ zv4D7opRtsvWW{odqCXEpUohkeN_s@(ja;zOH0h#Y5-F}(sUb9EDfmBpKOUD9%-0%R ztB~vpqSj;p9n^@+7UQK7LEFQI&z4JW$+ZhPOJtr`g6s7O2p{IUk)=9G*)_{f6kkqh znXI^GiMe@BXu+p2K>=3SS)N8jl0@){{@~5{EqBqJv?<2=opoW#pWa1#`6@9JCJ;DdO1THN~+~#2j3u&f`B|yMN;ku|;zk01kdbbC$iKeX!8? zP74t8J2jhmCu$f5Eoo51JBumx!QuLP%ZW$&Em_8{5kIGAb*S)dePTmt-f>Q(02HPF zzTd@C7kvSb6Ut5lAQ$utR2FmxYPDUlwbKr10h*~t8VZjTbs#^3o@&sCeCofJG6Pl# zErXI)GF@_Z%?K^$T$dC;7jb979=5i*VnZe>@MHt{qiMAUBX@}>RuV*|1XRqpWSNaq z)viTUij~u4#Zz_?5XIf)CSoyoelg_r0qwh%L0_@83S78efC+6wvRqPg+rfJY)odwC z{*NKTI#P)&>{f#ibL{sMAdJAc>*X7TLEr!n3fF(Fiw|k{*aJXP@10b#VT*Pol?-PP zjN3*u;#mh;CHUVfR@eUU;pa1Q7U*qFTqiF%ObE@eg4qzSka-y5lvA69MX0-E!Eglk zE9Tf>;#e)t(ZcZUk{b;=B0{?%KhJzR1(vzv*&2j6k=i&ZoS77arz|g|2AvFOHVhgX z=n_O#K8#5EAR4f)d`n;*sJW7Rx4Zkrs(L`2s(oQpJv=_u!(vlC8C0$7lMqoQVB(BqgVLII}p3}W!IXw)H(>^hr?hC)^;jo(?61V9g zFq<9{ujyg1nxbX+2gGO^jnDK5*i26pm+4vadDeWMHJ=eEnWJh8hjidW}$2fWt_(qR~ZL~A4(L-Yz#S0;^SVp@h*+m1gj0a;G4aD-KL0Ik# zz%u@VdWQF1h@Vjt+D;WT3IAKqC-=;?aP{kOe;Dk$^@6 zJB&pD+7*xHL6Cp$7xicK+Kxl}*>zpU8&&OIXPJPkCRM@7&Z2sQRa_$o;XVkilydLAwaUw*)J0s)lEe#S5abzOo;agUeEHRhO>y5Z( z!OT5u`1oOGTTe5YkS4mKS!XU`y)g)|v!eIKt^QNx6dFMR2+2WU;B7Lr=ey{yW7W|g zF`_8A(@T~xe$7+C1- z9kWri1FbG3gmWoPMM}$*eCO%f`5V?k)7zP~?4q_l#B)mK(pP^HKk0ACXE7~Gw&1r2 zaH8PjpY+t}1!Rai;f8ggGgh5NQk-EAZz`o_7-W=JYRFhsDc0qR^rM9(^y1x52ke%b zU(6DjpXBRl0^NFV;ZFxYiPM6XLp@`%&Rkx5^T!mSI(&RlCHxR%3Gq<_O*S~K9Y3_> z9CU7+8#8rtz9anQC-bqi?)+)l{Jjs9;Ra?Ixll0Jxs|Pe`Y@cWuJ-j zQZ7rT9KisFTZC8-f)t*Pke?|{OMr+{{2%UaLn<0phHW#`BBKI{ZhO4%DbHAXhp`$R zdI61?F1IIOIPK8cBbt>t7c|5406Wx=GG#bOtL^M(MPa~PaJ6D-V_l=RS68+ z|5`3^Xtk^@7)u8Y7B+=j$dql(xt);A#DP$y?~v5Vq5nc>Yj>$qY6a%eA@!@mx6{U79~gKqX?_&U6H|DECv++&AZ zoZvzFdXTl;q+`=nOD-xTj<7-BC)XP$M9corl>tCR${fwYPRvk!gcuVFX+Me6kefnB zUg$Ol2}RpMOPyZ%DCBHSDsd&`jqt({=6VZPXC{GV9g_E`&7?Kw`ot2ksazimo zc_~;5*`;v|giM=ChgpQ51o(fz%%Tb-z|1oivA&*pw#$l>4eg;`;i$N8G(}te;@XJA zAW^x{RHbCX0kIV}#O?6qFyFI*16i@6K?<-px`7?d%&Is3eTcWBeQtJeuRgG4Nkx^> zzJ1y{>Gz=eMg_f&3wRwB?D}K_UGEg+I-t}lqDz`wsfKNTP*rrTSX2C$H`e%R=$%6l zD4yhJmG)Vsy+4(<&dModX{Zs>GX(q*> z_HF&~iIkNYAc|Z0X)gpO1=7x5y|Hzx&XJx}C4@`8 zao?C})&4dTI^1R$4dkc0{Tf&38j9gkEJddp#FY8oHvpCnKUs!$*uSb#ZrH|JwTAB0 z<8Z#}LFb*t3ox>0rO`kLOL!fD=@lIboKdCEOF3tkJO<-pW2%i`duR^x?;F5Dokw9m z5C>73M&VZz(1gmI>es|vFjLcE#BWB0Je!%Jb=eGQ=f!C@(O99_!k>O!j23DeGcu!5 zOQc{fgC0Vi;r@IQ>z6a7=yLp`+26U9T2(m}(~{8?>Mz)Dqt=a!6fpV4a^obKeF@ew zX1PX9y<}ANRU+z`d1P7+wvIvd2%m2w2J5;M)cm{D6Oz+p#f7~{&}v{-(S~b+;I#yc zEQ-sf;ixeHXuTuLL$$S{hMRM3bxuVN9IHLB^*yZdIlSSb`t80J9OK{nW)6i@)z2=Q zX`RfL*zHMnC>Ue-A)xx3y}v9CLAj?fsIN_hBg_nH59xNHpJ0C*O#in5gp~kOA6mb___x_QHr~jo z=!)bY=n(Qw;EJC!-EX+)4_d#M2=(opfqicGhwY4n4Q<-plL+r77eTmE_~Y6l84v3W zc_v%?+}^5{JgC+zFCxn5JkqAdYlE?}PSahcdSsaPjfr6J_12Ly-3-F(2(yc5bm|gf zAWp+2$5=hV)e!5ofr&cm^yrZ)&N`x_=V z(U^2$F2K<2@?7fd!x_1hKZ&0-V*h0pVH_gNVqgU*8nC_$TpEcGV4T zJ|EeQJ!H&Br_!{>+arq#jM3)osVa|&5+}X}?TRH=pxrr#hVRMnsRiX(SP3m#5172k zI8ja0a>;g;Daa;c8feWjtcb;lmnWI~RV4B&yyQdcM>$b1u;B#b_+RcJ6Z_(?b=uuszXEOLUBUb%}kTlym93 z0eM7gnyjqEir+AVoHq)Zb~Ra{@I?E18CACAMaIY*#g?R3(gsHX z%Sn2oH5|XGiNO}vENH2DQf0Jsm3uoYfDCR?O_3Mox=lM(oY=j(+-z|3E-P5cCE^)d zS5J5>j?zVcVbvSJJ5uh_4g&Y*O=rzyaiV zq^Fg?8B(L9WJ@?vcvf~iPZ82ln?X~{LS}Ngz9>pYQ=^>d63+Y1q7t@86f_8-leWcO zMW@S-AqKV4R`Lds)}c=)(6laOAyY+YF0Jr`*%5BkyNEjw;(IXwoEl4=--nI)KtwIc z0_ux6NzF{6n=H@G6l?JiS<(iWCx*3F!bU=;3^Tm&7>FvLvl5~jWKXFs)NFaV0ovn9 zAeA}gomRdW1K1eg*872M-3M4}M6AjVpHQJ|uMNDA3esxYY4s0r!sp8eLdt01!123N_Nk z7dQDGryU7-IzH+-a(~Ah=?8{3ePB@2$AB}9pumV%#)FsETku^^BteiaSyPTGpoYTw|80wzU<<`4?qa*kfU}Y@@F7z{K5+3CKkuHxdvjtjzi$GgBEOsdLkdQctWuhl6HgY1!)plPC0^q& z5s#eQTVA|z-krURD)Q>&)yd2519fKOs1mB!q-AH!m|k|z?Pp?U^3wkImHqGU$j?2$ zAm`+~@n7?wo?lGOrUXm$a?<3Z2^Giy4d1pj4!0=|1$a>+a|TQC>c4j1*Z5mZ_a{== z7G55~)Q-swSZi~7g{H7mND(uGI{Mx8@p@-B*Ib(W(9P)RWluQR=G0%cOuaE{ z7&R4Z7|M7);aJ3}Sl`gKXB196S@LUNL$WAY!qQ$g0q$uy_uNGRVQ1@JfWtF=i15W0 z))uZL@A~pZ#mP%JA}^d1WS}5l;Ar^WtDPMUxj*lBz6yLxfhU``aJ5YaG_b1!+zXhA zXOx~TUs(yb=4|y$yA2EHGW9liV&wpE3n_BYWFrUQCi1$8MRc!o=gn9hkr%8qo7H#E zoeB$4e23XWjyhOTmf*=Mh>d{iF!ENYC&sJa?6W-)?vwqj$z}gp%AK zz?zFm$Sqc>a3YQM2}r9q3=-MdqCSCwXA_qT;ao3swxZXN0uH<@pmGNbV6L|zKX?#g zVUMF~Zqti_V^EJ#Y8>Z}o7~PDzZ%j}kEp!MMgD5Cu?F_@f7$2#{;KXh2w9sQ0>$%|t{;R25kY;7of*uZCyfmcSnH|ySWV!6iVH^hVcz0QP8 z+38}z1=s6ynepV#p++CKS`4nYmAoN04Ce`ZZB`EIR@6T_F@FpiCV*-B`@>2@n;vGf zXEX9cfm!af?1^}slK&=!EMKD_DFA}p-y5C7v;3(>$ltitdf4ccoPl2ddZ=};{b!jS z*Knu(VF~{33OP8iZH{Kdrs>jr3yVVv*v~#)Ei@%eGj`1~Zx?U{KmuEUY1z=rnVF2@ zQXs+fSr--=-8BpXsr?cH4)#auVSBxlZaQ}XQ=8P=*~7l58VSd6M_Fk*iU}YdEiKP9 zAFbN!k@49Yp-LjdR<>e5aKBlnkO_1CBGV6%^DOfvxCdMFE9t6AL|wf zqsal96Um; zsDwia;wQOK+VqZrmBSM~&6J!NcHY1Ls(WTl?;6#XvpbNk=b^jU*9#*P{PQO z^Aixwvdm^GdY#tD@mkhOZJ#x1N}5Kk)&|4Itc%YjF9QCaxzKw2q4NrGIRGnt(>m5> z1w%{Xie&{USz0AS*fOd|5g_C=RKFpX-m}ev#vUJF859wBqw@uvYy_WM5O&SVH7TS* z{5jzNR4Kj`;MHEZh%!*aV18DU>FnUZsyGK=Hjz<0{c&ySzdL!^XG`Bj*FJ~;c_a9s zG5l=Nc6R+-8>cA7PTps{g;{_(`*+8I8U1%BuTEYbnYDOzY*r;Ogue<5;r^F)q&*;N zfhin9r~p*(MwY1!m$sV=Gf>(p;XHSj^aKu|Kh51rBbdU#fX_AgCYL4qCTQkin0a5Y z(9{{_TE7eAy4LTvE{T@6c8vuuX~M>&_Yb5FTs!28%MJBzxPq-dvd0#=bW8={?Wb zSEA_^Q{jCC;Tm-=$~GDI2jq4J;Wi`lYfS+oZIcoilnp0YlroQ9dvh2_3Eys57UMnr#oOcD#K%HtGC6gtaCJT z%!#v7OOJufXH}8I*PU3!gC-xGZz&791bV&ev^U$U6Z_EOliQ;tQdVLpYSHI0f7lr4M{9(G$`AcUc`sN&C@UA_=UEu4;E?PYSU+nb7$|6U?h5nR{iZkdT9Vg3wS*K{CDZgXBR+j`MvwV!aa zpZeHu^fbPgi8Y&>#;d|s^l^3iJfhB^fQfFCu`sj&S#OZ=>M}!>k*B*4Yhk_9IztP`3l# zXyM}VBZkYbZqbJ4*U?aBxoUT{T==7~Gm}=;{62&!D>Z@GP|H%Dgbr1=TouKq4-Uu? zws5FODP?yeN$d)|yDjdF%>dGYvmR97Sj=r3J`kx<9KfF7}VsdWuHSkwB!l1c*?-6n1Hk$x^-_65}E3b4#vusV+ zEd)+n?<$fEnB1LW(fX}u_Y>`CN5^HkgF+jn%i3Pz)L7qeQ(tWvL8}Jq`g#PFvxe1=zq0?6S5KSKIqgfxhRlV9OR|V|b6qYCDB|^;FF|)avC5q4JjhZDg4^d=$ zG?7t;YzxqTV$a5J=#64H#JL%w`MPU9F<>YQbvaP(U`%#Aw&tR{7Cd7J*wv_YV2>3L z(^^*KhGNtl@Xmg8hf7|(Chvr*N>(GUYnhf)L9A7%_a_VPt@MO%B+t{{6v( z9NaFH`H#>Gbuc4md6DsiYaxNj~kjxUvCdb6(klI0fNZ-tVLubb@&Dy zfdn6jyOPG)f=Em{o!C5BjGg4lH(-dt_Fx!%?DoHx?q(tQ5pp zGh`%nxb_@QURl|Y=Y_<(ht;nrrZu9sH>}=I?}+u;d5D+c&fe~85nX#&%7Fj9V&v?t zW4u8DrL=LcbG+=2PILMXDagA&U)Y8QiVHkBrZohfGxZD9EByB$jnIEoB{Nddodq!0 z(5BR7J|}OfrYL+N=d#i_Tw_LnngdQBd^K8p@*R(onSufLR+VWNlnlM0q-0u&l$B!S zmjtBBMpN!p(Hr&c*pimXr9TrtHQmHS$zIr;p z@M8pH8}MVKy}b+2?>D5{I4Q`-Ky69I`w@v}4iz zMa^|V@+#B37$`*or^C=9q?P+>^)vy5Q^RG^(wx3_$X|oR3Y6X2*as@;(liAeljQg( zoQL5SkI+0X{Lkn$WYrxZ*@YduqS~v~SsQ%MC}4%y%c?-aDSv z4kCz6tHsOS*3D`8bO+HhMid;DTpW|{ec|(`vpY#P?eSaqjFN0jL#>hxd~w0bYo4%s z5^kW29fTYB-44PH#8KUcaC2`eR{BdlCd9_?juMaRpE%*dSM_nR#36if?v&DI_X>(z^f=VXmVgVsVy*A4JC=4?b=l!^`%?6---(m}GeWmyXMpG?fb9 zF^khU?=;POkZj4*;ibcB$bg7BtYUDHc5g|viUF-ORSf%?b@Tf08S3mD0JiD^W}5Lb zk$MJpFwW>yh7-`1t7Weh+up+NUn~kwi3h>y;JT#jtE2UKhPpd z-1Kj6h?V|hYpI63k3tqzFIE=fS;7SFAWvC_HY)OFfOvu?o0mauKACe}vw6idmKm{y zH>DtnO>qKYDku*VDTE0k6YVe~eN~bdFJ8RB(g6SZum4J9NhnEK!t?DH;jMpp*@H%I zp8tOO;d@9FD73kO%;;G+^(Lt7G=dp@Y`0$=*I(p;sf|*%Gt9 z^xUka6m-Uw=^hF&*irSi-!kGlPsz}?LW-%xR?C=;I?y`sWf&-Rg~ozBD9G5e>6!Lj zw<~^e`<*i(k_6M0-3m;7tpwoXbDOeTUa{2k&lzM^s=<=;#1-D<*XYg8>AC?yVFqwG zn;lwwo)WWj@${O{_gS6z11%I52{nQ~l-iYmY+ENqQo9;Yq9m{#p{23CmZr@IuGp4= zMHQya?LGU$xO>)S8)pOSj?V*MulPL1C5zA5Vl(|ZIJBX7_3@$k>p-gMd1ftG`WvzHL=v>LH(%ATzpNE_o z2IdOG4zc6Sh5}9w_ad_0xK^TB+5T!97wsw5n`3(1y2e9hp*WM!7_uF23VIkb(1VzO zb}|1vhUq8jxb!1T;?tlE_XD4l7y?e#(mP^K4vFC^3Xn3KPQTgsUJ5uTipLpG6emY- zd@jC=-8>VTl?$4%&l8$u18PR|zIIF> z<#bo(83~FTT5~G`L1B2G&k!-H|1ND^NEH-(l)|m{#N6)g2LUn=fIk8)KfBnTU2Ok} zU2OLjo=~GW(g2ii3;a4TLB#tBTEZRfC<8j*;HkEy=X+0ljX-rC$sr=Qdb~5U9x%v$ zOxcTIYS%vrm{<*6)x5@s?g$$*By#To0%dRwzIl=L^VqXWfbNT8AS zT-NsIARf*k=z`F>C$AW^HK5M5%=xg+4aDMS=oAh-&xIT?1mgoj4V2r)Fy@J^6gsi7 z>>vgfG(okh;{Ef+$DF%5xw0>j4WIbcg4PTErK`wA+tXF}!j%=wDg5)jS-cKx(YA*x zVk9@s5MGUyxzPkBji}ax>mj5v_l)pY5=S+Cpuo+iu>|K04+~Tw@wJ{JKy2!#_P)c} z#+AK?>Bjjr2nbS(=v|CdO7PiDHNoe;{L8!gl_%c%+!P`rx_tI4Kl_#YpL_Nz2iM-Y z^&W4#k0aJBG|M|L^PD-E+)Dh;fo#3UF_&rC4CXnU%?>e~r&b~=y_o(RVIq;e#n$WR z62@364T4c^Ckq|sxf?Gynj;#;pduLG@clf3TRYIh_q&NTQH-w^cs#^nU4RSSP_I$0 zao;PF@tgxrP6}LusR1t?K1cYoSyEIJ+r%tqxh&Tc-;DXP(XM?10o#+RESb>RdKhh@ ze#Xf|e$qpzCiT-iQ?>IB%)mkIR1eLn`a|dH$NNdmZ<)9z*R)i_6h_92KqW7N;4-vFTuz2eT9@hL#^x#{o7;;;l&w{|)!g_Mpolrjx^xG5uhCKRm$aIfSLA7S3 zcuoGt(NF*U^Yr*nM@N5oG5zqPk z{)?#cEBx!{qrb3se~oP9`1nu%6g9ktG{%LV%5sWJ{~Ca8BN}lFw99#^@1PpG-AT~* zKe&cjs`~n9-p`T&Kb_Gon|tMW_ck?TCPcIEne##0hI0tD-6R+ zc^6}h!c1Z*ukyViCP8cAYTW>Ky~V_L0VVb|SG|QMSEv&C?om zj=p|JCC<7@xKJJ~K^e6;W($(Zgl3++8bT8g);o8OW1NGAyiAWMWr7JcQy4zN6Q~LV zN-fYp6it~1b9&43DkqgPBb1`~`+9&kuAmX1S#beBYAEvkym`gQg`)~$%MO5JrOb&Ev`{MvCD{{N(1h#W2y|W21Zr}F0}n>nJ)Gp& zhSZ1q+)NJBt5R0W734eNTS-P0rlWQHpIh6tTD&6ZTF{&)zP3myuesvV`iY>wz9~|2 z?#o4>)9Ot|c}|WLW8|G9cl_o8bqus>_D2zgA$HQ&OcoX_(phB#2Yo+0jit=iq4pI` zGz8f`KUqR-o2ymCL@Mh@kIwc^&(Bn7jleT#3vR#{7ShurEBX`M*`~RB1eCA5=4nMU zymfk~^ycCWJLAihp58F9>!KJ?b0{}Nz7_P#6#>;XD$3kXy_GAiZ5bzcL)QTRY6DCg zVJfcv05-jl-Iq@8E;UOSJ(E0zcn1~flxBv0&%eB}>4v_cI1R=Cg3XXC@Wb%HtQIg2L3={O^(0>iijE$q9x)E_pwd$oC?Bj zxdPZCTv^x{YNPs{tYbPfd+i~t`l7T582q!0d?Td(#uK*-UId{=5_&DUD=ca_fB+Z6 zK;pXHvH6fDo%u`2JxT0yzj$)vLr@=S9h; zPU6D11}p`(;F(*2dhI5jlvfnh`67j8Z9H$pq1y_VH*=RFspTrzST!RbL1fDMi53Hu z&{|Eu$gNYl3ppcs4|co`xk%;EYn)DL<*(LDuJD%WM0ZEChGi<0VWnk zUe~d)Mph7#Br7VG%!3ACiR<~AeCL&n{)tP!7j$7nc&=en=0WsYGZI& zDGX`)GNSW{SV{McbWz5+Qrxp+4!3&@KfQ={$n8Q6br1IDvN16}V#?FW&=f?5@QsH5}Xh&!PXp`Qf3(| zVY#gFV*}a;YRIA6F)m8LnajLpCD@G@B&kBQUKh>*ral*~+16*=5&h8_)lS747wT<5 z5NOUKOEVm!bqPApjPwu?jUUU#^{Zv@)+e@zTLQ56g+GgHAMfwR4`+3Nu2l;nA!XfT zsi4tJGZ1d0#}Klqb(Asvjtg;tpkD}Wi+g)F7D3R`1pPSWa|wSqnZWz|=gb_y8r&;x zsR=H3*hfp)VNK=VL8UJ19CR7n=B_zCKf{s5_xm1>_Sy=2dd16hTF_Fj(ZVxnjLIjo zMm9e>`emrTVE8n)5|+d{4G!$g?Pf$t<1sZV}#wBpEi^vwv=O|d9Em7{+i*Snh5}PWH zpAj2&K`SkDs(Av|I=%>;X1OmT-wOW430=1S_cqm!bt+g==ebATgFUd`9X(0~?Jl-u8`k@7Ql6$HxWku{(Q_ zn|AbPrs*;HtZ*wlSNDlfQ5vp=F+n9avg6aNSOqbSu zWt#FKK(+93m&j$u#dWWj1o>5)HhjLCB-nay`ZP+RGt@M6<%9k_G+Nw%A5NH|VN^H5W!O&eKQlHP zwAJ`leCZ23yGU0EwkT77TBCYbn(9h55j_&{KtHfY((mg%2x6E85X`184CGcLiUPRdDSUR0U|?8q{O_-kt9*=Ya* zp5#=}C7b&0r*&@2$*5Z@+NMo>;`#GIdOk?Q&nHVQn@7ps<9$bItSV>kbK4(RMCM#; z=7MDX(U=gf8+q#Xu!9{Q<6YUUuclfH&(XsGMfHX&6pIDnd4Yu-;LuKOZkV$_`w=G) zdq>zUcm;4!zgj*r>UB(Zk3(N*5UTs31&O0`mXW_#tXvZ#^toJtH~|f+kt&{I{)6-9 z+=s;o969f9jo=G-N;_$%n~gMa@?a^VY0EETDAr;KVE9QC=&*ZEKfaAW+9Tr5$Q_s! zA*Yr|+GdO^=)VD8;UoRLftg&f^~8qK+9J>PZ8=~$%CvsPUs=m-8!5&xPl<~ z6fqninbfYY3t97f#1%OcM3#2Rb|7urEq3UvL+LA60pOPsDfDaGm`P!S?)%DV}p?E=Z@jX?iphN#Amp=R`YE~ zQPDpctsU;Nhn!@15OK_HUUJCknIzQ8jB0^LuJS##NaS6J@*h}G6J`hQ6+R3xua!sjF2yk zm_%fFaFgB`gU!7^S-}gqfL3sPq;Msk_*g^k6! z2>f{y%z(E^>>-YA)DXrj-JJlfrZuOS0t;u6w#TS2wRYav?c^s%ab71+GFgO@S~gNr1qtXmqnmf<1y zw5mH@%k@v4oa18leY{GnrMQhDLXf#9(dZQ(G5bgvG)B#w!tV6E5YgA*D~rzj`o_L2 zlBQYgJ)f71yjf8pSQdcdqVJ}2%v5WdtdNgWV)#QCN|T%>D=s{KpzzSfxS5@e z_FxCb*kA9Zu&E{9urg?)-f3?e9vpP*_jQ#r%OqgoP)&oY3Eu5*y}QyXIm^Avjf>#M zW%dW=CJ*F}I~O_4s@{SwO$_F&5@uQJ8W`{25KYS^)21CFs(jAMJ}~C}mPxv|B7}`O z4pa~%pWLq?PXff6g&YzqFxJo2JjB9S=1TZt@2X1l3mb9832|?J{PAOaF{#7)H(gtO zBg-tk;c5R2A^4FTnTC%0NFu_tIjZ30J=MLxx#4O2Dh?1DG}c^Or!ShdC1!C6Pnpo> zke7-a!7us&2HtVR6oa;*CPqHzqQOsCUz7LsAR*t>eS@_+!MAU_Aa5?t-dZ3<`{RXR51wkE3G_DJ zQfa@=fvFV_XCQ36GC=8(757z3v1y!5|Ek!T_Pq35ng6*m|F60-|9uxdUjUlyovZEG zW;P63_CqTo#~7+CR|`ZAb7ova*8f42+1@&@uo9v-VzntLV^a+=**kl!aSw(d5| z!85u{SZ#EF%hlCgPwQ5L&2#(hn|H*1+Ei+rN4T^3aW?4wIyK?h{r1hfjbU#nyQf*^ zv>_vTJB$E(sz)pboO>g)lne`71*1)8iQ*oHa(TsOTm~To_f|1%nXuX+oN{&b1nu*i z3acwn5mcC2%Zl7s0PzTA_>vc|$vdH{lGO!?HoGx$>|Ru3K$%ysAHbIXVB|nzS#3c} z4SM#z$ig@H|Fie~&u!yKzVGMzD^S^273bEHleu}bd#S72a%^YEZJAuO z`3fqp1~}wm*Z!?fkV4Kxb>*iY@j1_^%$Bv3*i{{dQ@O^# zG4SOxav~(On$VnN%prW)-MvKlyW{r$0ZDAX7ePh3PuU1-3y$+z-i^!ZnB%!QV}|5= zdpg-;A6Gnu0|(!DDzhH7u@7cAYM6j_HuI3xtGOpO)9ogxZe0y2acen{>yNAuJ4=69 zP2)O)Yx6)T4mnY&CKUNoQfAcXb$DqJDX7^N8sgb)nCd48T(vd@--lDnzguj5KItN4 z0H8U!&bh8KaAOQxCUWZ~WoorIAXBa_95Xgzes;BOY_7^P0NG)E&v#M+UB=YCsenGC ztwUqN>)q;k_c7=*_PZ1sLSoiEo9cczd_IK3_xbR-6T33+NNdlvs=?TNOLgiS67ro3 zH3sO_hQF?N#jTQFA~IN=hC8f_VCyW$VP~yt@02erqT|lj8&!9rS2-Mk)m}fo+r1yS z?RxaW?o-=`M9k-yL1yOlD!(ip$3++Gh#EsTbFC(BYX*yXdnOxqZ8VE@6*UxV|JcF< zw{-UL>iqKk)o{LvRALw=%hN*e zyd9yV55x2oIwE%uf+S%Uo-3GKEeer|Y5yG3J!a`Q=zTw+gZ6}Ek&2z3?N6uEGdEk+ zlz4qccZ5Mcp;>uQsd#0o&}sl&z-33P5`Yy<&N)V%9a>yI*zE5rDf_*-S(c`H6N+{x zqcD}J3Vo3_(R62*%Xt}G02 zTV6b$w$R$p=oHh#NDD<;NWS11n?eFro=;VU;%09OH&zW%TdX?O{I$+|xc93vl*0!3 z@ZBvWCWh<9gBeauM_Py_=IGfw3w3u9>xiP$@P+m#WWtgi30x zGAG|%T>Bhfp-BMW6_QY?`Gh9=1u06%`v9o-_TaR;X2V_b#*W<9GPp~oM7A(B>nh89 zS=dWx3@5aSLT<_|yAc^rmL5tSO&Y10_>Jui$a!{8m+E!cTSDO(p<1(ffrMs;*hG@8 ztQwec(&gNpP@Z{iP}&DATy#J_umzL#KIG;Re6H&4!Zd?4QYz3$5WRh6Svva1Cyi<` zpMj--w$5HpJ_vn-@74Q^z1>hV&5RtibS;>rOS!t+sheJd3a2@SxF8v&MEo(JFx!ry zGWg9UkTwlSWbqCYuB&vG$P$d=@Cr z4GwafT5yd@8aaU&#%ghY{O6yBi_nS>pPQrf1thIza_TY~%xTUiOqrEl8nUpqIY?V_ zZwLbKIFC%G`sT5iimaWRllNjo59S@zhmT*6`5FCkf=N*BTY4%l-a0b+Vq@gWdk1j^nPsTT~hdmVrvzJ?tWJZhgQqL~Af(#GwhxN*r0eS`l!=KAc&CN8o zvt?h$#kc1-gqCLVv`zlMqj9(z;|Q_WdXLb4x5M~c4Tl)rLq;4P9WXbS9nE&IrFRu7 zc+NGaTF8C+yVWZ77x<;pVveK_-ZJn81PXK-oL4HWV6x!q3Z~*Z*Gx`m!WzNmr(nIn zcDZ|}wZ(t4jw_IsGW++}{}y<0{(F_#9jzsy#F4Y4-R2RyD!;_@9R5q*@VCLC{zpkO zoT9ENj_XowirafN)hBuZB1q0E6}xW$Ei=OIzry0m9cSl9!5b9u1U`Q;0TcLTqXcU){m_z$;6a$9Px9Z$(?+|26l+s9z(@CwD4US>e@;zM!17F4?J>f*J+zC2R2~62e({4 z1Nh#(Ro5hZXyU&Ew(>5_8YF*{caE{%sbNgl&AMK- zhj*2j^LS(hVxydJs^?H%Wht;FRhI2FpZR@GE$LtyO>@l`-6)n>GkE-j6z6# zFXWz}fa|q2Vt(vzD`01PwuN40U+#`zT`nT~u4-?yGnOPN)hpF?OU*Kj92ORC@w6MN| zskqPYsZ7cF%_fJRD69@7#IB@9z0f+UDuLl@Om)S`m}^x_fftx=%n9QC9>BG|%H$L& z7v)4Gnr8NfWz6(FV>x;G@+F$ZU;gfQzXMNHlCp%)S6_s;{?Dsd?alqa^Y`xvO+f3y z3^#;PAdNRu(<<-I>u^yBXdoI&E5?|0*Y_WXdRJHeDY!R8dJs zZoB<@BG^5+H#?i%(k`vKP2lgK1dt&Q#kYO(sRQv?8Pb&K$TH3r*j5T64<4P zW*TW{6rbiyqM;9h*hoglEVGRW8P)Yax%d+%4U()W;%D$DYerz*EIMubcmW;vaJ$AhmhIP?H@0&?Duxt3He z@kp`r9?_6tSeP9a>Vq~ROo6lm61fu3Q%nI88d(a8OIE&J)^ThDgv-_KtS+*RoPlmA?;)eqPkjGp?TBhTY`Vu7CLSjI% zBF}Ifxd050XILR*mn}7V*_^KbBz9~ICYQGEs89Nl1aTSSgBGpxiB zT_tHyLoE;cYG(Ex_4dx;9wo5U%eG1S2}Fu-9=XLJalat&qRR{7Bz#KlnB_o5|8N=b z&C9(yA{oT}VF)8zLWS5y{LF1bhgj}dtA%4-sm;3Sv6FUTKFx#Pb3hz)p__8doUMo! zeI|kQO+XtKw}LxOM^7RQ+pU{k@7VIWLfSC9d&UdQFkyI|(I|Qo2$mlp0^c=>$Mto7 zNvuYlFcIruPvvoy$rL1uX66AAg%;)+}Yk|<8y zR^;v@#7&biL>s7kird=T+YYVi;=55np9l&1zO{U0b!cqsELCx$?&897`n48L+ z$tf5xk`BdX?6zRyj?xTJax|gX0 zdFh=wqIytJ|15p=vK8fR&(4A|q6jmmg<)m?Z6p=g?SCf)G^9vLj}U=|@v$Jtg-up-}AczWdMa*z(zFq#o}|$ReLz=g%r*V~xpq zAr9OJpTTd>R>jb@zUY-Saon!Ta0WBbjm>g zglxf~!X3AAJvXRBL^$L$nnPcf?3AP;f3B_RB}A%ff{~8YlSwJ083$8}aG29Mm3J)lV$qP?m;pOmLS$>w9aj!sGfdTDy7GKDd~Ok@ zR};5HHPXv)P}@`QX`#^EVdN7qZVJdEq-XYODqfk4a{jN%HYVMk=G;xDTsuxn+kMP5 zTWP%W4i}`>Zud0!ful(+^?8(olFgYPD*(Cjz#dA?@)#aV&2l|Kl+m^6jzWhqFUNGk z0yfKGU74EYV6IKg66@;JEOD++%@VI{VA*98h8b66ObdvqQG(l# zj+Mwt9h1;yQ$^vK1f6xJt@wkeS!HmVf#iV4OyBypV7h&+%6%-#kupD)E$wFU7UZ3+ z$9?Q(v7jjK{cX0;b^s|@9u6i2%Y%WXxaPKlOu_P4z$sWB&J^i!U0v>92PIik79uB2 zNMepQ&}!TrqD7KFfK99yx7fvC?tJXeZ?1dV8G&iK3iMEHJT6tpCfWv4J#rQ zO;w@=urdsnYMMfsZz;|&1ugIQ7muG^4wTq+j z6faR=e0>JE)mi1jo!{;%hW2FVm8j}-YuIV@nMbS~S_Nche9o;GwBdV9^$L6-sv&l#=B-TgK!rUoG3puYOA6T`{Us-}hBIB`}|P zNu{@xWlk6iXLVXxF3eMwFUW#Q)o*j|AcCfR!BzhN0h%wr>qYMb(NeeK*7dKq@_DW; zP>$YWM{luB?|wn5$kAKu=q>i8dW#_;tnnG^r_EIk zV_%ZLm@=!Iu=6AlWv*|<9gFY*X;>LnYJhBGO{+tUl>zJ$tJNLWm5i1tH`@Intq`t_ zFjZ@wvb6favN~-BJS68tvV<4h0uWGq9@!X>rv)rt8lq*{#Pb~wWGn-v+8+0f&cvQ= zrfVo1f+%>;6(edU$}A<4{g;zK?Z|G!c0#Y5_y&U^*jb|mk4gRGd)$u+u}=j@6!j5H zM4lehUbWI#B|*Z48-m$*JjMmhcxnzS=X8bJCzdR6mwBpF)k+as6jIP+##GQJRBJ45 zemDGeSc7nGyBPiLtqfuf8TTQA#xolYG5`XR)i7rglAmrm|*qkp>PtyOOA8In7&dZ+qo+hT4d@&oMh6BU8R$d6PD+O#g-^cPww$ zQNLGi?$TvW=Qd4qA;p3l@?~kGZgpx67l@wh5Y$kP2nvsUX!a_mC}B{t{KDX z_L3nCXa4mAq%Pb!*RdS8of}b{j?d|IZ-fAqd3y+KOnlT0cDC&%_{~h*540GRiVb+T zX4EkocWen>kgfA!Z&%KkPR$Q*HDD7OT z&kC9*>+A)dbaR(rE68zwp8N>J|Dam)UJ_!*smBjCzg-$Q`qy?u4E4&<<|+gMFt{D3 zrJk`|^8_yitYdG;#>w>rwYjw8vQjLVlssjMMDg*^n!~e4UY6KPzZge{co&DhChP6o z8XnG};lW%Pwsm57Ecb<8M`EWPeY-3BZqtY*Tbj;W4KclKD78Zop7c5tp+8T8ZSQEn z0Ci*IuTH?*)_$Q9nz8HecC}&HYU*~3k$o5>jPJ;f{wGhNBo}GhePU?HaP71kGh7!B zblVYQf3RES)1+^yJ>`5WA5vsrjzL=ag!8Pvd1z`@Wl67&%Q-$&_+u zsU^GCah%^=lRsirI}f3dLZf7I!!gxYu7$>g9;_On8DomdWfxPB4hvvUP_h{ zYtVVRN#$2$`_Ct-`~e00z^?Bittz43F<3Z-z0*}k&AH;>5fOOh*)&~TRl!uKA)JzT zV#-}=Kto_S@3dXSKg!=n`TGl(zm>|aayri19dzp6vHlbCHltI*;E%JEEAuZIjo!h1 zb(vfBy>%8~!R-m=!3U6U?#|BesCeHIq~>?#?TqI))eZ5!cwp5F!t>PSQVwuF?Hj-f zsgK`8Z__a|-Ae9)ei0#?U5yrYdVCi}own;YorcYjeyVSrq~H#Kk(~+njVdJ)PP;O) z_!yi@3?V6q54(>J1km__p=`TG`f)34-{{Ei97sDncXPAzV34l5;AHwxc2#3@%$|zv z1-`$ecTvrDy>UJ|Bp-_UwxK-q3zwk@lhq&sQm2;X83=f1`-f8Smp;Xx5jfq$Z?6YI@)8$xQ_cTERHKU%MF%(X3 z8p3H!!?zp)HgC5TG!()PfOagU*D9-v_lpty)Fs?o*dqi&Aak0` zcpe#1{6nqrnv_2z=UGhWGP%d;SmQuh>8zwCBw!1o=P@M z#GG7=u1P9+3sBc%stiYUA+vcC%pe&^0a<=t1zbMl6&j*G1KG^bOvl%0%j z-n@Tdhy|>9*OzNN9{kaY4Sd)g-=HxCy+nqUFAp#cdw_6oCv#WA$~Ev5H%%BWbVhMl zeaf-C2)TeP=IPyT1L<~9sd~NLS<%+Q0M=s753O}>Hf-Lr@oF>mOu=9*R5b^14-#k| z-p*())Wm_dR9=EBTiZ94&nEKo_ zG;l2qEHA;a_8AzK?{mepIX%W1&F|XZj@01H3yHp!G*{+GbUi)9Y>c3(fp5!C%Y)1Z zAvYPLijg_JGZKIdAW2GP9mEi(%1BNCKE;*m8eSH5+rkJLOL4D&kOj#EP05WEbEapk zRNjV*H-5A*VuBU)j0A#`C7eC$nN(QNITWf?qpeu9LvjAw_tNzc9;YQi{zLTH^m?M)N6Cr-TwI zvW(|bQWh!ImGx3fKAkez)=c+hSjQ^qO!d|SKn-~}YN`S)azwYFoiNz~tXb=ZP3>Ft z!+gsp5M$&mU|lfs(W3u^Pv6s4#NE~I;Wy4f$gHf(eBkZ~yK$;Dl~dN`_;yJD%G=7Z z64Ryb)vq!xO--K^HT_-8woOg*kZEZiFeT0Q>1ZA=6-^I{i%&tbCINNb5vy|+ATVGQw`{Kmr3u9eYw=3(svbEoC; zOhyawhN0>bKH7Y7X=0)$l8bYXi>G7N_<{;r&GFl~d`QVa^wnXP`{4zLAQgoU^s+6rR#d8udZ?!@t1eFRcCDbW2Y5bf(i`w)RLv>+G03+VsJ+wXnf0<;0# z`fJKFfKIAv5ZxXP5vtZjZB}+tgrTO3^Fx>hnpzakHmOouDokxA0;m4%XeTJ;g56Y5 zuY0-f&NA~}f|Xk@$1tdcfG-!hy14xIip*%9su{gwr{;0tyVBBtkSUWjV*oZ(w*qX` z^>-vq)7JInqwD{7Ym7WjRC^$ab_;1X zQm*KhVq+!Pe$wkUlIufBtq&xzZYQlij-(n%O>q)xf9Vut&+a`EBbmnLI_{E4+ojPc zNpu@2bWT70fJXU9_V}KD;`4GIn)542S8)C`XKn=x*>=>y4Zy2^*@?Z+dERpXJm2#G zzS?O3DAS-=ezE6!nG2C?DY6DSHEIBOXmkY)qagWQ5#TM@SJ}AVIVH72apmQ<>Vs+! z>|d6wihcGKR)XItp^C6ig=7k4#kTdCF_Z=kkF^L^3P8?+c|J7@-wv0yqbK6VA2}^ zRKbz~&C>x6q}Gwm;uUpb|3?NfC2RIk_x`yRnr0*~=VPQDUnwa>st_p#WkIS*#;DSU z51H9CvZlz>wW;0FBpTq_hHH|tA`{E`TCt@a;jRtQ&h&+EP`OuR%cPV>Yy!ez>*xk4 zb+vyRm6{k%b>X@g2A^ZpY0wSH5EFbIZuolsRjDPXj zsg~TywLyPd#}~1mx(o_%jQ|!S)p;B1iTb(1Nz#5UH;uS+B#vwTk>wU~U{_#;?^bGT z68Lb=G)<|d!)f)7OYYr0dU8(zA(M=$ISI=`V64$U|DL?)+T%9&kHTl=m$RTh=Lp}WXo9lb2(J@*@|DpQT$kufwL%JuKAA*ALT^(E<6l~=nxfQk91jbEX(@*2zx_yD18!YAd} mD;ut2d&H9e{`)`uuVXouV>y<`FaHw&0RR7N*SiG(Iy?aT%f;yc diff --git a/charts/k8s-monitoring-v1/charts/prometheus-operator-crds-18.0.0.tgz b/charts/k8s-monitoring-v1/charts/prometheus-operator-crds-18.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..fa7c00680e1b4be5fe742d174af0adc51919d985 GIT binary patch literal 391416 zcmeF318`*B!>5x>jLF2dZJQG(6FU>zwr$(C?M!Ujwyoa0?}y#}@3&j4T2y^qb3_2$-pkb>zYij=UB#V4);v``ZeASZ7Q)dE0qyPWbAT=H+V&?pce*au*5;?% zbd~C^m*kC3758fG518}Kc4N>3d4wCf_NPnp*F9bYLeo){UlGN(zrXoF4!jb}`*$oE zdXVX!G;;fFu>t{c#>5fu0M#>XXB-jc9l`^(ihci`qeu$x5cy>tBU{~OL$p0G=GjI z6{5F?HsePY<`y?8AQo;_^nmn}sMr26$19ntX6^ELcrIrppmR-7;;TJ2cjMM8-V4{{ zOAOVmdxCP`3M4*4pDPa{iPDK^bkqZ<@a`u7v5Ip>TdX$G?SbFI)T=VOs zD$XcMTgHy^g&SW4#e{|75Rxb@{NyEl4|C4j982!p96NpqSJ|NMTx}_GX4C995+s|l zayakMKH}lj4xZriY+u@NU)Z=fx3W@f-ViO;HJ(_B3jfZ3kSlYSmENs|)}-ZLHP=F> z+v}x0@Ac7Y`}P#<%`R! zkDF-k^|dX}2LSiW?3ATO!}WW#Se(L27|684r?U=EHZOqg(f_?0)$J8oTUHT>XxFsV zX76M!a(MU`kP-^;=ZibLYc>)MH$aOqvcL+N z_G3U4nK2JMaVwsA(*>HMvyOAGUTT`Ry|8ux7f`bh7|-1LEh~-fAqGDm1Tks$QuOKi zeXn)b&x$*c&4YcP;{E*)TaR=}Cx?VHDcpmY zL#FYxF;pTJU@?(xWw6`Pecx?wtIezgFag%S`rHgyae?MT>UE*rIliu3KQ{6MM2ec_ zkLgJ`o$vVpEc3bI5TZ{ei+d>0vHU9jce}9uxtfd=TAQj(P+UPtQ1-c5WPm-6$=z+Fqo2cjpE?y10JrVbQmTO zz1Rv$XCoj9vmRHJw3n-0x@SjNJ7h}agyQ0;D97i53TMzs^8-TQnX+aTM=l2k;Wc~Y zm}HV3ThUP?i|l_^tI{|7Ode@1nTJF9=JIiZs=quHbrp^)nm=g$cz)UDtsD| z6~$>4a%pTtMi#pXl;(I(r5c2dMn=jwW_{k%sOB$;4z0pwr>lI%Q?g@Gx!WW>z6=5$ zf@L6(JC&d$mB@_Z?h&EG!U!Z?`>HQ<=3eFo4-O3b6-JQSa>2m!89_qzQ;gGmIkH(k z^#=}B8n>m?C+btk%iPzOpIxfRF6`ci#zqoOwj2+7WMV&i-;eUW%#6n%TiPT$VH-KF zyfR+(($e4;@k)!2$rHnfLmR!U$357nKHtYy*7lmKr?$L20IwTsI!BXz9U_f`RiniV ztjE<;SxJ2L_hv9|%sXrw(FgSlz|50EH=2JGkLf;R>JGLtitoBty@Gde{l341NKC_@ z=&SP7?ID2*OW-ot_eap@WH)#WMMRPwf_-QROysUS56_a1G`if@+8w*%dFh$LCdd0b zx56ba+*Nq<7VGsBzD{Nxj#=hVo-UHwzZ*u*ad;sz<*p>+ix#Le=N$ zhwJ3dQM{H}C7gy&$cQPJk!A(SllkV#I%6sXf7EO(5_?hs}Qc=P)AGKB- zMxD(% zUl}Rfq%&g85{-Z4G~=gfKDn22KVUwqUkrq?VsF^&-4iOs_%=m-nTms@AflRQ90>oQ zIBJP*3eLSUnvUpIx~%BsxmcN|+SKF=^TV}FC&mFfJ1lV4p0m?%-)Cz%G!b{)DD)kz z7H0yy-Ok1uBVQcgelzhI@$obejt{8x&-&CQOV%qMn#DJoCWIY)rL&uAYo9X$sP){Bt1CizNKy5@wB4po`BO>=(_e|WxTufw%T&%0Ig?&Hs~L+{zIYp(DAu#>E_U2fd!sb$sMe7zqN zf|bPUtK(gXJ(9hZm5G= zws82vQhF1ejf_ZuQGE>sPAJ_|e>P=7&j`)lR^R^Xg<^2x1EXmW4ofC$?v>@$<>@ey zK6&Wz3~GB$ua{^YZ|~b~g2O{<+%BGOb~nJQVD?aTmKyQrY4&R-;Gz5b=Y_N9zEx;T zoQCo~eT30zZ?P=kBIh;7_4d!oO|z^fcGO@9+mo{n3b%gnW}I%)v`F0jq>58W;IdxO zO77R$+bV!+=9~w?N?*W{;Jshq3&-{5d%n6a_x57v`uymgGb@+P^80u|dY;3sGK3@L z0`Ek@F@pM~cJ6EbG?_CKeBd?hQoEYB-0;l0Xp?^Z*%bA}_5)le%Pdhl;Kmo9cXP zzcjArDhTTrjxC#PJ$a*{k2N>XE=0)x^V|NY`eALZ+6nUgE*q!)d?UN^RR!nvsvF>3 zh9~z<_X_H?!zQMNdG_GS@JS@C|NP;6C9w9P2%_&;bFjWWs0L_YiEN)@)ytZl5`Ojq zZBPYNSB&s@_F{eTX7|F&aD?cq#su73uLn+*$zsb3u(0q9 z6|L%vy>XUC*GqWj>1k(LXDx%bREi=Wjmvh5xFPOnoMw!{0ULn5c3E3iGBs z;X{AD>E>oS6VpJR6o15{r4_FJ)94{7c>g=-f~R1X@+#HkPEnSZ3a7*Tu8M>gQ|oUg z{dD`|E{spNKu@VL8sF@(Y~Q5m8c-X4#4B%I|N#}|51p1T_&ry2!g7@OKY zq|#4N8E#@R7B=^8*;6KJx1AVmp;wi&wRSp$6yvc=?7(5n?!(18Oqds{h&bI7<|vnk zG0(xTon&&}%8*$HO=TD}Q=+cbL=(=AWbu@x>-(8KGT;*pirl=BOe|Vw7azU8ae3~G zXO&o<4K!X$Z=2c~`&U=|RPLR6)$Ez@5%Digax_mi9ciK?AmB+mrpx!95|_t)y7_hh zLF`X zoNuKi>BNKo;wi|(;h9@pwpc$H=i3P)88P_0qO8|(+n+RDc3WN^Sxtyf&DsP3k`fv_ zUuMW(B6EHJ(7(q&xj$OwS4Q$MW1XT`X?O?U%Nbwr32VhcmPN?b`H|4?JZ&s`pZfO9 zQE1OS$9zOTNmRs=q9-lUY1a!*|LsW$JaqT4V6|_|CUuq%c>@OEEjSOrH!5 zZXo=Su^O-6%EvTGB9{S1!$wY6RZ=%sD0|TN_~4#+FhdrrsgU#Wi48<&x`RuxnlZ&~ zj7K0C)7~n(EX!d0*u|uZ{SIxNhyA)@qsDax}R5V3y?y=b* zt#i7(bD!W{PuxoF^oMAR_2a`E z^X)nNz!P7lk~Cj;XKD7j`sP!eS4k)dckW&S?t9o-j{A3|V@GrQt&b)CZy_Z(Xn($r zKv^ZGm zgz35b>8W^LNyPdvq?VWgoyH7gtN^v;I+$C~05vIKT_XVQ52GNEKIZY?{3)qFQ3=Lp z!BM-*1a|!3PJWe@pvM-BT*{@PZ%TKnG|FL-tmA`Dq0qoJ*$;AqlgKjl`3cm3bXAsOM zZLUJc>jjp3n*lGFpBVsV^X=Y8NJS;10a-S<@m#L6-a`tFa^q=CEq_Kd9>m#+od>R_ z#M~NPY(iF2wk#VR=NzF){iN#KiP#Ph3v+HUao<%*gU~iLz-lr<)YV!4CNPT=rNSVDG3wqma@;9dHt_` z@+&^{4wT6;$al(Ov1(?nrK6o5*&F_>|1}T7kG;N2G&azkFRUm-D!BuQVJ6dCVODyL z`w^>1qyS}4nzJb^$DO}HwM?zPw$9i+6|7hjLJan^Ci>hG6F6oZ$EGsT-&t7Lf5LKk zoy)}vVC-GL&@XKf7xnG=tloI5wz7NW(Cch2iynY}s_aFS`g_D$$nI%v>o(!@v6;K| zEplI_Rk2$^8%LdMs?B3F#=2F5qbc^JewAW(`UnjmDvlr^`*TE<~7LwRl}_L-daCS&@_8-8U1+ zdMj`wc5h6x7v8e53{syo16cG|rGZ~%8NS5sYF>@@)OJA?=d%42{{a80mDlHM-pf(t&GS$)9N?ht$Cbc3A z21ZD4L>&j)s`%qqF1(Q)1e+h-ZF~6~Hs0o$ZBq>cTDS}5jMNAYZ=PQN@x&w?+7fl= z>9Mc#xmrBe;rt~x3&7ldXr(|l9Osc#QKjO%5^6mG&G{Sj(W8_NuoOm85X0NSY>Su% zwPl;gpiZ@}Ra1``k@TK$xqNfx$f;8h@fk8>_^uEtjjO^H+?W&2_Q6ni_}na-XQ{n? z=5yLQ)aV43!{qM(?6k%Ab*F3S* zvpiVWdUZDBxb7V2cRr=CM9(#s@Rn8~-B!2(;h_-th|EQ$dXkr&r;2=m^NaliB*U?{ zKh%4EHbSC={#FJrg|#Uavdp}{oUs-O;ZciQ>jzfGB_9!?Pap)OpD(2##lxxLs~_Y0W3@c;BIS4lLNE4o(P2 z{wdKnLPEkaM)nYkzn>82ageAUe3=q>ND!PzKhBwzQe`#NH@~Gu%I4##gb68kuGmxzmFFC zA$N!+A7$@PtJaD4YITF<3pJ7arj0Lmr5Dym-T8jqE(9ypEQ+2Q#)*0tazP!(*APK2 zU^GY;pcMKQGx~!_EnhK7lJfd}2&raNCIhJ4g92y~8``Ha1mrhCJFHJ&9*}BCYz176 zCbN3JlFqex+A4{9piy{BV)GtQA%uL!b)D$4Fp{W4p^~w)kH#1nUxU{O{Nxv(AE0PI z`vVI3TJD(8YA4`)Kc=5}huf{@wU~A{;Vtn{O>vwHvHIFLptivr=nNc%l(_SDr{|%> zul)0xVH55Kz5Ky0vDGDaV3ZM`#iER#Hs4NY9F{-yczhS9lk-pqtGo_)y*# z7pPzdfa$`U=qllBOH~(RnTd+ByixuSRtd7!~|1?{p{UQnMP}0U34hTS?G@Sovl7$VP&VQ#G1_l=$so9_q-; zL@Ghs5h9U3dEV1MVgGYs+iciRB=1gD)rkSuh2m=4!VN_B4rzT16pSV%ciUI$*ERhi zxyb-A7(6X?@_uXk#)N_oLf#Pds4Xp7RqJLF<#nC1Z~XvtMuqaWeybm9l}67zR-anF zM4H`BMi&)Dj_9|LF|fX3NR~Ne%%KZz^SRWdUCsf{=sFQlp$$mPG2I4eX_wv&AFwv*)Yzt)0ah`#Nl>w#91o|fY& z3WNdQl@6-O@pi-YJjS-lQ`|eKGHew{859`L;kw){g}D|vxoz%6%0Zh zUy`8(k*!xB05{L_1$@OGIOL^03}|^56v)%vZ_)!eSq02eJZb8i(`ahSU(*4HDV|<= z&a45+;exDG21;mJ=7bC2`Lgt{30Gi$EueotpC1%~p#8NK@ZK_g0-F%stZb*kaJrm8 zFuTeU;S+YwKL*|A%g!dao*w^nwbj*%o_ya+jdXZe==pN~T&KLUZ07bVdu%SlfLX2N>^hQu(=tRs!;-}lud#)5e(uoy zX@)}SQyO;>FJgQ*+ohhJ-KRV93B@5Y7;E8yWbV-qUFDZSN0!)!QM~coEI~|4qa^Ny zy}kSFaax1c(KD|XN)3&!l)j`qa4u5evfz@Tau_D+;W_QVN2)_g!(>~^)!vDU>Ypl0 zL>YFU#F6) ziFjlngrecj&b*q5bYbAn{KdWx8J}!7m~w|B|3_x6>qVzt$vrURN;D4^9TV|4FnAR{ z{`NPHszqa9Ll()Jq0MZpMYURRcjlA56?$A5pCzE`?^+NpmDA8W3uAt;z#6gh-<#YV zs-vT-y|h4qmFF!62#^$a?bs3wDv%kL*sVH2xOgeT@yVCLc)&}E$(L235&2_)ijHk1 zfCPG-Fm>f>{QWG+$(Mn(zjc7Sz(GI4dfF|Y&hSW*MA`{VRjWPLxBh%oY=%!|K1igF zS)8}>CyHvTn^M=A<4OkVPnAuviO6v4U8-;K+9a zTDl-;{YZrlEjv(+<0EtXX|+O+m)75#$~f(9>+zk43#0*ymihJaLf7-DC&1xQC^@i` zop)=^(Zg%%#?@ld_x9x|N@F4v1y-$XQo3)p(IW21q}l>9y&$y$>%@I%9yU?>Hg~wm zlt%$h4z@)xs!(A3*mK`lw%U|=iq&eXtLpXfpnfm4Q2Y@+B>6T(V+5cZRK3DgeS$XQoLG=rZr994)u ztl{xpa`c{$V%+2mi~aHKYBK{z^1>Yc!N`U1Bs^*vY$<4lLI84qV8cO$h*dJ z0%*PIa%}ncra&V75!-AO1)x3xa!AQ@U7%~weqX@^cjg34;w|W_2zurds-Pg8v?WEw z#vGH21s6U>`@l{X^rkjQ^rj+ZmN-_lK-oV&JA~}R2%y;wCmd87s+=rTIhk4kD6%wn!)w2-g zP;!nVRiaWlb&RVmyjLR z_|V&!bJ?+D=_g%W_2$BmV_9D~kK0vN>I*@5+un8TISC+E@y|~w3M&N1!!RS)zF_#!?6I?qMOm%M`p*igu(7Dtf= z1k&KP0fW5q(g1SK0R#USgt*Av zO17@0>&TTE@qspc#{xVtg` z@@C)KU()D9A^oSyV659!v~rq-iR9RJ|M-6-Tb?V4SZj4lb=O7d2aMy@aXX7io>G(k z93H*(cR2vJ9rxWujSBoeV0Rr2FnB-Y7OeJj)`;|T#)|WEPWL8Pf}uUosqs&jY(eH# z93?<_Bm)NP4QzYK1Y!g>z&y6~k+R9vChB8%2p)^tNx}GY*wJGm>ZQiu_sWv}HC)N? z_4x5Au|$;McPfpQfb0v{d})jkUcwvl0XBiMlU z+Decu=_?7lTUn`{Aeja3EHf?W6@+TXv@Lj7tNXGX<6*(h%Zj|UbKJVGbFDi6cBExO zaMXv^Tte%LqG?aLeL#Qj6N@d?+BU7O)7FRPtw~aY%T?t9^XW(AQ>Qwhw)%1H!u8YzePDuecQzL5Lc7fcD)&<@J=qq@0NvMs{ zBo&gYn$g6_5Ao;0Z4?c3&9O!c;-97m|HNDET*s>#`Jm<~vZAvp-QCA!1}KEshClM+ z3M0(v{KbdvdIo-EZIKC7_=a+*k(PVMLEnegAKWECQP^?Y(<*F$I^}280?%0y@>kJj z%(q^DJDQJ04yxW=_)^62;BvO^)wnV$Bxmqg{O0rQ-iY|o))f)X2StSK1 zHH5!HjT1%zBQjViEJGZNgdqndgM@gNkCM|asOsK26>yEwSGpmD_6a;^1VRn_N;smo z=vv!uqUBxNOUw^;R6@2m!hYgh-{su!2cXz6NWv7Al)tjgK^8d1Vq!I-`ji?}Z)a7k zpSzY#HO!@>J$cI#O(E}6Iv`?D>KJDSGMsOItIEV7(eTf@frc?C$F?gXntq)X^pv%= zK*B}ynO@edLa()!=gu$e>pGJ+c_#Y2m)RHx;)xLau)%>BivDkLNrWKSnWL62_6{!K z6wOeS%>;)+A7tkUES9KuC8;Zx3HuC@m9m0GL;bVmwAh)LHdU-uKmF9o^eRa4)YIVI z6^BvZiL;%ZA6m2aNc`=Z>_>Xb4~jg8l=xgLbuhUm6yGs#`&=t!m6-XZzEK2pqd=f9 z$KqB#Ugn+~v{D3zzaU(?;Ki?=TT8HWY9?|FF+|{L3clbd_Az!|lc|`l6E)xoI$Fa9 zo^Iy0u>~o|K?4c;UU4`8K(?$*L3${ZeEye%1a(zkO5t|Wk9EW{EAcbq*3gW|f#a;oX!KM?S~H$I0|@B*L>TN43a!r6SI$0SbdxYsFu>9WY`^Gt9J9 zkQifZb@g9hM2mKC{NG9wku;h2`Jp7*AF(0}N$Jzr^;5FbyV-rg)qTvCc=)`455W+MsxN&A33c=g!5)5L|*8&<(38W5uDWYiaFMVXd z!HEdbPe>H|m@1n*xOuo3BCnqwtGz{~4`UU^39D zoRZzCF#rT)5blYwc7?L=>Vc^UOeV)m>_p62y<@4p)D!c4r&pkC*as`(mQsUJDPQeq zq6|SCL^9)^q_P(gLZ+q}DYPl||G`9Sd#cjYK+G37^RMBdaJM@-8`NbAT&ta{tqYB;_qluPj0NiKTy}0+Y7m8K-DPf z1RZW_F$BM<;#PZ=qc3eqOeOo0iyWU{#St{N5F1Irz_4&b6%mmwsKKD{#efv<*-3nI zese|AlP?SOvLYj&16BW>7r@+ucsVQ{jyH>sZN$sTc{KsZ&5cgvqTEkNNhl;vsuOh{ zwjoRKRcqm!F#jq=nmYFv{jx3+F zODDZ748mzNF^gt)uXS_0i2@%AMHCoxWQrp{E(A%#SErU<1x zYl&lWeTx}KbzhyzZ7qj+LU%PJK_H1f?3tK)bwC=YA) zuFKH04=7P6B94zs%yyKhGt3q$=O#Mt|j+DZ@hLo>zFdgxcm`L#}{1h5j; z=U9EMxU>4hvKJ(v%)QU8fB3t@s4d%IH6V`g1xxe{pfC4Pf?WV>v}qHIQWk{ z0^L%Si^d896FubMB-Jc%b1Bi_RkAc@)Ic(6>25R0XPP>?cYo&k-PGRP{jQ~j?_r?4 zPf~KfAOofP=v7+95rnPtiIXi9hYh!oMhG|RXGl{(t3)b7G09LE%E}wb=4qit+c!Qw zsx_wK2ucpOBA9a}#TC9QKSX%!X}Sl32X#E8m6+6H>Kgide_>rhxA6{6V2=g5mk>8bsaq3{Fw+q(9|_cAKNX5L7o|ETM%yR= zoG3b2ju~Ub-Uh+!n?9@^CmWI_Cq^XI6K*76dA`WUj2_CxjG}%?^BAqKtpkxS){HQS zlvkrI?YYB~?V;qd1*y0#1X8sp{|CgZW9_kDhvTS$|0lUp@@#@j7_0c-L9-OYihaUg;7MiJc35D0 z4@Y69UNxVf;8eGs@MqwCzUE)q6PCjUO<~x#-C~*mBS)i~0At%Y36_4pM~l5I=GzmJ zUs}vJG+E$BkaN$S8Z^7@zZ}k#@0XaqVy>$it+*H-Ve2(3Rt2k{*QMzLZ3aaKYYxB! zYX&9e;r;>M96&co1ME{|JE&GB6N*34JC`Je&D4HbJh{H<8t*D-@X=0NKH@`qF!Qig zlGo>g7DJt1s*5Swy}xt}ViGC-CSj+kbzcepJT>RP@!7*^<+IJ(%wKbwj&H*UZzR8Y z&0HA!I@6C>{W+XBODSa%wQ@w}W-R2=N^VdusO&h?NGfmnw~>C){%0}$Wv9h0H66BR z8>NP$VKOKAUtG*doKfQ=fzD!Bd*%ZKUY%8B>w4S^JOgG#)XDyPAdos#){ zPqxhO%Sh%kd3pW_{V+YNt)$MXO;Ix)&(W5*WMHMc7&9J9-m}m~l9mNPc}`G>?lqoT z?N($7Q&7%+doCZWH?})#_s`6{T+*o&1dBnKs<}O%hh0%QyHjANUg0As9%he=wAPD^ zR_#@axjQJ3XWwhU0w{;}7Zg&CM1Rx7&X&b_^g~;RE%{Z>@^AWSN|etqDb3SKE4pBi z`!ow_WFG&4mr7)K&DLa}U@F|4jT>x{K0O`RH*udQYM!;HsV4_7U1K%=%_#RM|PbMKQOxw0AFZ_}RVJ6k-p3S%l#m%nsG-a%cPng*a{Buhnx=`pT2RFhH6JOL4yF zP#X_N=c5f0q@rXcOo+6k|GOoL;MxRG1esg{8wF)%NhJe(Y~oL{G^Y9k#q#?V-w4V+{v_&wQ z(EE-ter>-joWec-HX7nT6l4>jFdfD>x&kr^ezAdUsDx=}s;#eDXu&!Ag`cmcMW{x0 zQz~-^5ly}*CkC=*NKRb)-f1KBC8l}9vD)Os^ma-F2|{Hd&HVJCvp~+lmf!kx>DY_L z@fPywh<&4;`+vH(5i7Pi7Z}S4-e`f7IJ~$6M}EWfMm51sm=4T`mN+H@Wf6cH_*bJ% z;_z95+m3jOh0DwM5IudsSkvgX|=;#Vy}S< z!N~LKPV_bK!+?+v?#)20<`?|Q%y7W?kkV!|T4<1_fnHi69!22Sce2TvacTYM6To>B~q(~)P&Z3#1VC-L26c$qd%T$lJN;zRMj;Ou$n!uJ;*V_a)?{N zordx(BhXu0iOLNZX8DNnoOyZZ;+hu&yveiaH_t9<>#4JE!eSr9p~zSm3_)zmo;Gh- zwpHme4x&{hA@+{Oy`DRL6Nzdv4`actX<^8kEt!}FNbgPP&K5tlq#J&%Ez#>4++NpF z@D)2)D2xrJ?JXA>DQ6d|aDCOC%Q9D=F1c~0c7MJF2jc7)#FG=u9zbfLzwyM{{Y2p} zcP7MPk@!6vZ+Qi-`JB)xMbG%V9d_<}Ap#J9cY4+c7> zMH@{2j`*3gD0TJzbN_;lbLSS?^6(k*Lzty*J?%I zBj^b(3Jm?CRi$#XVc=LJF%vGkerR6f9aUw12w!=z3S}OvPgR|4G%Ywc^B<_q<|MXL z2oI+>eIasq1SWiiY73kF-aCp@mR7eu38CkmH2;v-zT3ekRqq`*+Tm-gKlw;u9bva? zYN3i-P^IE#)O@J`7LuzLRw@)5omGdqT$hK~v%jLSIKZFzZsLoABMz&}agak*jHdI74%cNt?M+naoitniC-eD?&AIG3s^ZbJ9EhS`E0xb^P zRz%34#HAKW<}%849o8jjm%)*hTGIN{e^INCNJwZJTo_jrXUgi^W$XQyZ5^Z^MEMcp znq-^HqCCgmmivdn`6CNa04!>#>aY$iM@53OJZ6JbPw|aVU7Gg1?-!n%CX>1V8Am?p zhiq|#nFjAzNCKNCzHIqFD_4W8^e^SQt~HkYWn6>(6q`c)6obwg#SF=z#?yA&5gp6QcpeIAxD=@SBPdP~lf5bDr9Gl%5Vrd0=9^CaL zu<4k8nTGJ>W%5=dcGg0*@dGuw3X|#PUl3Z2{4aza75pDSXv-Kog%SOKKxpjbi~rK) z{>9M$rpxuCVCeaqqSc>vB=+2hQwk{u(`<9`CxUs9asyp#;aF(oJVO7WV-nO6a>s;n z_G6BJG|Z{0l?dBYC~Vc9isc|7lbY?ohJi1TXmhB5^(`GS>bp?Y=m4^v5-pa4*y_Qe zwb<%ID#-?$~#Jcntpd}5+1}DlF4lCyd%8}7=CruQbv-M8bv?r{-uP> zOQvQdnXT~=r;`tZl4>`d0)eA~=6Uw*^X~q4Gha;<7JkbV&5w##QpoiwAy$QH?}wkL ziLknY_T#*KGhA4GV8I|IhF<^8a3b{x9ksm#Pb^w*Ox1_K~JQjh<$i^X(Cot z!V<&pC^loW~hc) z&o)0IC`_&#?$cp%2<=bNtXE8b$~>izh0CHyJU*0!S{dEXyautdW-E%pW2X|a&?Gs5 z84YaEWVg6f&~aX;)q!sUZGuA<#UOzGHQJy?F>y>Q1YV_JWWM zzB5hXLR!7;y=c0Jh zchVE1k)O*y|Jc#qw@ehQ={$w$rydaQ#p!+Xc%XVcvpkm;man`+kM<-S@?LM4yJvr% ziS~PxG z7^aOfL;Sj8Oe#i{JYj$1B&h(-SSlCBO@Wa>= za{u7DB^1sM2&y%55wdm_8_w=@Y*WY5qKY{u&MfV=$Vl#C(nNeF4FuPdbDpzzfFW3O zP+$0>!-V7y{II6zSA$Ha@i&3IYXtq5z7F&9Ds+PHz*k=fPFAvYR#Hzy=vM=zu>BMG z11?uNl8qbvJ5A7bNT<>~tJKa2Xi*k*|88gtL+@@-6o@<)w3wEc9{;J&yd*jP16kla z5oL-UaQEGAV(kj7VU@ro^oTtIi%srprNHQCmV#Id+z2^@2rNVn!!TFraZO_Ff%FNL zQA_v4wsHJQ0+cEL4XUXBGP?9*Fm>`b&vUE@pT=lT+6eFBf%XSYWEhb;a19(>QW5q0tOxwZdOBNsBw%WlbjIRrBaz*BL<#4#R$p*;$k$~ zRTRsz5!6>tx_rhc0!-Ock-^mdG-&s)mbq4~lh4{LY#1^dfIhN{@M`X>BO#L1;BEv= zNo+)_n^L~MubbceD^8M?GGOs4)FAe9r9@o{Wa*X+10f0B8>Td5CsH)Bw0IHo!s+R$ z+lmJzHb;H@H}Q>RfV!+Zr;LeuNpT5kZeI7K*?l4~Cozk*teEL_2pn#0FA=LtKX~*q zgk<$;l$r^yovL`G>JZYL;}X5C`*})0h}f!bX~AC|@SF{jZ1mLaP%EMXXvksiv6gAG zCR6N<>7A5zFWJx>kRg4Qy;6v2Dw0g4VJjqtGEam`QZ%QX5_p~}jLMw&fb96s;yceK znruViQ7qb+;sxt`ouo`n6?S`v6}S+PY%IXQ=7V*m?mMs160 zQqJ4}wxYQ-nQoKBWG7<6OjJ3}0{^5n+n$`#>}O>IeH7Yy!@p|#6ADG5kFcBl^u$9D^KflV1V$4y+K<>bgT{g=wp@T=!r?q65%@Wzp zRaPp7i%$Fd>AxElD*V(=YfyFlG(f`qGz25R);L^TNPmq!w4)>-{=d3hO2xu4hY1n? zhRvQibW2W!NtXgdQc_xcAE#!jU0Od)e#g`@{JLMdc1(oB&2grgcbiWZ-s$bzSqre= z+d4>ZnYCZf2X~6N>z}y<(bJzuk{z!^;S!6Sxg18>*~gi1I|q3&6VPf4B1>svjlIW6 z5xfWPe=mPeB#pK+zLKBZ1bnm(oZk-iDihb0A~;zMLo$dV`UpdlP#nJ5S_QPQkzH+d zd)hNh8a^x=5#3toLcHuz0X z=ohOkNWwj5Ha0X@AI}FcTq~hJI)GQ__43y9UUjpe3OA-UQs!kYG@~kQLQhZrt0g<8 zM_8Vg^@;SFrVue`zOd1+#xo>d!2BP}*4kO`rNm2|JpZ#oJ0+nvRs=ZT>~6Izr85Mj z8Z-KCRC6Yz8eY9H!Ynpaa%1J9kZe#Oq&Bel9v1beSw7eCKpO?(Xgy9D+meGs#+O?|r&=@7sOOse8NXo*!e(U!#hu$@u2;KK7QX z`f}gBu2oHhGB4$c;!g%%+5iI#(T;~4UFHEwkd<0!29Qgk`A+Zjv!{c{?FkWNRjv^g zTuL@lQfm&0enD{afb9wD(xs>>C~r5-A-xDGZ})&)^ao#1I>9J;U`XhOSx7%$Toem_ z-flR66N9J1z)+<$1(d;fjn`z2bJu)t@f^yhs5J1YD|Eufv7JlsTzE{~ zXa*&i@aTDN;&rGQ9HGmejFo0$mathLkpE3(|Mpu?V$Op!S-}sVO)7{ed>)K_W}oJK z4-QU|z)i&ayoT-CV=NOGvc>UpY~rqY*g%CyGKsy+r!0AesNwi zlPc30nsKy3N~|!9;}Ui^06_tvNzgY%V06QOSe`Y< z8n2C5ZLBQq0J!#D$Y@s4G=;tLhxOGid0By3CxASMX7p3Fio1cfoQh{1TJlwBkmGXk z1;wy4E}@xuj;pSCE(bfR2jO^uY3K*Lo`zob(5!J7HvPv~6`@nC0Ujqx!y%7rFryCJ z5G4BpBC3d=mc%vAAK8B{${_d9#x8oYQNH+&`li5j1t@Bj0td8d(*B>1z@*K?gY}H#Hz5B$cXF!#I~(u-@hGC zkrV)i;1EVMo0#WvI+F$};V149X1t6?5-*hItJc@uZv$CiSP-NR+eN-ekAR~MKzP4L zNH);n+R!|bnIDW<@CY+Xyh7&)-2f|Dj^PyHMQdof&LBiF%N|JLo^K$PbZ- zi@bd_l*o@}j*zF@P#(6T#Y8Kxj7nL=&s}qv=rR*4Y2RdiKp6RAevu5S1~Atae)$g6 zdIrrnCbGF{a`pTScXbxc5wg%F{-X%k>?2Xn;4a$Ja~4grdZ+zTi8j5l`H(_W$KN)> zOdY{Ok(iq;DkK;eKv78IMZhMV>sh*Hn{>ZRJ;!8mKN&Ux(w?0gEvt`K&*y0)ox3BQ z5DDJ!RBws%o1^9DiBHVLi-OYAmxd%=T`f&~lqEpjz(l#ryvuTj$Ai*)Ycmg@qxAL$;sw4swR^5 z3tNi0c)A%t)WvriMzAqrg5<{!)W{I2s%=xKm5#jox_K4(6;Cx)`N`4DBz}aWh2|Tm zeL7afDIa1X$3zvl6tcQaOz|_#o29)4s(*X-A)P}RqM1(s-w0?}&$eKpX-F*r11E%X zSuw%sgGiSg=ttY7;d)xpS}?U&%`5NU9JsP+Kn=nTYAo2Y{8V5Fng_$NB6Y!noL-*4 zEaaPb;Au&upSjFZgsRG;!iNt$qsAB10?vb*$-Z*-v(s#*yV^Ivj181=D0gY9s>VMe z6nD(*(n*NKa_1K+1r*iJ`D+6bg?A|`{TJ)dtuo17b7EX_2N8Kee<&3&_AOS5X#elZ zHSr#+3i|dj8f+sqmE|AIm7I*aR=aMMI&~vDsJ&;`D#liO^Iv9^ctqtc<>MUcfUDW` zQkr+EP>^4~giG9rhPC!zsmamZg_5zPu+Pth_4Acmx3W}Kj(xPC$_f&G|ra*?*>!LVXh*jEz%S+_6P z(`FeqOIb0ix{PjLN2td5XkLmBCBf|bT?VK0c$sH-qBsQ`;Wq)JIjI^mId#8WFn6@z zDI(qySOF#rIk8+`%b$tXq6)9P$`&kH7b_mTj)G7kiCUy}cOiE$^(vZP*$@5$JQrDz z@|=DKW#$Vl*q1r$m;t#ngkmu!+4Z0gb8zQ*h$#7JBG{a~4pXBEGovMnvAR&Ldclv- z=+5knC%}%bXZEsR*lYTiyyaj>-V9UJ+?VlkyLSX=F3 zU#%d^JBH#g;;G}LctB}P?}??jU%g~iWaW8>;L@ZyAOV*WkA8!OE4p)vH&Cg((q?C} z#%^9Q>5}>xbECYqDa~w73`qo_D}b#E`5`_H`h8- zrlmynek-fFfuG5l*m!m~ux4WQq6`bk0#%N2SqY6+Ce~dK^^&x~me+Cgw_qo0{=SYh zDhIxf6_=wtRDk(9RscURFEED)of#{dsi4BSv|rurGCZI{;+ID49up9a^NksG?J*0^2+WtCc!4=Rc$Y^j0cFKH)v84zdR&W?KTK|2OSP-dFyUk&1;3U7H&`w= zNs4oeYIJ5-{y^Ce*hG)4)_-jpL(a|o2c$i! zCXJ;8X{%UBZZ%r@*b^1K4eEON3W_1mhe~iA;?gO~8_IdIy3pDdUN#c}w*jmyhO9cR zjH1bAvyy7RbVN^3x`#&d^idLA+MP^uXJAWH9KniH?_?q6n6Iyn^?tc)J>0V)=&@|S zedf>{Q-Ao(doKRaKz@Rj8K{HaY3C0AAU1?{zmRdtUuiN+G1q zP_f%b(cKY|fR(Vi1<9KoRqi&1uR+HqC&QBHd?)-So{;76Ik$v$uieK?e_Dae%I5y5 z73i?(CKV1nX3zw=MC%MCzJ zp7%%8G@W0@-CEe$2d4@)a}+dUqO6=c`}nN6*_H9Hbc}^@ML61QcfwNak{v|UphEM~ z`ppBk>#XTysCHr;-OHfIRn&-z8jIvKi<58y2rlUzJ&6U$?T53^!8I>VRBPX#6)x13 zH%(9=+Nf7pwi|w1fkaXfb=T5Qf6q{nFLjYpdn|4299(|!RDQ>Q&(Vgt&W)Y2h+QQQ zERc7jq#7S7qDM-7WK+goB<`kGq+bY!0W;+}l_j*De@Y_z+|+W-Xl{vLoJ&)3h#1-1lJbsx~HRiwh^tq|3& zm!tUD7WUdqS=&HNz6n~Ip@%vq7gP_4yoMwLu$-Iy&$jaqsRNkC#T)?Vxp0Cyk?q)N zOBRQ{`+?*>RLt#pOBs0miKY>a1;Yz#NfF%!7|E!_IEA|Ah)PFH24T&e%75M|bS3#; zaSF-h{pl2PC7qV-FVdF}1W+e5OtB`aysQWZLc#9#SFbOttmsC|MG8?;;A(j@`uRop zp!gkKc9lF(5!Du7U)9bY^<~?#q z&(OIvUOt@tJZMtO0*jxg?#6TXwo)vLE7QU-fLaL3 zaRPFu?K~VEkB*3-DzdexK@u_{qw6xU)pC6ryG^&yr@!*4eY17YZ!q#>vvu?-L_Y8W zC+7}Q0D*$7n)(B#D(HqBfMdwzShrO8o;rbP1dO}WXnArUZ&`kw$6zL2 zx#p{yeCx+Zw&M{Vb5F^04PXRg9$l|B0*+;ULyRfoVe(WgvL>rtir*R5trlF3#)I%< zAdSYLA9u!-BqfRZqOa+PxXp&W9wtZ-#v@q*?kRAefQ8i$ND{{r)6lF4bUWds&cMpf3C`^aKU%CsN+ zF_yD#g;?1bHpMvNe#z5MLz9_WvnH9AYaO1Nx9`3)M%!gT)BLnLGbt+DH<4YFbjFMm%x!=Uy03T_AXKoqPc;v)$>GWmn{>>w?|DwDwj$pQ@-g8^4 z=xkA+EMXyQVpH0+fp&%gYl2xTo6XzX3PSB;8%t0@(`FK#9;nvaVzZaSvMBp^hcaD5 zeRjPv-ITn6ztP={&Y2?$UUi*nWh&bi1SI+q?(33UEmOy{PxkK<($2JMlG9)orTp@^ zVGvR=$CD-l$=eo1bIf`$d|K6gk#&QatV44IEWnD#; z%m1p2r71Wx_s&{>+vWx_fd)bOjkx$QB&(f5@QEop0f~LRVhXnZ+;P&t#PhqnBrwq(>YcfkVQPrT!{)%TUp%KkRM>Jk zH4E4Hw+TPxQsO^|Yn2B8?8>?NC-!S>fc<)o+511VUt><}XvC81BxJAwDLu%2C}T(Y zV2%hdnmA#8fDr_$0`!|;>ol9x{gLqNcavzf&j_Q(-mIhIFh^|M{S?c-iVSF3y8XEp zI%V>XyvRWO<7ZURh^y|rqEl6+#vb}2o7|#wty2+jmznABNk~GA;>(hzu865xeV{1e#S7G(7C|$9l zs@r@(o;=9J{J^aUow#B+^DZCndwh^9)ne>ZM_>I~-Fee7dF8FR{`ZtnZGNp^tZ8Dn z!KMU;r0|Q$?82MTx%&fRlI(`$qmt|zW73*__w>c%uZ8}3z0rBb^Z_{Bqu{u)s7<%n zv8WzK!_a(@nE;m~yBiN-5fr=I#b1OFq44ChEcYD__k3uyxr~veuv7<>5@$bUaseC_ z|9b!L6kwt=<{!B1y{rZwS8_MJRv`n4x9Zl@Qyh>={=;c9uF%l1w|cW#L&Z|w*yn}&;YT*38EwiR@KQ#;!# zr*muC0b0SGlqI3QOKAN6K4^D&d(d4B-rl>2P1WCiGR6O2Ha>5zJXZBQK5jKHL^|F9 zFpFxrXVCnd`g-RE59s0<;A^Q^Mg52R4O6@FXZZUaf%73tY{9L+cwedht?p_9E;h6P zh{2wVEfpNRXO-^gf|E58YRyqH*T}n(z$($y;g*;VXNhr{WfJ^Qi?jvC`49cy#P?LN z`ocGaz3y&Og|01j@6Jw2thISKGebsSZJffB8YS^&L*ZKxn{43@|7sHa&?uf!I7`}Z zmy(R~@=0#xFkHFlQZ^{zKIF??1h*3;l1&IZ_=fOL+D4b%=m#=`j$*kX55N2%WeWcN zG+Mgr2=Vx2PIOgM2W#w@cJm?I&cIXzub8%-FS^GfeZ~T;Lgi+ndB-+@#^A2E5lqz4os9L2 zHA`(d7xKOe)wT%KNbSgHjKSl{mgPi)c8mgy%Mb3`fi!DVo@lHNInjMRvH^TZSqO8W zgD8KSnrtLezLW@SivZ(ZhD6;th!#1Vi%e$w@3g{-9bVl7V?i*zQctmc%7GC^jh}kA zKqH0zjVu;B1iar)q;ss4c8Z8G73N16P$7}N4k~7EkV9J%Sm~mrDCwdxHy4mN>7t!q zjpY`b_`gWa$hGN;R|oz=U`V>4Pnx1ns-jPdrXM6e#gaa3{&m)e*nq;1f!0Z|$i|z5 z!TSR9qlQB?Nh&LNzhDR=NI}eQo=%++*z7V9akw5qYe??ke3Ec4Kx(>3jG&Vf`y#%B zHGvOTXxSxN+Obv;Oit(JlAIojUUDfI8ml)LkX z`FmPPFijI60Tt8VFs}WvBFUR1AYQ429Gy#l`lR+=?Y4t1?dW#-NvTl&ui#&H<+$;Y z-DH54uBX@--zLz}r3NGYDp9n5XkkQDf&@t`R=W+xZkp)L@yQ#)eK8MFwx851v9xwajtJl|2U)o%);!=HYw@(&$E^Ygs0PWkAqE>a40jy>gGjgcq?T_G|ze` z#>5q=>&7uYosyEYZwQUt-*Ky>YBwrYX$FHv+}_6u@G%ik3j$}4CSCh?piN|1ZMw~w zQ;t$2mLdcUP<$#BBwVH9!{T$08xdE+;_!ajKRpu^`~;0Otp|-H8y&n4xO@ee1YeO5 zYp_$&$Z^Wx4(>jRsHmYJD51ir&Zo~^IEI1%c3*sW|Ls6A7BXGSE@8s2H|3uF1;oEG zyThM|Fn^%OhR52*%5BPG0iR3&>q{x-}os634mg?Du0sl{y zt!{jcK8~j7!6NWO5nR#5Ttk0AL5RxNU+1*VK@ z!=(y8`|OJ1s0eHY19)dI3r$9;hXh zs}{&DuikeXFYI>MoEYPiPs-_>t%|Wc;^irqZgFFhJ5=KO>Wf&Sq{B`PcdIHUNOHSy zqBc-fq?Rn3n_e)qJdeD1RroVwTlthHvT+|=KBV9CM|`Id;T5&u+O}^SoB2Y*e`08~ zVUZ&pXySh}w&0%Df!F>buPp$E4ix$jpX?pq*5p^0Pu03jI?n zo&)hV@HmtO?ilJxo9h0Gt!O8)ub`RH=RJBLjcQ5;QtIhdYLe;45Zi`2nz$BG>rOTI z>gJUo#!u2YnoBK|s+Oes`Iwbx83ir*EN9&!(~{)K9TqQ6q2T`MLDAO;c6fXf{6nrT z4ZthdH+Gp!p_>g4A(?LZAx+Ir5?=*Cxph*qQ*=TlvO#vVO;ffKu!wh&AcGkuT?tJs zz=h!*X#O6ViUWpjS0IrRelo|MYY3ZYEZZIPg9J^^D26Wf+tnA2p!MatTKyLKB!d@F~_ zG#hOG$r2N9T?Wqwe5a?!L!8rXAaH5n0-JfSNwh_hy-j6J7YJW}rsp;CFap#bK}~e) zJ8U^g%O(tSJ-_7HWNx9832C*1VopLId7l{{6%-d}1Nzbi`otX{RY-rS+fg}5_zY_k zwqGTKIoVaHB;5*yQnv#~S@}Ln4-y?h50V<-ioO6uE&NG6Y;~bz63|*mz>X;EXFvhP zeWyQBvv6q|FG8fB9UOp$?Nd#2blPsb0X=waU#dRBBb4oc`AWL`cD?bKrUrn$`$^(NxAy`P z#>>i%^UUY}2uMb`)Bb7j_MIN==D@-A1Vb>^#XxOI*Wa6;7R$sE!j)&}V-lwarnCbl zr78m2k%O@vL_at+p1TVS7A=Pm=)>=(8{5;`AfDHpBkH zqBH#LFAxJqQd;`vm9GdxPSVk)0By~4CfsRAL}yrx1Dp4O)p(IHX?+G*bCH8V<13(N zqn_%KTCcx!^?VSRQ_c6(<8-Wqlk5(Yvj#GwtB zbj(y{X}2vB9R>`YfMXzY&_TCNHy(I#MV0R(G*xL;6&W*HrffpMfxNM*kk6hL*_ zUkqO^0L=pS{S;9j-U=ta<-QDo%%7EnB^u>_u2;WCl-6_|((=xi=79>f&#GdxM$kO1 zu7+*WA0}7BBJ;P}CG@unnmR*h!R2d2FFVHMYm~qG1@jrSBq`5tJN^*F)xb36xTm{$ zuIz396syn(?2u05Fk;=^FJc`eV@9=*2ix7=>1DtE;M$riYj6R_X43o2b*@c>ccjJ= z4=K@dFWMs_awO13<@Faj3rR%75vOaXNDzN>$r43 zCF6O0HNUK(bvLPO?Bc4vNN?GfZSI4O{w=fSG~DRk?h4N4`y5OL4{4&NuG~$Yi0N+j zO3sEbx09F1>*ds%eiR8%R=WO{^U(EPk~I$HrvC`5BxHg$;N_(>ECTpQlsYblk*>cJ zVUPdR6gE0XGh4IHA@8e_(0V)b2*GSqU*g5lwFzlV`}!Qv&V;t!GKU1t>gFD3szBc_j?0`#Rz zKkKDM;r#1}zI!k(4fO;k#PN43hzlPSeErwxml@B869{*_r_24`WsZsXY*i0IFzG^1 zBuN;}h&A7EaY2ZoT(ynH;{{{Uxf-{( z#1+@j5+{ zRlOr7I=wnk^TaQB?ayW5dA@y4Mg3~zrNV(Yk@(f_PCg5&I|~kL-h1#6wJ@Ttx;QyK zFmF`;puHkhS2Whc!l9?+{^{_lF3M{`o=?b>y6oo&gZ{FNg(8(bd&nn*)hj02=bW&uLpd>cUQmp z61_f14d9Q>SyY7*Rkpr*$ohqHF=R@X?!1`PR6FUVHW@|3q0o}Fd&Mwrj z=1~1hU*X4u@3{7g7w<_&W+fON9C`#YqrZFE4_RCk#y|0eW$dY}U`1(4qaDgpT5$TTbWh?ukNtUjwh#<^c124KOlN|Qto!GHF(bON zPU1o=BE}X9R3PO*W7N&f=H@Fos^d#!tS=fHRx9Qkde@RDM_Tl{8NJyHk(xLSPWKUR zcr#HQSo!GT-1Vf=v}&VAA~GSKi%(m5FWh5!+K&d=aC5Evw2%)Dv|z;+K%m7In4rb5 z?1s@JG6?w$ePRut5)ypTTpk&t|1*e@^_h6QYFOb_0Rr)p!Gi7+S2A{mx%o;Fwu3iE z0ml<#Q@KBC_X>YlR~lnp^A&h+xQfqI$AgNV9D6!VM+?xCo3@U>Dow_q9f`P>cka&`v9UDuSLre>;$o=D z+9dQ^$&iaKZg+`Mte$TZ-6xx@tg4_yw-zEjOCd329Vkd4eE0JSVh8SCRW837NC|wK z6|aUL{7$YMZCl*@$kWHA_(iv}2yb>r7O{5l6NNrjS~94nV}{{9FT&P5fD0M@sGmB%vLYkd@Z|!I?P3xl{xbDJ{SPBO!asuoOK64ODB!L zLraZ$xIdufR}unD$i1fv`M@jB_45D@p`6HRW7)w^@#pF-B{Ci7fKxoj10N4~6~^Km z#@Ic_V{=Eb{pQMZ+-O=|#%NqXs~Sq^oxqg}Ld_wyhZKj@g<6*ntO7;xuL1>pdl+k8$CR1_`J^#L?(JQ~Qkxat}* zQk6a)s?{rChx2qF?ry*cW&K&*W?Ka(3{mkY_OZ8UY7d91GE(Vkj_x=)mau1ux$awN z`qyD-vu{mvd~28e4-Zef*zJ}IL+Ionma<3Fa&z}!(woNeN*B}x%R(QWBJA=CvdPL7 zKkF94g}1lRc>$}@!WQQ17^KSpwTf9joLwF7e0giDR7^I%hbP6)(oXh1Yp=`bM@EZC z*jO=uQ%kG<15}oW+RvwEK0=-CQy0!_ML5|gNfVKNu5rH54$V3XZMWXU#f$8C>?Kq9 zfOv^RH94U()V4AZ^-+c43!!X2$S|dJStMeu0$2zwZ9-3)^wYF;3Z#TBB}DJ1uJPsD zF+=MG?Fd+OlXxA+*4#-VrMBbt32YcaVt)N8tnm;FQkn;Y$Ry!&4Y0!W*58n_L-_xv zkP?~9!JV{MMBS`$pE$GSD!TnuB+CN{;ebcic7vd0Nnan+W-wN|j!6P?eSjZw9WG~; z(1Fw6idJQw(ckL(k4tnlNCjG9h+c|mh^wI)hWP+L`(o9%@nvR-ap)=CrYY>!dvNSl z2#$hU2~QTlMxn=X^T`8xZoRZgeRH^`gU&lHGp&3A!(|qDsL=*Hkq#kYLw+`r7o8rF zr`BVZ97hqahItlAgAyYYWSV?qbAH@4{@d|UWn+8SDDd>G`nkK&F6^{|Wd*(97y((bS= z@<68CWFl1P;O)6CjnBCnM^||mAQvCY3bkNrb;eC;S1+>d49G<2WpI6Iye2ieu+oLF z_3tL#umZkBznf8UIFS>_SX-Odj5iz)HeUVYr$=UUG81XNxY7=kHFlaZWZ@_u9~&s4 zhnL=U>H{Aou-Z_?nZ$Xr8nIf755|x-Paao4A$`m61$Id9V+0A{BoabeKL>-?ya15Y zcr8;RdPgOE#39nb^Zs2Ze}ja4IwOFC=$8=EVYswM!*^-kf&@lxKcvtshEF+wr>$_B zE{(h2E1(?|-z%V1-fhVUOIkXB`sh^{u|vSK4x|nyNcctdl?D% z=}aNXEcqbG1beRSw-6*A!NB7l_i^F!NX$oAHRLM@c>>1BJ;%r$$H*b|p+y6P*FKmfvNOdyOy1<2t8akSbovvBSF2Y zx-AdtTugo%f3`g$VKWCBR<(`|%reO}Nm|aq7Lx-KPWsN_mlknY^l0<~Mq;doa(QF( zxIZ;h#}n$LdO;CJQN8&MRrdI^@RVo&>=fK**z#*EF*6=naW{S?$9k_y zx|6^Y_znHTm+P5Bo7}PMzF<^+$y**dd%JmUtCRXDi-Dfa+l$75sVP6XI-e5eJ2E-{ z$W-Jd{}xnap|b7(C=qeh<9P1%bd9RwdPfgo(6G5N4%;xOE!8Vf12L6cL3_fGj)ncc zhMKCvN@43wull>P1m6LsxNwqQyZu$nE5)CjRb%|n^NF$P0&@-F&Set29a`DKFJWf_ z_+Y!HbeZ6P+>UAucdV!EoMwh{Ew7QeZ$*%8?az|G1w*=ZG4L{WqojOQU(ou^+VLMH z3xsKF6q_0S8w{2Q_wO-S29hs%XwgFR_U&_R@%BmLq#aQo2yJwu;}UPDW84}GrNmg6 z1EZDYzhdotzJCG1Oib$w(``-y?p6EXqx;#fs|vvF1qS$bRUuFU)A{54#86e^eTf~nE|b?8$>fTmCNy`M~94a)&? z?M@;7Zqq8cs^2p589AY>K!DD!e@m2wKY`|tI)YgAlZCcvjpZO>)(7eGl>ct|cVJv{~Pt2x4ZaiBd0f20lHX>JRb!=tsEX3p| z;}?!w&8;St@UVbzmaDf8HXeaWKMZKv9jMQnC&tV+mQq^{UPeWC?P`5gh2z2UC6@2B z@oTH^^mm}Y2gt(62W~e4yA@3GxSMn(J)3mh8K%$@GIc$hbuW}U`v7UC_ID`dA#ZkJ zEfL{lf4nhpxIb4V=4XZ>Gef__u9TV49qn2lfsb8f;Ki3K0uig2se(&vR1A%ztwkBY znst}Ai5JnSO9z&Gj$~!(W7Ua^Nuxta-QXmc^}Z{^J%bf3H1JduF4J?E+dsL)@8M$O z2c3#8&VM_u?eb-zyY!%CaM7Hqf5dZ<@V`v0!Jm=BW1o`4gWRvwRz9zhJKQGTFG)Ji z1>GkFA+&J6X%afL0{w{z2ckBigf{n8!pe+IRW&AIOTypSb`lK9fb@MNlB+a-%;Vt3OD7Dpt@o7JHs3k{c^u3 z2Cu?6T&8viCAtcm->E3t8m^1lZ0Kl3e8{vdmZHGCmP15jM2YrC^MrsW$Gi~-fpFSP zp`(V~C+i?up&i)EL5F+BuH$z_|UkU~v7Rt66hHffmp#f3^a)p^C*hsv? z{M?F7S-B}-VSU!TN#O8|{935xa%-yuhcz2PuA-$>2|#P2f*Tpj6Y(#*y03Zk*Ca0@mGdg|qS*B@m~^hq~rP(_Yd- z@;lirc0xlV_OSizdbyQySh|FBTMyUazW@Sj=GK%gG?HxM`r z(v|!i{1*`T9P%3oEcE>e1iolpoDYWqfIvgVVMkk)n6(y$%s9<|5(scdy#oR3XbV%H zpIkVYG}(%l8!M=uXw^H4=Z+gHpRj6h8C@C-?hy1!_Q!iy8G3aBY`=cO%kI7866ABQ z03Q_X(xL7`n8#ee$%N483`Dl6;hNu5)15mH3Ul+FmK2Nd1w&8exJfx`ld z?&G#Ss(2*P!OdIgM0UZf%h3bPI;zOd(82v5fjHJC?HhSuloo10;n|*GW;w7Iwt)EI zLM)0Bk(bPMD)HnY?pD5itXbp*M7P^ep-#5TK?(;OQ^6~pX7RKu%TcHr(*v`0)Lo!{ zSC1mRSC5W$jsC74t^Zv;stz#d{Z`nj7PECGyU7RDAtb)kMX*>@C9uG*nNKFJ*k?`6 zE3N9Y&dcI&sA2OR-aR`9Or3%I|EZ<%AKp>_VtEKm_%xlG>e>5<<>jZmX?$_|0-O1g z)m;n0r>&BHM;snHR4RtUBQt;rVX@Ni-su5Ic_UT+zdOz=x+JPTY2?y={b{z1?W zeE4zhI}xOdVRmq@ATDjMhk=|c$s&(gf0+kxsL4vXz!6q$ojvR`b^DkC5?$C>d*-g!@BwJRb37N)I~ulbOZ?xK+*!1|NEQhLlLHYyMry7&B$}PoXG>0 zpfvHm!pdtT+ux}Zy~%b95UXZ|6FZzy1S7oxu&{u#P<|bEpEJ*G3))XPfM;hCrgBtc z(nf-B*2O0!L>$oa2bJI_zrl9r6DHR|5hkNRO-}mo(;cB>NF1j*vxUc&QEb{sHV6Jf zVaU3n&zhsps-w?}r=O%cO_OG`xn7JDZYsp-sd_;3xCZsK1D(f@UOgt&bn_%iO(epX z7|w$e`x#@Q?qcUZS$96yPH>B$#4`O_o{o0$br5;t%bkb3SOCGj18Ap|33%mwLjEo| ziJAwUr$}pz>tI;?kaHKqgX2Ag#Q3-;#ClTKR+M4vhBNp*bZWn{!iB-gAe%ay1L0}g zw{Y_Zo?W>N4u<^#B4{Ilu;8E8gLaQKw2#YCC>sixxnzJHOaj_k8jHp71P_o_qeQmj zm*_$s_Y!#Q?9D zTy|+Lf;#2MCm3yaW7{FO`;GiUrl*kLqv0i`hh>RB0l&`#;F#m_P`kB9DSgpgFNmS+ zFx@Ejc-U?mTh-|7pM!sJzocK3d=cBbm%UAc=JJh!Rk-ACf|n||m)(0YtjsBSVo|*N zTyos2cyk~>&Mk$bg*sTeB~?98gp^srs^ z%)Vvx*B0*|)i}Oomu)qHM%3-DC-ws6-KY*6Zg1!}nSsIRuK1Pd>OpQ$$)RhXszI0l+uK8&-`5a*09@bzdy~}rDk6Y*RUP|T%&;IEEb|rCK*b7) zHgHc18rB>LG_W2PxR*}~69Wwz@L6VH4m&EGH?Ma4@lAx$q9fYCiy2In1^s^#t$;uMO|(iC)dh%FZj5XHfoO#s zuEPj1_K#jDM8e&cx53|DsJn6^9f9eBcpS*oIA0O0)hGRakXUv^ASv2@9-OR94c>u* z{o^NuYlRp8_FT6y4iNs;!QX<_dh)k_B3Pvz-|D%gYyr2#uiY%zFVaTNi7QS?5Le{X zE&H@g;sSV&+wSXfwrxyoJCXeSbSC6`C~KN|Lm;YnG)wVMfZRoVF3ubm{=r zI!6vFh%JdhRsINxQ{0A-;$L|I7r>xq>%bIdKf&NC3O%Ffl?z1@nX-H@Zf$n%IRsua zbmzRza-uUg9yM>Ru;O$?GAY^Xkf(hWb$BP#uG$L6<&1uI>$C0R#&QmC(F+1v>f)m_ zn@Mod36DiF$Tez0;yu^gm)2Rs9bjtopO&tKwRxLVF@yqW4pdwn>teqL$_~cEA}Zo4 zGLg&H_+k;z)FU{1*m}LbHqlr<%@|~VrsP%&eeBpeda@XS&MaVBE$W^~5M$Y(iCZX1 zq?3mj(9*>C0#uF;E-y#NAXW5Dv!LPG$<^^P%X?#ya;*L-C^l-6cC7PGYh_{wDr{h6 z(o--Kw~j^sV4=;!(a9WfdG2OT+Jx1ZzWmOt&JVD0h{80c-S18A*+Ti$^Xcb>&CNVM zOAc^wFyQZX0_WeKXYsP=ihY0zA;J|=a@BJT2lSnac(@j$YgVmLctN%Og>ZSEB?aJL0tZ>)ow|2Fl^MAFg|M#@3O&6Z1a`vsv zx0UN6*BIY;!&NR4>eUg#2Q1u#kK55Veo(~R_tfK4Y$RV+&CkU=QEn1!KPZmK zJnX}idF;lK?n?`@q^`F{j%|FNYueGM<+nxyjLVu+jW%V(c%J^~Iu-d_Qw-kJEgKB_y^^1a^IOONOZxD^kArB0^rU}WrOEc!TOH&8> zZ&ErTo#ADPmIpDE!vHzY>g@OInUR!C0LqibjGy{>56lX;_N#Vl08p~iQj+ceey#zQ zm_l06R<+ZnpMjA&0G@3@;$Wh(lgEtda6d|c3YqY|Svuavj3!KG0*zxK1dSuweqgtO zBzpn&6ZO1?3zCgx-ovh-SVYL;+mGYfkK@>nW7&^m*mn)^yoQ3XdUd;kT#V<(VA=Gw z&dipM%zgy1Q*X}~uap*;1@y&Jp!%-e>y!o*0Ng(4t5&BL0!+l^s0&^NgUB<&$5AxW zt(Sg%VK2Vew>KOE$V_3CzZoCohN&IB8CM|8MPT=V0uCX7;^a6w9{d$a?Ir`3`Xuo= z7Ntgb_N!OJ57vBgGz{*U$y{1wL}rv7Naybn4p2-GYW%7f{0C*D2UIQ;=r~?!x zUU82X9WktFjQZNHR&NS?@ZnT~bd8>(kR01Nkalham#lkq=#_Iz6;+cEtr3{ELe70? zl-T^?4^@nk3twRI()I&31#N(XMx#^){LPWrpthx-wSkeU;Xc|qYa`e=)^HE0BoJA> zgOLeT1??o-=d@!+T*L@2;Yp5F({n(89W8W$Kjt6k2;G{E#8vN*P5wXMjD=n z@CmjH%~wHmkLAx@c$xW?zsDQM>{kyo8;x_*Gp$$^p8JwE+#B*iXGeu5QWC!1bvik} zT|I7Tzdg=x%x*N!dw*ei<+OUf&%fL>-R%^-KG!>6{jx@*I`t$RyAS0FQQ0Aiu0HJM z#HatL+>^MZv*>3SKsDYZa#fu7aI&a}ka@c}1>D=~W*Uw?>TsZpF(cqE%yz6_+~{Qm zy2)C65}Sh^?zTAvEH0CiO_3!BMB)w%DB0OZzp*Br-WQAQH*-JSt%-(eRoV(nUsEC) zDlbqs1K68Gg%`hc_<5h8T$Vt*?JkVdeG{p#dhMo}BfXLQ<;O9xk8))J-VZ1O8KBAz zI+d67phmzS!@7+$1+oC}eBNWt3hknDcx^3 zv@kb*q}MREu8|NC+o=e#8L4#&b+M|j&DUwbsCM=oxGQ+1&|%uOilNGo4OiMxIMA4J z7P1d@DcKW^J%GyVIZ7OmUyv~wPL?jdi;m&?p0Bb$fjR5{<%4q2l@C-&{GvN0SQWL{ zhzfoX<{mRCW^3MPpUSu0Qe=c_|3XkbDZvI}-gwuE1T2BLR*-{_3Nv9nIaB1!yYN+1 zhc)Xq73J<^V|@6_#(We z?SfSh6OI&gSA&02#0gEzfCnUhG4SnIpy;z}{w&r0D9>KFQiP5e0EZ2!QwM6fi9Ji6 z*>6NHN)kcRlRsVGN_q9xxrlxsHc8(QghwIsXmX`wyht@o`JH20@=VkGT1YMUzOiEF z6U#{9sD;ju`TUh^+GW|*X@{J;Q#?m;b9KYn+z+`NsmOfK)?$-Bq{l&)!{cwUob|0m<|LZyLYpzfF(=3skG0;z7q)|P>(9gMVj#ljp zYAIUphO}U~pLa?uvOZQib*OpP%2|)mhu8CNhNK8l4gCsRzQzoW-Or3o#eCn42;Q$O zy!2Jd2E-d8ilA`>UD!IM)O99myxZXijH~RIVLZ<N3E+WgCHMo$@$*Ljp8l4_{3np2C;5HKWok*_H?p-1WH<3TN>2d}dtNxRZD`@?OF@py!5% zV5O{t=UQn2IdSzQprCOibxJu7s}3$gGc5KVLP-@;9O7zsMyRcf4-oSxCG~1VDgqY4 zlJ!pqc9_C3vHin$5J?O<%$uW9DZA$xos7|p#{S65;GbyD9EB1FYt+?e-};t*1my=P zeXx=w?V(AsqPEM45TSHwL_)c#a&TME*N;cg#=~q0?}T*UQ1`T|Eu5SbZ{0&zM~j|h zPOpC(3m`)#U*kMfXC#>j*B|9#gL!PkT&UYR88re zhjYx`?8#dYv1zo=tZY{`&{$=oFPD)25f!Ueb@B@cBP5GNDCaDg#NL;U5n;W%4^+7J zBF~{jzh$LkADnrI@3AUO?xA7=cj8v}TLy2=j+ z6b>#dVt+;dLzFhQwMYvJ-`HABN3L4mmdtS}yuH(r z+13=2D`)r!HN0mNC1GiwgxQ02J7)wj7hE289N z0|qFS69@4aln66(osI*n9yE_&rmX>sK$r5Xi~+gj=duS+P0H& ztVSgS_fd2XUOO|N@A>u@^S1c`<;gh-Pwsxj$Osn@XLm`Yu4tO?jr`?y$mA>RuJAyD zq$qAW6;xc&14Iq%5K*2JvMU)Af02K0cV z=&AyAE3+trb&pH2hGj5-Hfzx!lBa^XNSZZkz^2U~_D*D7)w3c_H12_mnobv#Qd#Ac zo6DwtaNjwPuPd)$Q=+m}zHFz8&*Kjg6e;$fyDHzEFU~-MV$Mu6{ES$Uh3&i+y{OrGPhtclR_qGie6nns9Qu zTW`AoEnWY5BVe1rdX(TC!V7&ONN&Xc0zyJaZZz+Jf!NXU&@>}vb}ELumAVnGpH>J~ zXnf{ay`D%Vpcu>EuVOgs)-oc3jo-Fg@LSzibWKj*i}MnABlj+P30W`xWyAiQg%EHw zM#o0r^E!M8lfFjN+xg0ElUse9PYH)WDf|V8RqA`ka|1#nWW_2%W(Xxe}gz}X$$CRGdN|e#ZptZQ5110BzFtShhyk@-IwazJZ zR_{19D@P>R3<)w69Q%9~@`|IX=tp7oHR|h7&3j0@>w7a_uGM!auvYD>M;wHmkJ7$t zS1XAhQ}}E{qw{m{97FZ_S=y#ZS{Yefy*mw|5+qEYy7M))^-t{*nt%2nvVOrsX8O&( z2Oag{1|AWx`n?^P6}~`lj5)EX1JLTAV=KekOY@jI6cOf~5zkOWbTC1iSID4eDiq8aBUY@Q%QsJm7undebAjbT zc{w*{k@!GVUvg6ImNk-gX?J#jEylYf%|Z6&q=}mjGP)bP3h-tr+b}FJ(s$03_Nvg` zsw~y25gjv2()Aqnx8&f+xi5Us7?td)A(6N|{8KsQM`LkoY$Oh!Dmz+@@>v~CHs2R=lPK?Q2ZczRBz}2u>b5q`R=W{3&Yr>UpqWzh4bdJ8$0~Znw<( zMdvZ8LoDKxj7Da0NoG4xBy#hy+E7?on%#-h86sq5u3u^ZE;>G|2|DlgZ9ZzT0$-In z%1Tlir2iI}YYOKDwxLKo5g2&o+*YN>1a1~}o7>6)&Qr`F@7uol2ami}gvpEoTEvNJ zZn7QL*@>zfwUg5={})M)(;(Pc#V(ohOl9^B%gR#>-YlqGrwMB(*I6^J-d(;l2VhjB zPb-C!zDcZSek3^bY?8}bv5B)J#7t%3GQ^bPEiDRN(WaAMQ9KtxwAfnlkWXtR1xuttI zi3AA-A-ZoXEL+PYf*176grsXd2<^ZO#$>DjHQ*DES)u6E|z>%vm z-P9_z3^n$;CVy5^rH}dL3VMCjit}IN%>lZ-)xGN+VVw1?WG>F9Tv-b>m>*q+b~8|m zO#{-$?NyNMn+u!22s4n_xkhyf!{4=nsy@a0C;^<^9j5fVwGAmPkN_9W1To;c1;VdN zpDZb;H3hC&HR+3*iNnL)tATaYR)v(KRh?gXN*b9ZwbTqWXw^rhp1X?{tp}-V&C+M0 zzsgn{Va|q^DprHfsgeUTLKL9EDMEL2BnLMoa*s_RBRt5L=U6&oa_3DB917c%Z2mC( z*m$zGAyGB8LfW3mA#QqLyuJ)`x1;X%s-j}Tkq`5r>fexn`V-{0i}egWxz2q#oONbH zv3Zz8?wxBvAMj`s@>oMsV}e6P7XVx<0@S1YYf0Zv*KK_K5um!1S=qSBn$l8Q4vNzg zq+fI$_CG%a_E-I)QNjAT8KL?)2ppgKIX@tFPjBq7>y9pLKB$>wDDfvtc14)QvvOM9^ z?BVz{z@y8}NnoS#&@7G#ymPCdRh&>zGPbTjP_l^^N@sB}Jyn79xW9bJELjPJkZL^` zVr8IaK|ftxVe zupNY352j~fE}~~)+JCR9H|J;kEE$=zWW!AcrjAfr^1n{T_v4umeLt(Tu2(NTRSj*D ze3feC7eKf#d6t3fUK;8{N$6j=V5kLIfUZ?OjBeQwqWN9@I84)e#Z8E=RUwM*I|u)r zgDcRJI!SAU?VZd8D$pA@+oB`9m-YY(X1JHm2uTxo`@RrEAaJNJ)xUAb*7rJy*7yBl z1phVHY!3BvM%z&TP2BhF9e!ung8v&iZs=|i8uIU1EQG(W-s?++$DbIC&P;~YQ8vsp zbG6db>IK+a3txk&HTnYMIm21VH3LHVtlzQdS`c*<)4d6YR?J#{fS{da?V5tbCV@e+ zpliS0A?9{Va~uo8M6or*Y1V#$1n5kskK8qcP2&UJ8i`Ii=MXQvnYVMi@1Gu- ziqv8ywHb<|X#8I`AKtvf9o>2}w+CX^sIww`HAsUrH?;b<^6aOAG}0zaUIxYfys9Nb3O z4Yo@MX?KVCUpUpDM%0}`j_eg~VSB0%$52|Kyzm~g-9p+HVmdd^eO$B(LGJS0?%$n{ z6k~xt$CdoR-iU0jqTq2}$d3`N9ztz)(|2Md2UF@ALQ4Pq?030bQ|lr~nrbm4lc6=? zE{Gz9-uhcjexN=7pyxTdu$%%N!W7VnMV>8KicAH#ANn^1 zx@)aR`-gjx`pHb4li9*i%n!a~U>q=>QUTOug9e;S5>a-wTi6JtuAmR&^EI!BaRSj3 z_i3j@HCxwBWITrn+>M3B-^su2-NZ@8N?9wY!-wA(=}W54*~sTcA(V!Mo)#z)V>AYe z6AKdVH1s;zEPrP3qa+$5)o@=|;V~`ew0Hm5e{=%to}E9HyG5c~c#z25DcD&7j`=~* zUc2owx@{pvzlDdtWH=OlJD4uM$GE5Q{gDBWHk!lyYXAHjX80I>0RmT@;IyE3{#%Ij z)fAyT=0q|D-yXfJiRuv;29<(B!=@fsEYcNXdn=kx-#p(`ZM}C}Vl<5+^?J8?(_h>! zpj1~rt9pjVfB{e=!uDhZ4Rg@@|0klPVe#Na5tSaM$uu zxm-|=+VUBX42T74Kv)@jODW^#&0nJvMPUtC7h{G_E@Z(+}-Z${R2{P~=r8o~uUG$X-jLyE< z=m&{IkQWp3laf9u9Aq>pVK!5mJDx z?Q!-$0_)mz{5rYwMfCObHFnkxO@xW7?_I-+3}Yw#mPo#^MjfMRn13>z1|E{>{)%dv zF*fxZzjtn#?by%fhZDBRV*iRf-MB4ZmNN^JkYX}zNlH6j*T+4H9tAK?R`12y$9=rT zieMkD0#O<>$F$=1GM~}K!M3_zZkisbGr&%x2hrmpdFcbfQElW1_;TwD4 z=29^HwB(89mkbzUh;+bpQ*QNBmU?oqHJ~#wYH-aTcpc5H8uONW1AbaV+((EB#O8()xXIDQpJd$Iox^vLPiByI(s-f-mME^ z_G7}*Z`4MIeV{#{<+Lw>ih?tqr%XfjL1kSF3FYG({d9>bbVWGi_BZ(HfldHyy%zUF z*axa!(hvAK#~~)zDA$BFk^iiEU`nT_K$aP{l!}h=#sex7EcVmSK8kn_&B- zra-6{Gr|zY(mz$am%;s&FRL-ojB1MAQ1f+hQ+fYm7Rt`@EF%-Tmgnsm%Djg#JuxuB zK?v-EI^eTyqAKd^{jL}Ns&11%S;WKF;IrjP$rVu?la<_;-aBZ?)pjcCmswlQz_Qr! z+zMKA`r}AnpvAQYG}qc`+bGiiQZwDA|1UMOL`51EevCzNr z5lsI?9akC+v0V^mL-!q7-pqvfb-eNCO<(^%523{^lT8U$=44Hp)b0=uA7G|EnQIqq zuW|$|a$k8tg!x6AA0 zP(eMo-bmtVrVXf2SJpe#OZ|LL2$~A_dT=&`T*<|tW5p+ZI%rh zuyd${K*2RacdOu?60`xtDa56Gyg;)PRQC}17t9krQ8gB;w0oZEJKuAU_2T1r-BcM! zYXp%0Y+=HHiVsr?ga*jRZs%i%i@fOIj*i;n9`cr+EEh+yd8Pz^lMvQUY(18LA zLcvL$1d2k~UU1lbv$0tJKWwZ*Din4KSkLF5zk1D2j{Z`f1Hrb+2AJB?Y>W3>!e#fH z6LI%YS;%Z{7sIPEt>F;9RoCjw3OTTXbwnpEP(&wa|LED-a}3P;%*0VWb0W_!*>6rs zk}qC7HMN3XJVSa)-EO+pz|vFGqhzH30=<_UH}l`2$n+mK9sXI{17UE z8WQ<QUP9up%CwV|c5RuEDzcj&L*il`(U?G%1nA#YnmACxx&wlorJxmjI}>V=Oc&vBR+t1+ zB7ikeutbyGjpX!g8K{-SxQ4J0JUszOR#d>$;O`@S{W}Jp+FW_Sl)tPF@2V+W1iRiw z=_~2{GdW=AknuiH5f%0pab_5S)##qmjNe7l#VIj6#c5{%{>Qf%`9?YIIV6e6%VYv> zEE&XD^1$?AB33efdgqnle7_G!~{Q8{Ez@Lh-7wv8F2(>N13Sh_|-yu3Fs}LXG<0i zXFdw*7QL!A5IsHcfVvssopUF| z=T}-D6g`ZJ3&mJQv@g4YHYArFOJJc z*Ww0mk)fv-Nn8anAonO^T&g(!-ltz#>wIjstfksgC@C00TMaFhkdv{-Vw0B_!S<4_ zgR@K5jIFGLuAQ^XRk;Mx)p2@JBMT9V-`)qY#YOcSsDObo5o;=UA18~c+WN~gZ_*8& zS^4WB`#(0du~#2~RuqYf>L5=0`Mct*`)pA8CP(T8w@w>#)Y}-VER?ioFDQeAtS7(G zm9iW*SjoaUH?RaQhD!LiStUWy3RQNto)xD!6ErYXQZpe`wr=O`tH!x0bSrTAd<&Q6 z0wr8_{#iU1?a5tE%4s?}IPVbxX~|3o8ZC}0!S-GFYwDtg&9yKu0^zTpB^H3&uc(rn#iQ8XV(tsYf|( ztYOf&CA{Xu_#Yzi$Aq-jhLSGipyCxi$)qqW|nxnxTc%2eWoa_nwpQBQ9;y*_vXDYnkh<+*#Ky``0d=4qaxv zf1+4;E1By<{o4kQa!d$fMpzb*?W=p>tdI@NrL@~rP$D5~?cnkhn8pu=U%Vod7gkMj~9+F&zBGBv;Lsc`%W8O6u4#kk9J}<#Wm_Q3C?7;6_ z8glHN?R7u<)pd-Jb9;u3_ zlPjd6U}HcUH7Tw`;UELbD?9c9oVgiycO9PpdtrSfc6m0yD3jt{a#!-gN~%k6I80L3{o@ z%@oV2vk@KM2D{tQ&bH>4I>7a?a^`B%uR@X4lX{wQCG<>YG=Zl%8;%Rfc@}kt*E@rodCZRXkZpLi9&!ug% zD0~`dcJ- zr0J?D5_k>ldkV8k#x0W5+(wl95GHOlK`Lo(FmTCnCd?TZ+j*;?htvk@)QBbhWIO6w zO_FaEU4og2gNM$vN1oqv1;tR-M3pIO+rqXXogk%I0NO7>rESeazxCcN=nH}%!>ck= z8mM$=h5&$hQ(8yo$rRWkdK2WjTU0fguX-Y_D^eKCP#BN9YY0f?>T4_fMGD8h8Y6w> zJXFT}Fb^=Zp;ETOJ0nqO<0=qvEP2ehQ!Ubj`LgUsII0#>q;GvGU#ypTd&j`<=L2D; zx^k$UfHyi-bkHkhW#JKnxyzu1lf%-aK6g7g46kZ8Znoq;CPNsf43>)U z5@mC8MB5@2@jQ6NApWZ_hrq|Z&x|cK+gPfd`PQznBNA`!0-@}MvZ8Z{?kO&D(%3=m zCFf1n$w36KOPNUuhYZvMAZCUmVh8I zn1x_I;X^4u3RuCav+9|HsqD`vuXf9Amy$#`Og!9tw=RgHn!~=C(!O|LXv?f&$V+>j zdi`bD(!s7$$z6x9upL8C9u%<5*lW>qf{wx`UR`P6(Y~DAZvH;bkI(y$Ma{yQmSfMH zfMY(DKC|*niUTlJ&0qztrkGA`Z+kQO3uKc@C@BmFzW$J)Y5QDJ+|rr#ZjVnR3QY)% zvkW7kxPiOE+y)4TN)y})vs(7PGmqzDgJ-YBJ1jnqYp=ecOe>Uy3&UJ=yk$HCv8%U2 z@ZnZK4wPZTUQUGXDehpAQBzaYmq=diNsb%QbFf(Ca~B~E0CMpX&ob-#^Jv{5r1QMs z>XrC8@w}E}-#p<&v*h* zOOYLcZ59970s3uPj^EqqN8Xpwab4TgHtRAo_{#`LxXGDBSoG+eEEmn$Fy$sWQ2Hz?*&|uMVLc|M z`T(;ehIkyU-)K?8IFcS{bjVWurAr3Ug`GXNFp2A>pWj1V z5Er}6lV9Au-+Nt;-P7mp=k4Ow*434s@9WLr)ZtrSV~^iE8O?m$k>1zJ2aM0xuLD9a zuWu7&x3yq&4WkU6o#6n%9;hQR*gZtngI;aU0bS*qNHm+B^0ynLw*0g~F`1j`PFj#c zG?~;pcL?Ek8m4>E3=|=!_Q$(^38ZLL^zU%^CPI@^VP2maq6%eUzxFcQB)m(_=k(i& zGnvS_)-vOXLkF;vV>(Zt7f|=Md@7SDJblMZU{6i_Unenu8=0I-2WW2FUoP%M-qT|dqC5%_*Hc*OR zk;J+u2a01ZuqhuEPmfgXv(< zE`jh1lY2K$5Av@FIhjA?EKA~8|5Cd=ekO>aIUsqiyO2k!p~@Vg*Za~i01%I#m}c`b zTkpH#uhNa)S|(FW8NX!I#nv&)6H}||SVK8z2-qVbRus$^?rr(l{Q5hBH**GadN?PJ zVh#79*cQf1?UrFMXs2A*^sz68Iw?T`eMR9ail$fR)`nYrknoL!s);?HRki$z$*HMV zSMNq<1m)3>I{{|gN<{{s9GySNEw3yaDRhOzDtPTn#nk>5LnYDcl{&>nTu5VE54?$! z+vsN(0@poUVFQDUj1ee%{wyF(KtVxFy1m%BZrZedN<0@fMu~vV%v!e@)w$cu;hsA>uPP+Sv|;CmJ@sb; zM@hOcv(ZCH#B497%Fz+XB{Pngz$E z6ifBHV!|w6zswpmxyw-|7fj;ais}cTMP+jQX5tn;Nw|cO-C(+MRVWwV+No;z?YLk& zZ_^jG&yk_*Q>~*2o>pYocShV-x)ufi3ABOu(`T3|CNncHVnbRx4?C`2=__C9Ivzko zdbHsRgYQaWQKuVaDR39bx>0x>Y{+bw9Ri&v~cGg4^;NWLQlpl#EUy+crFHjBqo_-+Wc# zg65_w=t-=jCqh7l+dr5`_2zQUrN%s7=W#!$j3lgm-dXzyX&cKhMQYhJ&0u?` zf~cH+Kbg_!+Z-xTBJNl0!T+RIJkasYc!=4oP+Ir4MZmF(Z+jrd@GR)@7Z~s?vGdU& zZy}}rm?K9}KD7~IF`}!eIiIQ3yVCwiu%m>BT+u|kz{1q{KZfd*2$bBq^^HLb##%rZM3LoQb?$E-7c%N=NG=c`rgw+9j zDjM3Myob!hwi+^XD+TPb6vIQ%qO#AUPYzCLqBP@$BqgEYCwE#L-RLe~7yn|Fn2-u0 zQ$gndl#j7edH{n*x3ZBq()(MW2&$tdW39VL#@M$+g|YOB76rb`XTFmTpo>pl$>mJa zZi!~uaB78ASJ(2fU?S>);gfm9=&2=R*K66NQ{ABbS+a>^Twkwc>euDSEA$_c64yt~c0EZsja(Ht-;7Q|44639UJ3%_|EjFEq&?Vlz{1J{@1L*g6gd~KJ)lk^u+yiTPOka{hHe9 zT&M*@*T_TfvobNxh~Q#wSo_49C+s)HVe-15)?4Lb?(ELNp%+%dJ=%EhTWguSv2b2v zW(;ng$zb}O5bzZ1qJvJ0A;87peLBa&MVC8caH~BXDa%RSx>qcK&B^;rv31Y9auG=U z#;&kqs-(cQD|w7}*P%zCJ_2A?71t=Y8Y)#)2rTCc#eB7zY&#P~SJoL#s~5S}zg^Xyn) zwSH+)O4U)(V(FWR`!{%DD)S11Aa<+56|5x1*m35d7&neM7r(N|@^ky=?*3phq$CVk zwfeXRVugmfE5Fo!PY7Q9y8W8%^h&v2zS=dk^ongaS7o`Pxtx#ow&J(aF&cG~MzH7) zOOuoJNv$T)=7*gR7LjPAiOKThr6Cv z6({^XC!MkFS3~cbTrpe(g7ePzDjXV$xW5&K9~Jn$3v`foKfg{reacRJ1|*Ux2TSti z02BJB(#Y%w1UhL6j$|N*QX`Vt{0mypx>*DZ%Mh=7#*(Q_V-k)+D1V(duZi#b?_aX3 zW+_)M&2OO^&?-{|Y=N(GIu@B-H);M3QgI%Cs|cIu4?TPc$3?Z&Wj?h}BlPW&qzUNaY7 z3G|?;ArIa6qV9E@fLce@wwkX{Xd1cEfbufd1TXXu)ZK*|)EVEG>4}0jlL?_Lhc(}` z#@R=aK(Vz&1h9ycL-Lh`E^U`;m8q1oFciDgVMX-SL37}%$c?{APqPlQW4p* zB=h70U^L}qDcw7%Ti<`=sDO1jRse|+`5JBGVww@wftyt`OLEgtAzbApycyUpu^31= z6!MHjl8cr>zr{;>vkW@Q z^K=rGRyns9ghfvxEZ)+{F~SRz2HKt))me#@w<*Up%^OrCIZYKVY_3SIEb!W4mMK_C zr5Ufq$%uDh)^*nkIP)9BKESK1Lhpu zY4fVeD9^l1%gE26#lry#N0n2T@}O!f-r$i@XSIk7p)CP+UoDbu1?A%|u9JDvFz4^V zt(>5b+Wc+W6r_n#<3(_8K9+QMzC9h=>*d#qdwea)YEimnCcxS==WHxgiVB&G^`>RP zYtyxuj@O2b2fRQNbo#k}ZkcA1nUTc^O<#WH$3zm;?{Vnor34y=Sz#l@tx2D)-QBm; zQ0ZY{33p--`;nV#AhRgZ>T(Vl+emR&)M19FO>7{fG*wqqeZmt^ryF(((iG;t0gLrMO{!LzNq!E#i1!!1GgW z3T@!)KuT4H*Y9PILGQCd9N9NMQIpRf{{1V)+_S5;{rV{Sp&oO1m^camQ#fI{IEbyt zY^pF*ag9*6y5d9@^ta~VVgu`Rc9_XS@KfyS&$htKi<6(zZ9hVT zX3<>l%(OV|&QmB{dfgQ3OBBiK3^8cK9+0y=NFR#T>RFQ03)KDU3a*9I3_PfmGFDh$$QZyK_to6zXWmS|V zsS&v4><2-)wQ_I!=p&bl9hbQ1;L#CV+22U?OT#G~b&hr}yqBF2)yL}M=}QwHt-OrI z@(A5R%?Xcc%yRm!EDxH9+lC%ot1;_g9P-CC@V{Am7O;vws6I-M{0<@3YQ5 zJu`4C$KVU!*T{eSK4H!Cw(;ZbdvGD0^xKBNkFCJ+T~>0)_i&s4=Qj4=(Qm$gS${uY zkhPf|I929hKhtC8{V{54;*$aNLghzgrQdD3-UP`+tJY07{nwboQQi{;eO%7udjH6;=dZT42x$Z2?+WFXq0sz z&LCu^N&OI7Re0a3O3CMx$9>2)&X7?^FpsnzBpFalFF5olIi)pHb_`9}R}#q4uqV;7 zYTvx)OGVlRwe1NvfMCSTfpQ`&)(?i#shu>9; z@c<^OqL0xR#oAbjq@7AbY8X_3?V*64Ph}ucKN6OD;%>)y>M z)%z$xY%kyI@W*~sQPJQaL9fr#)Z)u|-t!y-e>ipDh~J0fGlV>64x}w)U|+j>KV)EQ>zsoBxzX;10yvpCAo_qMj;3psZNZp z+c(XH8tHfE0M)KE?pYqk&NT(r_8kM{+XlC&-%+WzOGh(i6svSP6}ici9F3soADV+A zsncV~Hj0@J2Wrgx3ZJ58>y0RtAi9(6Zt^>c7B&w9Ep&ws?>&n3oU-?2 z0!#HT4)jy6K+PlG(~0;AIQz$1YXjlnQ=+0x)@TddiG@u}uA^)f!ABXZ0!oddDRT;C z%_PqBJ^hTK_qc<0;0Bn`-r526uA1YoDY7N9l!=%#AWHRmxd-m zzuQb}t?#pHTLr)6vq->>f|sjzxMSa>7+7Z_?2mP(pv#A8?LSkds*o*LDO0g_o%2*R zY5`W@ej8tBGL-4pzK*-j_7G?10{7>Y~$)M*Izt zlE-=%^B=QGU8Xf3(fPukR8AVXX^zuPx_0&6^v!-@zWlK1w9hOw&PA$oA(G_J&h*-1lRbBBj``7_zWFG-T65@xI4ii$*m+(l zz`I|g)d+N-hSaL&?l8(7wg1o+k^5+6Ysy*|m$ME(>N2;9-;lNq^qkDy(i}a$@mE@$ z9LNKWEXz7kJ-Yt`I7+Ci{B8`Jqm8WyA$jILh8$Fg4?17EXizph{vnZxDa{0UBusqj zgfV7wc_(c)P-ycCXoMwn}da3cJWbuuodIY1N%#RS?voUUqrTFJI@=xktca7t=lQFcQUNFaAy(w z;XonJW!qtdqH*_lV-rtaloTtG?>W5$pSyg{TmI!yS^;Od@lZE0D}=CSKB!ehy3Aa7 z0?~2yybLeiTa+?;G~bh)8ZjTIxqh2>5UGifCCyt9E$Q(MjUb0a{Pt=)2Y791)ehI+ zQZov_{Ag9GR$KN4H^ob|j0xYoUt{Lbfo6ga$VnZJm9-j?e&LXBk8>jWKCV@cCg=lT z5CNSr6&8q&tfY^;KU-i&FaY;Kf7CFP&N%R+t$!uo^{^$gF3QbrQ91Jlzy;i43KR_E ziZ?;_h0d$1?TPp(k5@kZ#i7CRb$W!x)G%R@4yOMAxw@k!d^1Z;*;4&V-Vh7~Tj1i6zq9U7L51;i|)B!g6%cy_eDbA}0E z;*&O%gQJUxhKY7d6BU9yQYu_>BY-6VDXTr{9{nt7w* zLnbYH-uj>XH!Vij|ur8lSBO&FJCY!IK#gfsg4- zG79BoMk&`pJ|#FmC=4<~+xGvq^jI%tr&v;I@{HnJK@7z>#-adSL_{RZQs0j z9l{wkD3Xa8>6|Yey83MYXR2&Q@M5B3fRR z4TH4KWpA_I&~`t34=AB0Ne)2;#DVLx+`W17^j=W4K!e}zvR!@eY{{Ev{&n3V;%?7y zdbu^`ilcg4dkdu@@&sr)@UUDPn+W4jOpgeHQi4x6np=Kl-5U5;IMcC_xRtTWD8vJE z3Y*ho9g9(CiuSTjsPfpzEVPtqoFd}GfL0GW@qWB@B+&rgnrs6BlD- zy^1Mmu-dAYA8ub+k>22&2k4k7^I+IEQ!Oi3b=6XYV?0c+$Us%)xIkvZOOm`km&dTM zToU^4_2#LfUF#t&%m4`~{;$UCj=!D`xAlK)_2cs# z>i9AOyqWJ~-!E(CchSTH7I{wHuM6(qng3eWjEy|%IvTvC$N%%U)j)@9n)5#n`F}pa z8goKzD-&IS8iucR!NWtNU|^ASO_n^TC3VAR??h({zbT4i080mlyIq(q znCt)nmr&#O{5!vIi!*@q^`wJ=sr97sgj)*iKRH`STvm@{8OtnVsVhb53kB&*SnOa) z{V@#uNB#45svCqPkzG|{TbaySc^%1aiBYa6Ab zb=O%xB?$bsmBN>7aYkTP2s&peEVGI zKX3wW8;fm)$41z0Q8%_csm`TU+vmT9zHR`?)WV75mfFlK)z|bIO(BAI**VgT>rrdI zg$#4^DD>y}mfj5^m{WzxTd4Xlb&u!fQ`M8L$zi%sI(+Fy7eE~xsnGV&zF&yi=UR?rM zmjX|`zdsl_lkIMeR*tVxIS&|29I$rVCMQHviF>6PF}9JGeIXXlbA+|yUPNCwhY(o` zrye$vd*bp-*x0ppx#KtLMMDsC-Ben$v2MEjv`kifkJ5Mm{zMThU4)4VB^#xf?Vp6A zC8!axFMdH87p}RmI~Owu%_+Dg#rr3PQw<#T1mFalR{$?m$~eB{$Vzuzy2rR{pTnZN z? zdzl0SqmN&KX*cnOU8`d~3J-?z_dtcPQ?^Pa%pc(=GfuD^INYrW$f_mQjFLxnWKdl< zxy-L@!8yjo!a(yDOYqj)(Kn0otW6A{^0yXinXm4}9mQ*L6fvcsVn9!UDn_vJcW+@m zeUYcv33SgbGG?%+=XMa#meuJF#T)>YDwn^*a@Nc92UZwc`_!ZyGQk)WGLz6II=(yh z?P|gmrJbOsa@Iu-5iiqQtu-_3UHqm`!K*x4KYH2L@g8M!W~2?7=#(1wF{uJ%xn*?e zt-K{GIBdwJJS7;dvdCab_2osP;qlZ6&P?IlFgVdv{| z1e!6W6Mf5TpX?fx8v*hSB~TFK4L0TMU#9V-f0jepFGGE&H3?=bw2VY-( zMF-z!77N)m^nG3oWiD%vJ#CvG*Dvohd*Ns#>MV$W!gY3Ik{Qkpht0g#@<4B*JA9OW z=7POr;NIJ*&aH4N%%z(5Sz7LH({uVVvA9MV^np;7H4(GxluzmAN`|8gVyzkum;~3r ze_G};wHm+~wK-!}Rux>4VsO1TZITd|uT8xPJhjr5nMGX!%ZIwls#(jY}D9=(C@;cD|WEg_1a(mRo(Pc&wO8J3<#}r8}5ReyISCYDYpVf zE=cDrA?0nVgV9dUJ!b!I{lL{5qzh6T(6u=m2RL@JceUXaxF%uU6}T*;UnW;Ve=s$T z`SC_ss{MKXMPjCSSR+(sw2oxEY;)tA$tuopo_oyR&Uv?N$;3_1r(bb+nK{c$)7Q7z zL=+Xst&Y5%11ZO>SZAB+cL@yhz4RgVSlQIFZ4ouz<_e8FRx>(L)kOddQ+QF@VlqF@ zD?D!XoNp*;%*KLgw}^XKsmackvI7jx$zlB!#aLpf3|RC|`U)FRn+4y6Fh-vVK!8D{ zg>aodH(v*VzU4Kl3oA(A_4JJtLjpI025+M=BkLV_?6Ni%tbZ9Rv>ZF!i(~m)v%*4> z{6~e)U2{+kzb@rNx7d6E;u7ewFlqw5+IW8BC)RY1iWw#x=3vI7r*)Po-A>+Lzfn5* zw^bDEO)shhB?J1{CX-azBgm@<>5-F?<;=X*f$HZK+vI`=1SLv26?x&yJKb)9pGQtu zd6D&IV5V`>e5L1rR8h}~yV*Z7@NLVtHA-xn9(0m!0~~cU9IA(|KJxSAD4b#~X2sS| zRGKk~VaY570kld>WMD;wdmSpWLZIcGuciG@Cp1XUE5W`m@KTNR8F>p?{01eh>Zwwj z^b~3hL^ZPz>1Aj8KVeN+Hdz5{*sY?k2~Dhkf7!gm`PJh?=Yj~rtn|yk<(naBl_c!j z2^-?)Ec9vR>*^(tHR+6sqGD(MESvjsEI93o7`XjB_#~h$(EaR~Mf~JH6h7njT_22G zGgE<1@g~zOX#|fQLLsr$Lf+r)(^NVc&}x#)2q?TvUIgF6ltLrm71NsK%A^_xf0{xn z1CGp#6G|0mr+p{>aJr_UR_)?cchIH!cQ(fwtVUBcJlN-5)n*s(EpyAz{2 zF8=Ab2&OhNb{N(yoQXWs7zQ!5CJaI(xQDd;<3io~iZ|&~zpRu8OW{%=qc56Z1~UM= z&T1!4{45lPbog@(eoZUMnZQOpE8Y^R8;T$h0s^tE=GDj$U2&HzAO>27s?9^1o)0ZYvmw8R zls03@U!EQ>W$JiT*~3-|vg%VEI*;y#r%BoUX}m$eMQ1eq7_SuW2{5Rs7H>gdgEEd% zZPezrGpWjzwRqh6uLZjD(Jjg7-@MgKI+{{)l~e~fGx}#A1IMoa1!T0Ne7*F1ViI`m zCpebR6hVJ!Kk@r#+cSu?JNl(B}R_dLs|K0KYXt16HRWBL0O4Om}XM}IFszV*QjP8j3# z1<9=bCA_qk=Vi}=?^dE&L*n3I!3rrykQCA+b2#n7V=UyNuhO4abFJA(n5(%!uq;51*f-W)tM^mlOh83*StZe>`lA zoU~wZS%WocnW=Iy)d%Acc$b^;!_WSymg2@As2}n5tFp_%Qp-his?unrZ}ER|vKktk z#-w4d6-zIMFqnO1;3o$(V9<5IGWzSUJ3OKz5MRG@-;GUxo?h@zJiYthn}c1(T27Snbk2>$yS!QlTl1*XUgNa+$kUc% zGd}$8e?}ZVnq*YDO~4~_c)d^t#z6FCiDJD9 zu$RR}< zQ4y#LEOyaBY0huaUdzgnIG$piT4kY%D}X|8n%LMWu3SvUDm(h9lNXY zj|Pi@;1x!xP0&eCgK;0^lZ_pbgV0wPS;LVfC<>Px8Az00qq?0`!S@q;yoSoejT&;WWn2c7G?<#gk9f8~|9J0ivlTw_xH8GStbD6a+|tGt34P<+nFf`b9i3mE z%fqWK;q?+i_suSD&7k$0U*RcBE^*Qnky7IgllUsIBTWkH@_`E$1?A?4@1(=SF=+edIemk*#2p)kqYQY7v80QAw zjA#Wof`Ws&z}G^D*KMxWApBj%7jL*v^!s zhx3EIT=IYkFz9)3+!%n4MgE}#}3VG_Py%1v`Ata{viTi2C0aXWk%{Tb;{BBPXdZmGFFjs zej_!(`h=5j&YRC(NYwA~(5Uv>r{6Z;m`b`UkwbJ#A6JqOIGL=PNjghrqN0d(^a>2z zsUY`2=LP%2Tl#piAjV`&9QkA$;C<6Njf4zbPqg>F@Uiv=F}EJMwM&_%ug% zji-Z+gM<5hd(~l6J+1RI7~}mWp!mk}eUUPNw|bF7h{eJA{{HfBphM-1*>e-f%0ZhJ z+n}Z`xhEXgcX4Es$eKTAhQ(ixuA?4C*8(tlPXOlO2Aa>3H^xl%_NhouvWcFF&IlJA z;v^db7}$7NVP%~Ki@GFcW?Q_DO}>%mXIc~rCWbUr2D?q$1A54-Bg`-AjhjHvU6chC zHaIMUH>XearDh>bQ2K>^M%_m^Obz~~yh7-o9O}KuZu+&feY{a1bZ44#`^N8dzO68h0n0+;!2&|O2RAux_-~7JTX1sAO8}hmKLLf4pQEF|K5*$;q>$r#Y z=@Ff^NdkvOZN*nC3=Z#I9Mz%pxYBf$p_6W=b)#7bQt1>Sck-8}>J z_AYIUk>(n$PXGbFQs8Kl_!O)3(`=z@j>Gqdn_+^hKJrKeuQB$*zWD@pLe4hL^!c%JL+s)8OgJ$+$e?$+&OT4J}Qv zUUK@H+Bl!8hbUBxZR1ujR+6+VOP1P3DbgM&Jb<6p9=a#0H7rr}Q zZUb~7jBKS;&e0ckW3be2?35a60sBu5sS4gGVNYR2H7e_5jn+(Ce|vxWwLAHkf8spu zD$KV`PLK?y)O5MLtNWY9x64vI5=R>uW8X8H)@a7YmkB}*r8jYY`pQ+@KsJYJU!kiN z#!Bj#tDkEnaq+sq3MTzcH=?#u>>O6FYBZ}9N9fv2es&arl_bw*+cn*y_k4xAt!^(3 z$^MI^CJ0uRj39Kx=n*2D)n;U0WOMG{`5OBavxKLfftJ6;V-6PQk_fw6~Q`m5m;)LI%f7 z)|0FTKqD!)*;$iR7N&<5wN)|X-s98&G$5?+PoD^OfG36xp1I(v);jvjK}NScPG|TT z%%j7YentW|2th&0*B~#bpI6&6=*Xg*36m3dou{|P>e(FYu+kBZa0t8e5&X0*WC;9x zd4B$hRV)NYv>S7nv7$nYWY%g7P5?@EQh!+nVWNZ8r=BbiD{E{Z80UF(BPs)m44Oy) zA~ngJkw*hpcyQ?{`AtB@^oo&%QMH^8^te%Wagug+ou-Fn9P>SG3RMd&XeLUe-y$k+ zGCOj5#8s7;%%QeUz}oOm%`u2$k58B(u2>KBx5dh3#Ka{a-|jgI(@%oEP8^&XQ<{El zC>u%$C=Tw#&JNE|kr-r+v)xbC1&cOtiTC4arx^^W^EeQS!c~yzn@LJSNnEdBYByi9 zRR7N{BowzT<)|i8V{Q>h_02y;Tf@5n3>;Flq<(Z>Eaj=;eE|b_wsqGZZj5IWHk~NE zH}aD2g6(JoRdke(E{wOTq5aYhxb?KHA|%cAyFDtvmnNBW6^)bsADn!aIPe^l`#ym zM%%B=Fn{~F!#V=Sa|*NAbca{L%Vw%U57$ZcsnrRGJ9gf>gzaz`b@28z_o4InwgyEJ zAi{`&qduSTi6$sw4@8tuaCKXQS$D7u0?M8-47ZaQB6ASXWBP_oMEW_7 zF!I)wzz1rnHSQX!!`63h11?g)@iO6S6+$8x)zqIRQ&oSuR_E?j*Z9>f2Y*N3+(R;0 zPwM~brD!~A4*tm^TUHMQF&a3i)jQ!y?!MIOp#jrACp<9O5GKIxfDI>=Q>t+W6zfXz zfZIqY<)Q$-YAMxwd;d#}Jfc52;A9zv$$l1LH;6|a5T%({!;YB>!Gv0ozna};{M;!m6zFG!%LA9Ywb(X?^vkj#>*^9 z@4ExN>AAbHi!SQY%j{Qr8}a|?EoQb;mcKq(z03k?ej(qsxt^PhE+@EZ&}`M5B?dsFlgdcOCsyB>5p;exH*>fwmN0E+E}xzbqG()uI5N|QO?83)&4ld8=MO+ z>be&G!Uuh7K6k;Ap#=`=>~Xa_x#(~)J9%MD4zbOgyW*6pDcXOQJ77?nG*ZRMj2Aox z2Gc8Cw65Am!HFn~4qbNwkmD*a0^bqG8V`hjF?L_&v(vT$3>Qhd{3vsj;^~()_M$2& zdVd(63T}slwV%CkOF4e-j(&?SKq^Pnhn}?WXlCZHw$gs?-SB6XNF{6Pz-&Akw3$Vg zt}*vxoK>2UsrR}f)_R+h)bt(L{T-ur_829HU6j>#70}Pq9^MvAXrG)Z5o;(Z|Cy1XL7M}}1azw_8x;?W#nu)qw8P5Jd z=W(aL)gqQ%Ic~rw?2)AMUl@P2=DCibHToIfzEtl5XHUutM2~mcr(I*m?2&g!Jn>)fgq`TbKd^~9>OH^D zf(}Oc?FoK2x&y;ZKF3DnPA0xnRlHLZGAa8$mXbB9GRuNK_s9 z2stYddze<2V`Yyzp(=dr6WyR(GWziNEUE|eqwa&P*N#pS`|33O5Y1K`4ygZNzDPz- z^g7+1dzkL(7vQTFiSEc9@mChBwT3#GDryU@fnX)SnC}E8{0qtBSqwM|MO_;E-;VEp z+gHW>Ct6D~7ku`54hs^3QyRU8*}?=-w&(6c4yxT)N3&lq$w9coW*-(QLAZa3A?B;Q zDa`t(@%B0GLn@+^%56w|6hRCqFr7T(u@3#FDyTK`iZ@32FLk^NgsV&9{K9IDK$;5W z6X)+g>XG{CZ`*rO#Yw}%ypy6>k=BrPQq2Mq9LB_P7UwS~8@W@A`c2ltsm+e1tmN#i z7F{fhefm?R3(Syj0;R)2rNi}2E~|CJ%-F`zQIz})7}zEym5Z>Xe9)#})zRcm*6g%= zDsz&}g#z`oQ!f}K$y1w*%;3!o=izLG3w{MZFI;=Bt_pNL^5L-p}a=l@V3lQ8U8P-B|4v1L9#8xNyg5^^BNi$g4xgRH1Zd#Rblk89X53on|! z7aI;UR~1xY_s9i8a!$Z(38oGzT?EH+6tq)fsLAozhN~aKXzqMh9gm}J)CB5xskmE$ z=oZ@cJCIU+iH}cR#gk3QQ6F+B2rC1(8w%|<$V4ZddH?wjwzy=H61CM^yDCr>w%im$ zpnkvfG2zqA^H#HB)3NgTo8Z$s@4`oZg}sd<>Cy{~m%Q~+T3&EI-MHjfnj_#3U_@WU z+fizxrZ$e&LzZVK^{FEbhI;lWX`d%qvh4d4-(cVOpS=%a4y`!hWFsYA1P(>N8_TaKYKd!f zUyfMO^;XN5zGY2<&%f1*LyHe7bl>+!Iqt-J;1p#?z^A=GJE6rb7vUe))2i?h|1_!V z$-D5|E0uXF5lIZdo-*IRZPTN8R2a#3B&Vlw;^53s@xd2=ze4ev|3>7o6VMKA4x>L| zA2a!0*wFAk5h_?PuRbn42Z6k8R(;>bEB%rUhpT!ge|KS{W(`-Y$dvq~#bUY!7{HDj z+?cZULOfuiezYjRwsC8WuR_{uuwDNhc)~S(!kM4AGQ-A8LQM7Ycaq@YA8#q_)Y7?Z zEBI;+ED?60MGLZBNZtJ*bN3cRWTWQG`LG4M_i6L{r^p z-^UNkh2qv8E^nST>Sr#*dwO=>$Y-s$shzbkt*6(UdOB5xr;~-3v7I|Vc63(zLYg?A zqm`A-x6yY$nCNV^DYz9rt+3=8g|R)TAmBLiwWKR0s_;!d_d`oR{lZQQi=V-*-CNQL+U#6^hl_g{w{s~-;V)!`5j&U>V7%i z*AuqfFPLpP5`|9_XIiH0%6vk9T1x^>BR&#P&x@fK0Sx^Lgp&x}RK3y$x`>c~vp<$% za7@a`&P1*~2fkzUd;K%=Qa*&Q!-reQX8#O5$>HK+rD7amPXxR~;`2F4IVOxa5EK!u zoB^H6b6T6#GN3J2WmZS)MB=J$_iG&FKi_S|Dg&mA8{XPi5-x)IF1r@dlpQ?_#fM{i z-*qa`Ix;-?qC*S(RduQs74+dwv zkrt&cPZ@$Qh%t`7;072@&XCmuE^{~|0fFj2TVuKsat;79+H-CXyepj{AeoTZL#b&t zkjdg91sn9&=n`RvZo1SV(;o)^%}6AVfuMvHkFs(TVh3TUXRD-7GqRGHpmWfIE~bI9 z)i(ui$lMrUAjZ-(Zmm=L zmLcoe${4u+K87@p;)mS%Xd2H;npkoTteZ-UdDD{s)dB?h?cIM*VUN<*?n7l+nT~>^ z2#KV+Yg6B$57_!dNm=|e;)@ie0hAQ*&i92#s3D6-bM-a1O&t2~1#6-qJM@ku>G}#U z9*F%K+Xy*i0+jej=g*oEwR+7O!Ut2irP`G`9+%fMD9HM@q+aLhNa#h)UyMp`$eiL<6-?TOvqOFU2wT>) z!ZJ1o=kqes7Bu!YxNU)}2p?-=MPc2{;1e0iOf-f-%V(7iL%s2CHp88X_=!nQ_+(dFT2uH8{8f(S@ zZtw#8mnuDoqlZ?j$)gQ;im0RlRwMu#mlP4tqXnYV6vM{q+tWFIYd+~*V$73Bs&>1E zMcVKzlR9s5voX_g1AiU02t&-8_x3p8Uv z*aylGHUsZuz7mh$V)BIg46%*DySs=c(sWi+k$FN{po@rt6U)FwGeOccI}MhYL_-k+ z)=82}@MK=9AqQ}WBc1xK$6ao~utSj`_C%fD?Dewpsl5Ecv3_Opbo}x@f&@1rH0v^V=GH^jJ|}DeHUkvU_-}r z1LnjQUB(p4YsW?SD3Alq3VwVo`&p#GaWRMB*5Tx5|)> z>2M%iH#@kP-s_y#RYrRG#rwH&f?)BJ%-1Fj;Ahy@*~cpDUNR@$8|=)gf0r`k6uu&oz->of+IDhxu#1OO}yQ2qddeFTr4ls7YhoB zN0`*oMHS#Ve2G%9rNT@Tp1_!L3 zu?D86hj(@kii4jmhAyFyJjS?FM~iT4=Nu+xX>s*Q|CDx72yT0dX2(3p%Qy z7MZr&NwD~RF!U^f&|Eqj*tL5yPR)9bjYS{cSKF>^HPN=N5Ix>-eE+s7NKKSZ()2hQ zBE_ows~;l``;7qUYRMZTICCoP95k5T`QM~>Oa<`|3jo@gIX43#)aWq&IH-~8db%z~ z!Y!T(-|!q)QpI|~>{ES#88Kp)1?vNKLQt-`oMJv0gsr?PQrBr2Y& z&up)L&SVcPIAUi`N|?h*wt@lc*d)YwoTtO@Cyc)RRy_M*DmKv{vrnPz7aOx>F61&- zprsyP@Ycvi7a6Xg=9+kDD;55;-*WAL81S;#2ET6YjgcN8DLP3d=s;fxDp{KxI))sD zj$uE|F}1i**TZf!aO!YlNV1<00OmZwCN57}*j&#yDrgVagX9Mrbr#{+(GZeQxB|J#5?uMSiohNNh^#(o z#~g8M!5(EqBD=^|ROwFFQ&+#oW>VuDr^MPId}au>PgSeo0NrSe8V?1!ZsOj*AsZJWE!H==}ow-E9IQUX2AUT2)PiKn} z4tPEZp{Q8MxPu;wII@O7>Aw4C_0I`#EA}cZman-^L2Jt~G!s-y)-1@_X`~UW4p2jD zFb!ORxQ#S(1NIqLTkL6JzPEgF*o?VsK^K_Ha?rmSNaTYVGufqHnhpjs2O72$kd&Ph zrV{doBz+0O2mKM=6)KohdYX}Ul?=LtJ^;XszkgZol~NRcdi<#XQv2S!bUi}vcixq+ z#B%t+zpyi#1){M)14IVe-Z|Q=^HQVKfJyNgD|6l5q$QIHhW&X`R!Spq0H)eyar&0C z&82;@uFk9;uJ^fqca?(vl_^%zqr2fN|H+wI0q*R!@2~}c_g=XE*`g^LehXaT=`ZL| zbAh*M{?itplNGbd*bgqp)jg7&)tQ+pRMe(gD)*GDhH4dMv%rHb^4{4Yv(^E1TKFw_>fhk?}Qamia`|?<#yM zSza5S)nioy$S(g?kf+6vk0F7ZP}7i?6g5#HFNtMRSjL~&8?_d%IW{Fqel?Rc`I?cd zy@ATep(Xeq&vJx7V~j%sf3LHJfBoq-{=z>($y7}6G~6&+n+#HlfkzN93YkVGPE6_< zZ~%ByJ|6T0R7aU;w##U!CToG5L&DqbsP?-xFJPEof*fS5SL6E3v5E$=Nd#Z+N?a z-QL*&T|6&2FEWro#I=;9`K_jB(ip6M6UFT4Bq_YUA7Kz9 zl5S-57MF0&xuL70v-p6{%2OwmAjJ?kHXt&t08ArL9V}KCIr{JDzLJ)g9%2owf6x%* ztPnA1M=#)Q+9~i+hYi_#k%k`y9Jwe*Y8*7|L$t1m6UM>D`qhc0C_x<5|E%Z|rZW8g z#Gt=ladH(3+trPt=cz9kal%vu1&iB?$f@?@wXNPvB9Ha_w)t; zADer&Bg*eU&9I!RY+3-tqF#;4<4LA>s91;#F}r9$){MAGm3Qo$_OQID1Fu+?>ATgo z0nc?ci7L;ULa32LowDQ4>SBMpY(7+HTGjJC0@~SdC$whrtZb0!fY8f07Db={Gn+zB zOUj%Y%M>z1A5_O7!iF01_msr&(t#p->M(PBdF#pwp{0tO1qeZsUwO@>#t)ttANKLQ zTj5Js8`n(3e=sXEJLV+7_ygUr-%Hp&BSyqCPDhMf&>zk_@_-{0SymoXDD+fr8qB;BVPr(cr83J`q z^O@7DC(NybP#i1qHs&Mu?cbXIw_xM7NYWLR`zp;+_pNY=%n9X{$+Z}ZIu54FkLpA3#QtxP2hBOv` zp{*KS(R8m60~1UpWS%4y3JTS-Rz}Tlu2sF#W={I4bzzsEv%$rQ>X*`!qHW(eaLRZd zMQ0}cQ-cWWeGU-p1rL>N-jp&c_*E$Verp9RtxvsL%lqc*D8$o%?7+TtvZL_RWf@Zrn9c!w63T~B zk{7z%AJ>1gy;&^)@|0+A-r&#ZgcIZDZ#X{higUUf?zL25%pp8Qm!ep>hL7`sVOY^8 z3|R`LfyZVc0*x=3tcXY;F-`8u0XVstT`SuC*6JOL9%~dNJ%Ib7qPccpb-KNMV@f__ z#)-^^HQA#*X?B&Qc~fOfYw=~Zu~H}U#-gRT+j~)ACkSSh`C19T(a;;k&=NBaZ=Rd8 zM}QZC;#I|j5>(s$pa}y4@Ibmn<_+Fi>`$mgvRrei1a|RpWX`MaC7+@M8m5H0C zlumCqAVpy>WE{(;FN?I;W<;nL{`q~|kpLa)%vs-x7_cVr>--W(hzQRDwe}XY#`Od+oQJan(84X>@2ERd{41FV#*U0ej(Ewc5jQ9qivXquypx95 z*l3xoq>Q=ea3UwseylAav4q5k-kZ^scE@i+J`>qGJKWMg@de634b)rOOd2^_Q3&G6 zn;4`wDMmx{fgmnms!XkgKs+k@gd?IY+w(aeoY$G@{U+8So1qtfET>~$zScQTo94Z; zS>q=@_AS@i4Zu#I;5^3II>Z{*-*+>2*}3w%;ladAeu3hPzpCU)r-g9UCOs!#7EdBo z0kfaj{;GCi^-s=0$69Cw)qfgHS^x&L$(EmW8;>!$A!&`&5Vi~lI9hGAIYJi@!b`lW z+jF`O5me2ulGzAjVbX~;+M}htgf{gJI3=G-U*DCXT9fCyR*nmzS;|dnx`%6s;$T(* zoHJNk4Qn8bbkH|>WBN!5Ts&CKYe#C#7rYUQ_-^Ee@BHA!1V$J-AbAh?K|zDe#Qn7} zTT#8+|A_tP+Hp7YxkJu6MOs%1r{62H^xbPqdf;7*MQuJ`H}nBM;&PRl`uF%vbTY7f zhrU~!+M#WR2!dyfEg5~FnL!0K{$%v=QKo0RFU^lI5>yhBUZOhZ06ZwMLL+w2mVk~Z z5M!28<2U5WVFFITg#cZVes@k9*_AVaD?bRUgcesfZEJg{`^p^gbCLz$Z#Cq1@8%?8n`V4+rM!{jlIQNDR<7fXyp zBAC{yJR&P~>2dY0OdtFi)7c9q?B}{3_Z8hdOd@7VU;3)o3L%tZ`gr4RFBSUAkGb=|HWlJa4oIjGp?8g33om$NB41P z_{oBuVNmd;z~pN&fGkS;>ow*2e2kN0%$s9Le%d1N;gkrWJCt&3ao)ZFYONj*s46A^ zr$(rSXO z#&8TN8-lKD%MApXx)PW2C*Ud!r_WdRG=cju@@P9mCNOWU&$?obbt3DDA!uOmsH5-~ zOj1jdk~x;R^VFKtkyLE*$lYY6;BvQEO8{q$bV=nAvgz%Vqf&c z#5STvkYGbN5geu^pSV`baG>>yti`ThUQ=2uo0D9X)my>XcX3OAh2`SngAil!NBjK3 z;Z`enx9ZnQXdC!11|#C7dRt~n<+T!E_8Klfh#BzE_0s8tX-Kmt938Ga+FL%2sV?@5 z^a5GuS4%>v9>l0Bg6u&g>LtxmaI_j&Yp#?Kt6MX*H#9qQtx^nZGDt3UP&C`3 z<{BF<)>n&IrXOPcP#TpR(~ne-{R6?;kV>J}8V4N^?p87`(YlZdNS!s)?Woa_Wk6{Y zF<+LnrL&vBp1SaJHogM!T#A77uZH76?Y^SigS6}raFh$4C!emFM^&f<9I`c6>#_~2 z8#mLxN^FpMK>|+Piu$}|rsYHdO625}txNZnY<6uMY|UER^E|YmG*kys&gnhoTsss< zL&KnP!)39PfOr11?4*hkESN#dJds!-S|IuMBQ@75wyHp2*cErJAl&m-$=!58bWM54 zy^|xSoyGzz$1pJ)`_U}g16OhUr@BSDN+P*xWk}u-k+M7aV?JA{K7FA+d9J=CyU2{`u*kn%FMA)6 z3N$22I4DXepz_>x@+qCTAKuTq2pv)}9lT!%Q2%}RL27OlfRmzU+nP&UR2?_$lVxH@E zQ9g1#ka?!F)RCNF)m%G{@dKe)OsJqXxGwCbk`=M+WaHFdwtX#O_e9(uP4-!nNDzy5 zRxB_&&-ovLu+zqJ8zJL~y2es?aFBVc^JCeHLZSC^N?FAb}b&hr}+z1aaj7 zSWDnVttU&R73~7#=sFf$_{&vE@dg}(4DWK==nJm3Z)E*ryKwreX)7k>H5125rjATz zL_6V7nc|Iiu%NCWo5oY;^PJR6gZbh98%)S!E7x9N?ld1aSCMXQU)FMvI0W5$q)>R5 zt*^t_l3u8PrWH~UhPojWX$;dgbAO`{A`4nfb0{QIL)2L@)7E`!{|&fFZ|TC(1MWxb zz_J`%DjPCo%Ta2l)Sbxga)Mqw_Z%S;WbjpSuGL|u?GYR8sAm;>rS)@H&Ql7uj zh`2EwR`B68<%m_hObL<(5~Pr1T_aBR?wAE76=dhIVN4}Mtg8$3MCR8J)y+X5xG2)o zr=19VB7=anHti9CP#Usg-fnv@PE@kP19SCHhnvFRn>VM&P)l{L`ob;+RNck2MQ4}r zK;J2v^r}xy3u7VcP4?25QVp)d8$+_K24vY?X6`%$#g!_*I?);d@vof}Bgns2(E@u) zIfaOC*&TX2zDz1{eK^XHQk{&p=^3;^S%A)tPm`%IO2>wBjsU>povuzJJ^8Ku+lbR7 z5|MGjS6kwr#33g0o88{L-`np63rlQCxOZkulWsqDH_o&CKLCnAb-#}rtL@WcF!Nu*&VXM*rRa@wABX<7k5lrnzKGBRR<=^Inpu&!E~&uyKj2w z+LjubG1C&eDa1CPMDOsAo12(}dNA#+ey-Pyv8gJ`9A%&~T}BQt6`@UUhh-Tw?)d3FN8wa=z4Nq6qIA*_)HA^M@jxk{YepWhqSVmP0cQ2Q7>*Fu-8 z0`d^n0lS89)<0V4c>r2*M+p769JOsJ}4 zJqed2OuDqg`grz=ydZ~=!0mxEF?f=e>+?a_3e!Z-@PY1$EFFT0kjU!n_znMe;($-~ z`PCnjK5o_xbOS{AQL&DU>v(SVacA5tjH)tp+FS-CI~O`@xm=Ar^DE!P-zu+D>@647 z-LB-omgc-1=n#WLfQif3@IFQ%gQ*jBYo|>){J;=+^t@Z6I@1mbsTQ$>O^>98JE1^h z#X8qHVwJhBJQrMhEncbuv>F8Ywjz}WlzP?~%@n)?Fiwh;3|7U#5N4TGqolz6z5rga z6Sb(5FK}f8=ZP{ZCzK|m<-!Tx3S9xV!f?*-%qWVI-|&nrY|ct0f$OuMs zE7Z!+t_~)Qu0?1porB)XGQu*x092rG*62r=AiN&C)1NH95}I9l=kCMQ>`E$Uf}kvDu+vQt--L8OFV zo?f2SyA1xNEF-}mJG!}r6hHG`TJjr!G8D3cus63L?!?Si&isw+%yI?TTy&IM8vySL z4>-L%dxgFDd?G9{)R?3%u`z+I$NhH{{;2&~vn3*kY-kVNo>3k%@X zE$uXvCxo?$Xz_S$fCH-5_lFjYK&~c_M|Ll%NM*h;21B{5yIxE!=8ctIyG&Uf674-?*Dho5nne55vTKBgt{r#A zJx%->@Xqo;qJ%#nuUNCw_c?^(>Qcr;xyopl;)O)dD)oamA3x#PN4VFntY@ztJNVR| zZtPX3%Dgdlqg^-04qEL~jeWqGrC5^4yx4(LA00K&+TMZR-)5@=KS;KrSh6K_w?DNT z-&~SQTHJT3(R0z!Fh@y^E=z>Js?9+Pv+dTdF&ifBnVKxq+ zRACX8Rng;q{#>E~*4O5K!2msPx5onPiss_t1Ja5*aew&Nxnt^*FD7SE17o1egS~2`QyF(l#8VMLpokt#{ zGjf*C&{3$;8`JqZkKRqEOqn45Y`d)P6yM zyySCA>PQV~i@MpaJ}cwNN+r4rY9)?}F0l!SN)F=JeXM%wI@thEn4&2QOy-sF#RIw+ zh;8Mt%dv1|F_WD~IHQ$FT0mVNaJA#pwQ<$FABvJ|!woW0(30j%dx%=q3Hi4346lf;i4*4m~T*=u5RYQX1urOqgRvbhuOusrT*>_*3^LR zfc@T0q!?+B7Hi3t+df{5JVxLjxwkK%=SPc)c9H-JZv=K(M-t?ED{b7e`Ie88@r2aU z@VN(c?TBdUOZr`I1^0XT_Y+9wYT%x&Sy~)eagoUtOQ#zoeB;FAPZr^|HH-EVi!y=y zMl@a2+0fwf)H1zN}!0-#a(9D2c|n|4S%Lzq;v^efn> z1L)?!na(h&2A3n{3#L5IW)NATjLPJ>0>1q5;_bL?)Uu?D?Z^^8b+i~HKg&59R_qI* zT1HL`@u>eFDkAr>9 ziG4J=MlC9$?pCwJ1XtwQGwT<_7}X#&QphySE5%Nuyp;lJ(1HFQ+9r;OEXg~T4-D{r zyV<{)BudIRQqwGe8v>8GCnXQ^>kX~$=ntep z5*K&Ce`W}UhB22)qTM5bOVG5M!;VML&sBiYg{)JG=GXP$Zk@&xVk+UaK4bcpvA$Zv zz`Fc8)%PK&?9N23s@yD>?caijZUh?+<^+??BPV#)JaaCY$S-3htSjj$&&g*8*0m*E z*MNc1Up)7^FI^+|zc4)(Ygmql3v&GzDBJTA2=tp1TjTvtUCq3aB{2%NFJhpMG0n?x zWbhhbgD?LIw{m+upKq98B~R97H&D$7pDn4=@5aR6&I=sGWaFnTuj>}cVi$M!_o0lc zrA>|})U3KlCp41+3hJ2Oic;Qi5dG`a=)u4u31r~v&l*nMN_1Qimd_X<383Vf?q0H?mzQOLIoY27iVg(XEf8R7kH5tBZ70}q(T z19nyjGiwR|w*P?bR8#U^mO0I`J|YDMU=;xCGZ8FdO3`wKb_(t)saS+M@Tc@moeG44 zhk!+_+yYxnW~IDl!h_5A(PR_CyRLzc##@VgqWs|pG~?L{a-Z>L=$o?iJ3!}}LDfsM z6*K0_Q}kr-5R1rZWZh%5?Yd>-ohe^&eq!P+pSvtZ{*JDknAugz3Ql-kwzJ?NEZzBc zrvp7S%X)Ba=*~uP!VbEWEHu-b&TC7?|6m~ktaCWfPt8R8F^M9IYnw;)y6wp5g$5)z2$f3ZN((fuEvDsrT4Y<^ArMUCa^n|z!T8iC)~&d(`%LM%o!hOS6czbg7tXk zoPtWNMm1@j#6YXK?@HQh%3QDGlKT>? z&CIVQ9V$kT&z90{U7pm*u)o6rO<+KimxEpR2FZj^lv$zq@{nMJ&**TA@G)Ex<%~7r zTM}(y3hh0{9L4Wlq0SSr!X{UZa^x2Bx_fxmcd&WY#uXxb4xZpifbM3;>L&5 z8n4z0@lhVtwcT$t(u^!x>#v4N>lov3ukp74ELFjKz@65g@yx(HC+BAvC~s9m4CHqA zyRT4!xMOv_j+g}|xX57-YZ16js{WQc5bhbP1H?;aTEKC|_WGuoY_sHLIw>eb`mGA4 zjvHedf|74Oqb>~ssWe+`A1sBlPFvSTb1x!SqTaEGnB7qPXZ>tOg06YjKfBot#dFrr z1a>*%wE@FNILJX6AD@P#k<(&3LF0n;xM}?B_mDLV^Q;R}L(C=$1|Y;+dz~bOEFjds z36-gr(9$u6bO|XYV3&^=fNcVRr$M%zHc()ILj>ap8n0OnITW3VIN<|~3R?pwUWZy? zUm0<0ht`6Cbvl88V{S|h`KYP{>PT42o8=xc;&6i*+l2v;M5YkK0Rjd9a>Vv-H%x-u zlwxVKh@Jw0D`p|qku6JBWYpS(=9Ne=H;L<&6O=ZDTrdkD#AJ+sHpd{UK*jfj0e9A_ zE!xjk^)Oe@j3(E&v}`GXxcMY9FR11-ZYFSyQcft6hy&e>z#1)Zg>yL!mS#f`JMscp zQ0!U7@GKjH->fof)=>&)(azE8ZqAl-AL8u{Qh{CF=ws0?v~9IK!HU?`Zcg4!Es#y3 z$9jeCQiyUc86!M5>H`(p*N#X4EEc@6q;GHHG_miOkT+YmgO)`^w9>b-j=)FERXKN+ zfRCHqMO~-1UBgDr4h9_X*qpXomSyID`}kmQRAtY+Fa!*7eXRA(CV(BLr7Q|-HP4T> znU||#jYwJ8E}}-+>bp??fUvTZC0)+_m2HFYHVEK&bpHp zwN;1z#dMG==lOOcS8h-XZKTOXb-R(GS2GA4fSj+bNMl5&rNpYY@X1aGx7Yag8ehk= z*Z4li*#Qf9$n*C;lwF#xCtVq$Iz1p*V`+Z{c5z*0RTs1PnYldzOY(MtMkE1bsu2}~rTl>>k zVKYi=bHMd8e{iW)BN`1ztVRotoirJ5mchsE($>=-L11Bjp(+Y=bD%7=tQ1hq50c-Z z$kTiz0pR1XQn5SKGS9>@c`vp3pVtub4&?PpGWA|+_{)Q@H%{fTR@=I7IJj0I%o5Xi zAwAZvsteijJHr(@6GWDFsYZ3^K@ODd&e@@BZ)974b~j|%*o+-@ZMy|a75)M?H*j~m zP;y9@Dye3RC|`U1RICc)J@u6T=6h-*xm8 z`N2rdZT!OBd&xjnc?&5Q53etdrl#%KP%tMHA#w^OhyOn#DZpv{|4Bi4six$FC@vNm zYy4&{;z2Xf9fMQKP~Z*C7$#RyL72t)l=BVQ@Yq%+GWWL+4tjRYR?qrSiPxWytvx#v z&yIa$MuRzd;R(FW&)~Ob?c(GZLGht9j{610SySa{M$sqm5Jv9xK3ai>f_G}Ki-RV8 zd^>Go1`?5cG2*ad(1b6|TQ(aOl z%mt98O_|(?fHeQ6elQM3JEHH}t6nlyNQ@S2ot%|BmH>|D;*&HfsL(U4fcQnb7f#8f<_i;G(=5v77Zs}2&IP+&;^a`y=VnnIp3(5^N8cFl zWcq+tglXNwW;dXv>S*$em2p)VTqd=H z@m+&&2w*A$1fEXr1sUE{ai%o6r7H)DMt%KQFuQuN>Skbg9sl1Y!EjZ#xMu35nG_4f zQ&z(VO`ph{zkc zWTk1+MZ+Xg+^|wZXvjkFpM5_b;uFl*8eFT8>q=5tl8-OC^G~hYg=Cm)wGD z7jl-!Jg)@TtLGqmnCnKC>Uqj;SoU1;#e|m0l53Wjo98(#_yi^>zzRFf(}+lt2tLst zycxgcE}D}z#aO?yE=>92_2pG9E5YvDV7uDr9JA+USGbrnR|&*H`!JCrsxe+u9P5V6 zz*Xuz{sXrAQ-6ppn#%x;^eN3*c1rs|!XKO#Am(>sHuGN8FbrDKporHNQ|g^VdG?kQ zkNaG*jNKr9PS5I4;oG`kLuuY|PNV=7rT@O)#!?r30gn^PP68ko^b1rLbO$Q;U9*+b z4ru|JsYeSPM5P2&%(!HkwNuruMO2EFlSRc-_B2 zcP)dyW-ArAaJ>K%+J8-+pO z01pb+f31rTY4_Lz0F>{XRI*`{)9gU#F z0d^5Vtoo*-zhQ=Kf`plSxdxn}#9vNul@tmN@l_Xo^Ie*8@22g*VoVb+h!J|3BQJSGcu#8~5UiAUxU zKgd|)!owm`G9%J4qeES`4RaZRE3)l<{RDVVkA?NLTb!rI#CUofe5VoEPLGM}^k|q) z4~ysY;8;$NgX6SI45x>}Z+blJrpLr>dJN2_$HZ%T9IU2j8U7J5nnvR@Jpne;XNt?T z*L?Px&tCHxG1f>-r159q;jobQI7s31gcwM_W+gik>u4O^KRCwGXMu0@RMK~6QG!|3HFGB>m4C4vKCV)qSN^FzM z|K#XE_d^C6iwZOX5hxxFXbf54Gad11fXs4XdVUm=V4KQMz8HSw4ZHP_EAxO zo(SRR@zH&@K=v7l>azu+&v-PSd&AOBKG6VBILmc^6 zVT#6fMWAt6ni+W zl$K$TQC_JbV^yVCmn+hb7M9S9cRxO3chr0_O=SK&UriF|)_V(oeD5#M`AH&WofSMK_lDBrD7V@)hxDX zJLy(g!|3f{I!2=NGB?u0gq->_djXVvCeBN_D4B8u0~l@*Vm$~_csfFUrZg=9B1-X} z-Q9*%G^`BUW+p{O1rpunc;8T-vGg8eH9GVh8ZljNPQY;5p|eLcD|0SrhUo!zsPARU zaFABp+0BZ=fVtpm$M3qzo{ z%d$;G|52bkJ+u@~+IC<_UgUIEUarY4#VqB8U@2sm#xW2wX(}CN5q=cl{{b_LDvSU# z%UHzvdgj?KD;}?D5A_O1#eJhG+UgfKMjQr-%7vyXB@+&at*{|(hp&eDo(&wxiX{zF zfW6TT>}Y0Iz47luycO+p(`OIr16!0-R2l8tr;U^T0IF|P(CfH>*HOW)pKYM)y@Ff^ zlv+h}Nt0{UuIWg}ng`hMWh657|jIU8}Lk zAs!pR#(sXbmN{U?B%(=FV#Fd0tAV~fZF+fFh-b+q=5#^wWaBinNbjIL`)Y zArno@UY8xa;mNBe?e?;ESTha1hY0&geLus0tEHA0^O7 z3A8rPFbUL>_fdBI70Qkt^R1-{8{QTwJDQVKW-%)gKomFf(@r*+$Z+rM)Eis1Y8~lO zSwOhdnf*pjtMa!I-{CgFXdpM;_1CyW*H8$TVlg_^Ag0Xqz5=jx@YXQ2gKnw@xnXOx zY7E_}#$kQcz0Ny>7ocU&QlWtmNO%{3=@lFaoKUGQ3o&KaJOtxnWvaDbJ7^C5?|Z;O zod#h)5DQTn2jN!}(1ePVs^>&sFk{_ez;6bHJnNaEby*K-W8&1Cs8J}i@Ta4T)ljpz@cAZUu&PTz^}h=>A}Ng)JTn&wS`9Q6O}Hiq zUURU>qPVOZ4jKc1*4u4)AlE3Wxj9!x=al4$WwlRCeGg-N_HVeLe%r4F%lLP`n0?_? z)w9WB8Yi>a?B*m}6pSJK5K#T~+FuuXL%gJkWFzt|swH6!gatXdusH9_G0nM2HXhR~ z9vdaTN;O`Ogc`%OKfZf<{QKws-*d&@ssDrv?hnsS#Ox2xPV&2GJgQ_0<4hTi4{_O! z{_yPV56@0)sN${{9bVqkl3y=#whCgk!E(R%)ne)o&rX#1!?Tk=Jo^-VQ&)->ip76; z_UU9i>Xw2=Hv3%u;n|5{&wqG!0t|Y$s~MVPHV%tbLX9UVnkqOmXOpPBl;&fw&UXGT zV6<%ke<{toln4~=8zZK7ouSg#*Q&zdX9hKgblcERu)p=D|C<29G6Pc|TED>fx7s>3 zUdyRyi{$U=5b{poik~voZMf(TTHi~A`g+d5E|>fDdPc&EHf`@ogm)7&FI>t0ab=MV zhjoTLleKkjZq-O0R4JC`0cCXF)1roJgQ2oc-CZU-WSHiK31INm(vb^Q55j8+vkPc+ zY!hN2PQxb07(Kz(5Npjr3h1CJpbAF>%4?L6Ku~5WQ?*RbQ3wpSeyD`u)=@y4H;79j z(mXAYBwqYV1{ERgpG|}biYX*$cE!_S2{HLw2A$0q1&g!ptokdY#r4rx566P)-XO&6 zADG-kL(+wL28L#v=Tc=KPRO5Y65Lf|<2JE&qVl0*>kEp^a{#*7& zwABr+KX2H*Ib_U5r_#8>+at3QjM4h+$ubRz5+|+(?Se(Opxs%AhU-c5sTt*oUkNQ) z_L#iMFi}m>V$L>|Daa~g>S@g|tN`MK%M(TdNkV`MtlAohEaJ)gsD2S3?**<~*tWXHjRaD?*gr{_F^A2N{ zCt}Is33=hcnK`Th-O7zAQ+?A!C|lNA%OT*VgOU`w|Mrw!KSQjPj2ys#4xso1qcK7l zm_gFHCwCs7mTQa=LsW!b?6u)Hk+|XeTKSAg_8jx z<`#|Oul8S`H7#nNOo%xIV6&!We_W@(j=+9+>xaR z^1F`_U9VX{3r60EE4>nB!bap0%p%n%aJjt^=kHils#YgkFK_7p_6nug*A>PWPQ8Zl zRqbIPy{nUSw`|!#Hf4iW+^{V$WrD$*&>a1h3hE4*GU#j_ax?CQRk zo_+9Pp+x;=06duErR_v(0s`~Uzs`RuX;Np<_)+^Y!5^<7*WB|Yj%b15L8jQh6ejEp zSWeUt2V?n7wHZv=Qq7HdR3@~rHIZ9utMo2WwIi>zAQQJLkD+UIz1rZal#sK63q*=G zPBi~m9Ad31vvXT}5i`qx+^HY=Se~_@dUI1Ac^urG&k6a$sp0La0YYN9U@LdwR(69ememDu*a|2&^5m+@wPtyw z+bjRjTaA)}&EZ7hS=sPB1<0LEreY;>k%;;7DlZs~wc4i&IPV*aO4uHe&>#e*nie+| zovvGk=vAFthg^7%*IBCdNEwm^+8ZAS=@;D!F zh($_ytNk>@v^WG3cRygbyMVzBhyogB<$jN#x0}M9+i>S^>EDixGcWe8obGVYtQ|8jJn6Ym|(8@D zq(K||b7SEpzf zMpLS_wW%$d8*Ap2l?mjlAv`MRENJh6Lv75ZbA8NJeSs&xYd4MchL7lh*9mozU5dD_ ze0Snm+J6KDm-Gk%0oOzSy|=-gm(q7vx9om1q4iej$1$PtAXyng4!Fe(CrH zxg?jh|LXsA{9>#Z#Us(vQJs%QG(!fc`L@~PaGT;#fEPs~Wk8B&|EvAJ#@`~40uh;M z;prhv?TFliwKk=ueWw{$A!KR?Tikeb_Ck3PW@TK)N8Yb zQPXS*LmAE|EQ>hJmiKh&7=;y2=KRi8=gbQhvAB~>fO{IwJ-6{y*x9lZI`TptATYE6 z42CPoxxQSvcJdUC$cc4=^praE91R~o+t|^Ny7RvERp46kJlV8?tF1Dio>lGPUcgKo zqjYTf)=0n=XRBt~ZdkY!v9rMwBL{$6NRlUYHu41AL{2v`SoswyfgY>f!cigIC6Kgo4~7 zbe)Y!NDT^XW+66YF}JvIV_^}%1E!KH1<&GU_L>9?a3Cv?eGIkI5VU3h4B=eLzdtJ7lpDBxI zDVZ%K8WX9P)he|gAAU^62@C=U-EUhnmn2>Uiffri5*L3eVv0P#EE8@X^ud__V z>~uEc8CT0ok??5iP@^|%Eqd46Lfn&khVz8A)|7*aAk~kK^&h>431FJ;{xH(es)t#x z*@S$PBYpraI$}x3)EBN`KE+%!tPk&>;ks5if0SZE$jVqp(i7` z$Z*4SSr=vr-82jWcl$L29PDnd`|Wk^bltfPm|ESvtv&2&SL4Rf+)Qgg#I z^+zl=FV2KD=&c&9TD!t(Mpcx|sJ2Z*&w(XSz|P;pF2|Al>bJSwFkf#UIC@<*Wz8

OO zf^ffCugyk`O^@`NrDofMy{-(^?=A@ZqKSo1*Y^+>EQIiOCb)pEQNl~UVfO&XKBQLC{*zcJ(DvuUA#Y^X1^4u9yh1jG|Sp`(*o+6pjulIi z3yH{n!2hX~e4c?-n=5yaEquPy!KrxKJv`yA0IzEetM{B@$5)b#WRFI^9My}GC@i&31#O+RFSk$sywxw7vq=S#{3$B=#J9RjtiCiUqhm+mUsf3?)&v+_C!dfyU zi`7lE?cCRQWtG}=zhI^in5Bz3yA`j(LXGV^&y6=(cH7hZLoq`XKrfxqI6+fJGl&z< zVs{R_B?#{U7Z(|bf1It5%cVJf5C;S|lJWGVG;SB`z1dbon^g9~)qbjDztYq2UPeZJ z){U3BshMCaAv=~?=$kZU)sR{{SskilNNeM49*-MNy9c>8esNqUq;On`dK&rti$S`F>)x1mECOqP**Z|9-Mm6occNwOsD9XL?#HWf*FRBx+T zG=7^k+lw~Ur?GDL=6Y?AN^5%AQkxA^WNlx)DrrMMJ6BTcDUW*TVu$RU8FRMDf^N28 z>nTD>b-ey)w)CNsGJD-^qQBC6d7e(V!M z(>C+Jm57&0NG8Zbzlc!I*Tfedr*vOxE)rMwRwli=&pF9Bt zLiZZcj3kU2Fi>;Imzd$ziNG5Y07!y@07-zYh78;twmplWQ=DTRo+ zHFNlfcf`6ZKg3CO7cX{2MB5(1NAsUbMlN1h#_JWWh->#c$IJfkG^Ia_jGTXQWg6-M zbpGI&R$p5E*b%5x9q7nGrazYj(^Apa0+?-RRqE28lNVG`6uyvi8F?J8F)ct%0l^2p z8Z17!jt9w1-hexi{F?)e_A2^HQ}zr$C#h}? zOflUE8E+Yl$v0rDgMWTsaK$DE+g`kySbZ?VwF%iD*vY){aDrpKli;}H9ospfX(Fb! z^64&S@$K7-L6i9Q?S-9#{->C&4IhTsIfoq$KSVGF3FA4@(%#Mm=$9)}ZI~4F+88A1 znpC_Sk$Ca|!f?>?-14jwJf(i%_1jwCM4sfui(W0LzAi{wCW_}h@b7Rs^j?I7Ggl#) zMu2^$xh&eA5!;h+16^z&+`#WP5N#>lAw3%FC;|vHy(a3-a=+ff*tGfF8L- z7r=oe37;|WxCim0GwiR%j9i$LWj;7HXS~b=Nklf+LV=apwt_ts8CRkRhdb@VMl2ej)D1 zN{ma%#=HyUE&w+$5K(TgaCv!$i=C_qxZpkJ(&YHj)J_-JuPA=d6HAbjT+w(iDw^Me#U_78F*lmD{5*ZawBCGhk`@gVUwxF?)_>Lw{?Yz@C?ZCJr9}X|=S3`P4%zhPv zXL0+I1gjX(N?pY;pBXo=3!kCZ&H*rNHejY6FB7O|U-eUKHe3P^63fR`85c(*D{_6^% zdka9a=MiCgOpsg^QEeoM5A;sie;g48;lHMNkhtmIUJ)zZ$Hr0(nIO5y%T5#xM7ruK zpdP~b3_}|fdDF9bye8|HL8?EQa#gW;$rJ*Ro0422BaumZ0%6Jnjt>;VG9n^n(WD$+ z`N_%234#WH`st@c6oitPMLb=95#IXK(+-?c{ruPI>sOE{kSmF$2(VZE<66UVME>{H zH*YFT{ra~c%saAl_vu?ePyYPLCp~Y2tS<^~;NNWSg3YY~;AFTitayrfbE*@+me?yN z<@1Fy$Xt5=COlHe_Ax6&7?e893Ngibjfmajmx$SjB>a|(?cQsHg7xnPW9Jp(iiIKX4NO zl9|WeA$v!!m&FYWEOKv4z-a-`6rXcNX(kOtA`>ok_W;doM%CGV!-%UqCB45T?wB%L zYZ>!Xds+v+38SH%&x+d1Q7OE6WMrNCs^G6UpXZjyM5TNXS1 zIe}bD*;|a3*phtw4!zkaUDiM;^Z*VflLKT1qQHDzJiYq!UDhppO>>Fm!?d6eMfe0@ z-c@Om)KKGtC>Cf&X!h7ni`Jz*S8T(;f=bq<=AQj#*gb3VkCPs{+!v0StpnxuO6dw1fqw;L3n(0df0u-g=$K3_RL!w-n{sv`jmV?^FJbA-jR z^SQ?ag3g6ut#~x(REnfj*!Ym2`V!3ff*@&qnIo zWOxIZq*YZap>W8;rV-)0xOX zOn@`I6lH<#W#@T>+U}9UPN^gXn`=$0@Tw9Z2;|oJA$#%mIk#R%CQN5LMm)?5amQmT z9r}!pOOjLRp(0QzMa03bRjp2EAE;=8d|5BVZ=L?Wvr#~q^3HglAaZ9SW|!qO;c{`c zYX?zN+ZblL7U$IFDC%)QWs-wvr!N96qXHtSfR(T<`$t2-<(DvnGIe&7$%(3qazA;(D)Hia<~p-siSHcz{!Gg^Bj6Jd5>hp%(pG5X;;K$|SF zN{~{rP6uaYWgXo5qd)c0pW6KVCjF@w=rGkcCe*@*;*%azv8bEf#2M<#dQq`6l=N4# zqdmo=PoNRzTvqmHFCNZf>VnX@Bd-{=)uYZe%=w_o4aBl2=oI!m&$;L^1mgoj4HV+U zFy@h|AvQ9x>>vi_G(xqin4rr0gE18|K#_AV|%ES20j2!Dlno1fPBRmpAn*kDT?nE<^-$`RG@E z^ecBid-f}P*WRV^9tkrW3V=SZs!Kkv6`402cju#xw0gYl%5sa_@ejdQBE$HFP&BU4@##aeE z4r0*|#X&-wveEW?NfMrNz{!b$YcSd4rNieCe>REoa%7sAq%0N1a^#xPU)I_+ZyD8nFc0#u$SzlUU5lbZ3Z3(3(%Jd%&(YnD{oJ#JpzfxzOkqRU${uK5JkN^!&*a z6A6$qnmH>nM0|*t9Z2^sb{lNeMYo}e53Fh~i-Nocsba5)(LGB`f>Bxc&+L_!mO5Qf zeOGe$MI3zn4oaN0ldz#YN`NwIaLi^IK(-qx0mh_rA#oPCKAI( zcm#EVK&gd25VWUsgDHK-(=sKc)FTvG{rA-X?`?@AK(pc*{HUhLck|{2BUg@El~oAc z-bNFZC8#cD1V$VeGl*_*60CI9U-)lem#qNs35J%9h>vn2b*#23_j)(jh2xC(&Du$I@ld;JQcA?wwf zvKa>R;BP=J?@*%9#Fa1wsZ7k(Gs4KCRNQqIYy4Ikrz`JZsPw3oBP>xv&KQd^eab7e zUzAzLSf@v1#;7U_41LM8no^av0y|W}G}!@gtPm-Y8O`NFD6o&voJL%AMxd*LMz>J6 zvS4O}?Zb(VOh~=I&h_LlwJ1b6UqHSSz7-`@Vmey8|GBYUqs2=SFEg6*$ki4p#2uGh z7(Ws8*EK~-E?v0@bXuJyl&9oSGDgnrcE@k7P{%;4W_J{kA7Uq573Iu;MOv$@=b-O~ zr!hOTaj0Eo6!nH|o}VZnw$0WmVp%MzNRQU`PA@N{Z;ik+XbNt?7Y5SPAuGBQ+}ftT zdon0!dB@|DCV1;~PU-CG0z2dLg&N;8u;1U-jhlx1Wvw>J@|f>_%T}JrR&ME5GnV=v}$FKtH)#=L({+?DA42(OrVIUF(OJJ z?r;~|)X!-~*gGx(wg@Q;3qws*zm;`#hkC6YgjH9R76F5Ql8}!wp+0h(+XgR!P$LMv z6Wo>>)f^xL7ei0tx>>R5lB8TJddnu{O3ONaxCE|aMxYE4i%FR&-ktzLj7H)52Qqka z5TvS?k-pCJf{m@jg>Us(3QWN>OM!}ZBe#_o6xI1WhGtDXZ@{5j3zye(7g#QezXDmGTj3Yj3$f@X8(Km)Mo^>j(Tc1lL~#D!Z6I@2ONSFk8kExK3_ zUH1Urx&ZLhbL3?_*+r~;$`p;MqW$sm!yH?$sjF#fVsL<`=kE$OMQbr}*F?XrP%5H& zNOzn6)Z1JR9{@!)2W_C99xNyzT;8R!026k%4e!SJGHh8Yj}* zF75*<%(bR3@4kf`;sr^J z4b4WCj68NV`(Q|87}EG@K<5FmlJ*(sq6~AT*k{8WZu@9{dKK)D+hjLXJ(!!z#KgFW zDU;XBxaNjo6#b|str^+f**Y+}>(ClMCT7_!wp#u5qYXL)A+uRG4{Ghg1d3WEMk@{l zI3a9;tv)t|ND@{6xs35+1=DP-mC}3jam>0DQh3I3u?{O1L0PB^dXxXM;X%Zun-pr`i0Q8u(vm35d z37o%w%Jc!Oz`epqO_1Dv9}QuL)h_=UDs>s>pv~accg^YL1&%Dd-Vz1G~A8cS4%XVShq|OERFQ;f$E9-$_C{loOV62D2PrGvx zEEp|xOC!Q(`hpeN7@U(qL#SLtMpB-bIA%0902lE_;x%6}CUThdCfncx3=P{m!cg)S z&%rbd`HfV!y>F%Pn5-2wcou6e4%ZpjFJu`-j5#Zy;V)srb&YWw@}yKn3nqyafXXWs zO%fJ6mk}{7Ebi!fx9tEFGnxF#%vAwq)LElk9l zq4&TuD!5Gox7-r%wS}#-4~naSqSRNF%hnIvLtaMz2&E)npveyWxCEYUBC`4OIrIp$ zCdwT-5l%8!VpE3kGh)InXsJX>6_3DL$7i0?EOljsTxfdV1yUetQ7}e$s?`w+1@~tT8N+%xyVfXFzxy8i;$BN==S&iDFNwMr z&URG!$qbCbsNP}VAJ1@&?b!=lw8Jl$qDSOgiA&+Qx=Vx#(r^uo2`agP9iJxo!t2@B7hTqAoi4R8 zofSgLH})qx9^Rua`KU`i>XP2`YtyI7~=$P*b{16IqxS z?2e04+Ti$7;gu?t(fAg8?g~8HNLL89C}MY7gL;>Ws#4YwJtFWxKd?vAt?M2HG0Xx8 zW%a``%WA(4&j2MGW`UB;GC|3Qnif!hc93*Qwz#lgVa5pld}`Q?O>n7_aw3uDrD7gC zGE5=-ni_a^YJh;pDb47dja~QSD!1i$&@B~g(2@UD-QVO|=r9gNFf%>OGez7H5Q~ITmt& zLpwIPVb=caMjS!x9bxalD}aOg&GL~!uVb=%82UnOquL)DkT^PJ3HhmH#gb^D&*ln* z320D_RPq?}AFMxT9~L8UZmu62 zw*Cy=b@&98&GMhN5?V+{sG&1#?!@{xEukSRSra3u7LV7+CO0~9YqkX$25mXN&w9e? zEn6N)1HB|Nx!}32pbTet=!U@OI|#6~9ik?Ck&Vb3q4a;wA!z_M+zY|v8=>Hn2cbMp z=ppHD98MfuK@fb37!Ht3YUpc2*4!F#NiH%X3PZ9DwzlaOJG55v%A4BMqgfYG)Rtvu zotuuqR)*hz-47i1HV7XJ_)*2?fsq5%ld@tC*kMsnL9FT-$oS1HH`{(ggOICd%W!1- z46y*>(_dYy{$_Y6ol4tXT)xI-Ud#{-RU4v6i@5?)yFidBonJY{uW@~ch$kd6|H@^#qdUDH_ zPeucf#Ym0$J-Nu9R49`*2Id4X@Ss0|@18V^ro%+eed;sYh6Wk~>RCe3gRw6&{Axc< zWu~sYcPdYjNp*ZLHe^6s2uf!ebck2$N9>*YtsQ!Km=1ndQ~SH7A9$&!Tn<@~^%Bh< zxPYHgAqtbex)u`(HLt3I8~x?ys;7z>D45Iz#!fa)&`2!{C{%4DvlPk8A{WvWI9lDv z!I>i_ZO7)(VTP#N+4?*<5ZBWcI4yMAco0FEXr4gOSZt6VDnkw-28V&^xd#}N;kl)> zDxv(y9VO~xgnVJdEDA#BCAcrV0_Bb?HwTFU7}8Xfnb|@XMrnIO=$YAsYS*>dd|o0E zpXvFTROrz8)dFU~SzVZVOv~m|Nn*i}`q0w|Y2HkdkmBa{G4YI)TrxZXQc=Z5SZ!~X zcx5ISNkzj3ul40$DlB^X5QHD zHuLJFbXH8V&j$BNU%?ssY<__NlDGwss$msYk@s8N+us436EpI%szk^o*u1%gm(mA= zXHilbw={As%|rG?)s3#@>ZexDu`&BDUM190+{6$e$lPtwU<-DE^?ZbodsR$7|cnTX|h%|FkYS!MT68^+ zV9dKMleD)Ygta;LR1hR@?XMtD0>qk`=o2e2*3Z^F#KKtmO8Cy)Rb|#KY=jjj#I^bU z`#0gmqzoK?N`ORQLY=p2y)-?Ad70Se>?3 zU(~cEnz)3=EK~ZB7m^&pFS-E+&N*U=LEBIhBc1ZB!mX>;RdaWJUai$zGKJVikX|m- zf=Hg0iJ}=3rR=Vx{Hs{L{wp|P@9^kt3z}NBRKKku+onRU48E?bw8Qw=UEK~YjJ;!# zL2t;Da?U$oe_rU(L|R9GPF_}ngnU!`4c6)e-@fUBoLybKFhGi#RE%zQ&kwBm-d@zb zs#;x2)``PNET~sMPT>2i!T#$MRj!-sug5HBSq#;$ynTi=*_!;OYSa6#vU_0bN7XJ# zPwifaB$kA|Q$=?H(@3PLX2`C+8KK#-vwmNYg7YxKQT*!_j^wUu`b)o%e?_9&#}8QD zA1?%R@MH~5ptJFYO8Zp~Or>~O17Yozo}C_8abGqRo5tC6Q^m}*W<=k9d+{P%%cy>11#$RyogBE+I;RItKK@hb ztL^}J?{<-CYr9$Yp3!;4Dx>=gE^oIzt!oX|&+V6I=fr$kS8D4=xV8CVHt6m;HU8QC z^6Y$N*elBJX_8oNNK4)pBfy;M0px&luVt2kVPPw8wDBa8+`&-JZ`p(kFN9!k6~pEc zs~o~Hm$x6FeSTG8wFN4?3NuSll6wOn9-s_g^ZYqE&tzG!svyy7H(HL}iE0ce^YZxv z*zzB2JCIOTo6|ypp1rGW;Tp7D*!v*cc3)h~Y#LNO0E0`{Ko!*hmt5%DzjOss$Z^c> zj%7@rj$n8;8@fIhD#??+`t(;kss|nH zy%~;HOh8+kdC0nJ?gOKAw+X6WSHqpSu^hc>l5H8uq|hLPdl9kxDKbP*~5(2QJUTvZjgF^4S?nTe9p ztr`!=oGSyzjGgGOZELOFRdoiSI;I+23^H|TS7w= zSar{ox}QuACUE&4Ob)ErmAF7!bFWn$hSpoE@4g8k-`G@RfL>jR*L9(|RnbdC2CMJk z9_u35I?Jg)SQFYi=XVCtaclQRHJsp8_Ge(U*SD{>9|s=00i!VI)Qlk#X^ItO7EZ5n z%hGdQ^s$bhIrKBvif|h!(qFB3+4Lm?rsVbXQp{{XV*Lt^cs~X$} z=B>s{*Ocdy7IDj5u*a^ak0`i$yHgZzM~@}N@j8mZ7~ z09?RUN2>~e<*Z0KW}WR@T;3b?x0RIL*=(1kscJ*f?q&3v<6d?gi_nF)?bO+PUa+w% zFEir_q!LwfhR5|=8@4u6Yk0+9C(BjaX(frG?&y_7SHZ(fN@-T&gBFzha z#}hV(0;)Wl%L>KKcnVvahO8}C-D=LQ^BVkqRfTdmAaB08hQh?)Ufi4ER1c(MvxHnd zJ7=NR7typSdJSJ_e?mq~iCm@$&u&MqAka)0#7ai=7j~-@j3%40=p7Q9gtBL~L;Ey{ zIeNc;WsfUbB!YQsPe8y2L9zhj!xjvar*yt`C?zyfW0e{C=Ip}N`0`Bx_^v1jEfk;8 zNF9;9gt`xadT%aHb81?A$*lvqu2pa^m=wvKZdp}T=F8kTp)sA%6biX4ljKq)JX$&^ zbu?+jn((dtjmc?pPnYt!KUzZJGeVVOX^tCBPjMAVwz6tq#YtOpcSd>QxIt+?=-{Gb z@`l~9qCSR9e*{05^?rfOAdQp~G!jH_Ut5-*@$uP8vsll-?0~MpUd-MIb&2oQ$Bd(G zX_+Qkj#}Ct^wPy#-flHar$PB-4%u8#jIu!dG1y_IAHB=qJ6k|ncTg~sayv4c%}=pq z_fWW3Rpl~`X(bXVBlM2)giaH1Da-`?YQmlYy|Qi(;#wPw6#rmg*NKR3 z{Tm&s*hpKo7)~i&5*o)u@_7c8K{G`Xs#q2+C&WO}O0P7kD!7Y<&Y-w&RnIQE6|>n& zDOKa}GfV*IO{K`Nb0#I7_b`FgauY~xlZI}YjLk8(VJwABJFLCI@}e6Qub8T%-E=6mHs1jG!Wl&Q}Tn zh@v*#3bS+vrhGG_U7ZeFUi~?_SltZuuyO;5(oLu@*n-}%Mt+-%c+$YGU<-CPs^wi5 z!|k9tq+}^z3AFI`rYmZ?B#97^Ctl_x6EV}92mI?akt1?-YF^B}E)g3EM30&;bQ=1`?ICl4vzG;LIuyb;#7%Zm+@}3Mx6t{ zluD$y^&wgY-hf1bUW4;mgB45`xUPT{7nx$kj7DrF*?a`n3+$KMcRG9gs|j3zvXseZ z&;RO0aeh`+c1LT8FL7in>b7}=uF6m0Jcs|3t;E~lRR2#&6C_a|iNl6eBXRfWOd6Z{ z$F4S2eT~hO-GXAq2`~uMb238*RnSc8l?<2j56s99$f1hz&KTF7L!u;Q=F1#7hihEe zR}K=TYe+kegoQJ(vycbVoLfGBdYAAWdBvr|TyT6Dk`EDzLQ7zmT3+S(-)S5d&+#_3 zM$Mu-T~v$7%GGtU((j>K=B7aJ_1Pt~BFSI=d;%ib$It$J(z*V>3bcyfZV2wa60>V5 z)&S9|<*+NvOx6tF@D|v(ozu~~$X#FIlH6ln@nc@`Z#u8oVo4#>-;0U_%J{V6<*GJPtM2NwE%(l-;6(sIOK%bwgS zHf(IBxal>NH=%`Z%TOB|H5lO*-rS4Gt+~_ModYdc@1B>-RRG_4v}!}ahgJM{z*gRd zSwjQ6v^2T~S26wQ5Lyx{T?9{Ap`G^w{Jl3~llOiXe7^^se>eJmKeKVWW@DDJ5K3gb z#YAapv(7{=;f=GZ21B)FFge_LAXh?Ejn6SOI@QnVx@;O%cY0UjMD_$^^a!5$-f+J2 zcmO1le%aFX;)Rj1EvAt)yNpy@yIV}JZ~MKACh^6KjTwa~)V(Nn1O;4gZ6)W&e76R6 zwnJV}?|u;W(dyVWXJ{dri}K1uYdh|DjYZ{q^nH5>@EOKEOm2V-%c-P0l_r zxDoq`8Vy40sG0M#tTCk6_Tmic@EB;*-vvxG+m6$M=n z7VjH#WidkE-Wi>(>*DN1(U(hVp=K}z#p{p&!2!{D)FWvZSDMb~dqgoB~ zw@)PtcC6~CWG+|%BPn~jG+*yP3P}O{;QtTBwx@G zRN!;s-Fjc%KJjbz1@+J|a?LM{V-+?)RZ%gcDT6Et98y3xD`jUSpJ%K+`^2_J{srMFEb zeNPBEmqJ1P7TvNTy>zuCA*^i-DUM+js^aW1FLJ?XY!k<{D3<41MbYJpB8r${mD3qSJh%qEOAk;dpyvIQtAZ9wyiyF^13J~GhT^4JIKJdUE+0pk&Vb3q4a;wp?)-M!54zb zH$uTD54Hw4t%qI#qm^@rVS-?3kO{rY@X{3$a;wE9xd0?lB;7{a-DQaDF0Ez*$^Is) zbiGfrLZYZG&L)R)Z;Ly0mybMjc$&76Us2ozl}kp<1x7aEGnjzyoR# z5%x(&ed!k^8QaSs?=3ZZNV8*=>DZ*6Qht zL$99NR(lIt!=3RG0fd>CFJA}|dR;34W=XV`O<|^cIabwTeL!Y1&n6st3-s8&t{1Gb z_llXRC5mS3&9|P*9WOIX%|>_RFca*+B@35HJEO2ydk?w{(Hs7n<^#Pn?sv6vv~(&; zWmE0(`v7u5ok1n6>ubk`;{j^UW+wpy66ygnBf@C3(4yEFo#R?iv=ZS9Jztd2#Om!6 zx^o@*?SAzFB&z}#v6xdV4 zEGi%gz4uMfMwzYkp>M$f{U9is9z3;XHxIG`&@~|#w!$SdtLI1`Y9{cOLNW)A$%;Z0 zdLB$l!hxnKEpA!t#G(ng)DyP0guvbkdtF(0O}|u&9?HRFa$pdq*9*4IV+e6GW8)>|0PY6=yum>9a zAkd^%`aCE=$<)jb6@cvXz!6HT&-;j2T752Nh%(w(?#K@qb8<{CEa2+1-%zI2XK$fR zt50aC)9Moz`n39lD;xN1a|r#4D@9FPG2#VW{-B%X9zz;<_RLj+$B#~>NJ_BLR;L#@g~EXsj0KRz4U&B86nTU(EZ*v&#gQSAGh z9HGqsQt){=m=t^-3@pWVw;5y#KJN=S1)qmAMLJwpTl?2SN!FBwK%$9)=&KF18tX$e zNb-BIi4Ecw+ZfDkjQ#25#XviQ_sbSbgZIX-*4A)=CIm0$h`gw#6;O(%dV&S8&9%6- zp}o}dMHO%neAoI5s)R{fs3aC6Aq>%dszA=L=w7m+W(e)~z?H2&H5wjN(B5cCMI%l4 zsPPf5TF7(s!qF@fSW!Zb&`#fx3e)tUm%>ZD&tg*Y7{gRuLh!+WHa88XqB;ML6@BQw zO;3%|rVUFf87){!2RcOYd8wD@(g@oo!WgVVtVs3kJ3Ma0&t7|S*HA94Yr5?6JMi8lQ)>4{d4}8ae5w zZtEG;`J-Lv(Js{g{EF;Cp3q>gp_^}$A<-yih+aFqHm@1`v$Yr7Pkje(x67si30N*GQo}R zDx2>7a$7NUAUm%_RaaZXkkM5hF>+{?ke%?9nPFnU{_Blmo@)zvWv*wm)r(T) zr7{=L;H5MN&sL*x2X5rFios24E#zsKv9)?~suU}-=j6W+|MtgU#z&tY9{zAL{*NF3 zc=)#o{Ntme&yRkwfBf<2=s#Z~G++6jb#`Qo4cQYl)PVd*DBMo=w{DxdK z1IC9~D+4XM_@fqMuK6;isvUyU8|sH<$NivV#!PL5$AGa14j4naKSqm%Jde?0kI`a} z(PEEQ!M5koDhSVGwAf>`Slhe5AywotTI?}e?6(>%h8v+FW^9-?R|Smymg2>vUfqbD zMv*8pbuDgLKn%!=m0_&~s5Z80bqKLCfL&s}x&4Nc(K6;*yWgi3!uH{pYRzI6S6>)b zr}Ts;xbT!}bKS2DCiHI8Lqp*ZM8SJ5 z8IcQ7CNU}4Kdc05W_IoO<45I$cj!&QP>tq1r1Xy)@h~RD-sK!o)UQ}1vUsodsOo8T{(7uDvex&jUL|sZ$k8C}Jc0j&O#2=KmpyNMc*H@GmD?HIDH3 z1zQ>=;4$jH5-sZM8>798XP=OTC<{69i+nwW&q7x(i>u%rMG{7(B2Q09%Cl01=JtE) z*PlNbaC*WOuMN=vf=`UEX2HLmu4T-WSlTZa9GR)Fd6^q!D7OO>=x-`NJ@Can7G~}p z!B3@_F4fkBLrgPu*t-8?J{(pBGOSdHZM(ZtkR8^ZiUZ9HQFbB^3^{wym^EBjSB3$B z?slr$;#N38Xs36#eMl7^?OIw`@Q1JR7^X)QY|f=Bc1RR#uYPI_V3H_ES|*C;NkyQy z_6O!p@74}0NtAki2#SSyu=+5#=nh>!EK^Wh0D|RNP7CT*AQEXxdvJu%i$o#93U3a5 z*B3OYX6gm-Y`aAj%V^f=y&Y878CoOaKEvvKjLi8R%U1WMk?Fsn(Jjlmb<}UArCq$t zXllwd=Y_cAdi%0?rENJfh6_YbwutH|;cZK-QtqyPsBUW;J|)plQt-QoS)o+7x$PY9 zI!j=!&GOC_nQ~_Xt|jM~Mg-7A^PX;Vp{-Z4vR4ci{oX5Z+r!oRLZ?R2DN zyQY}NbsqPY#zK-W0L|a2ZPhY$~pQLRp<3lS&SSyH*E3p(Mxu=Na7*MA0n&;2Sc_z!k{JyCh&FXeiAq*-1 z`~gZAZe8oRn0DP8L7a}KbiT8V0F60&2pmlOs2}WX(?jt4g}5IpF)k$=^M1{!hZ?tR z2~m)p^f2C)W2U0xh~Z(X>|6n3Vv#Hhiw-p0{7T_*V8=(>z&zZLGhB#YjcQ zl_+*rM9H>?_jDwZ#1xYeGjhiAg?r&W6DJ@{D9~uJM{58fxe%RhA9ql?xzvyq)Lquu z3w+YgUA&`EOo#L2_ptdNRBPTzLF_Q~_`&Ggr-5U9ZBNF~pc-wqK@b2v?>H^hf@O+F z=oB!4y*?W!7c}JbBN{66*8|33Lb#aTsc{-Yl%);Q|^S zERAcpr9zA)%Y?6sqB=CbcMjhJmqO@Ki$R*JH$PCJ3{Oa z=BT`zb)Ed(nJL0d5f5CR+?gFh4>A@t-&XjXQ^oFSxa?`(x1@!c(>N}el=dz)+pcpS zr*2*Yd^G;@+G>E$y~a2h-qjh3J(yxELcp8LFdCQ zD!(S%|9Xnb?@_?_?D{s-suJoggN0kz1zq*DoJkH55nfcDDbvMel}v>i!ic;Qb8brm z>J5f;r`;m{qx}6SfB(kiZz+@Wj82p80G)bttosRhnb0|5@W*k?rT#Cux_Slv>M}Fx zdnXlO!Oackzz2|TZqLr}s(9U#q~=cM^@3-Ym4|p&Jg^!C;aO~JDSJ4d<_%zl)a7qt zwCR-TVMVvzxQHlLhZ-#G4ESBp?leQc>@{rq`=|Pil@#m+aAha~-%%+=#A#ne7MFul zi6JBg@nQSffdCplF_di^q#wJ&=8c~E&YrZxGfSJTCxiQ{4^C#t&aPTqowM7;#)0pg z^fs&6tT)o5NAjVlZ@b-KSDZ_CRsbGi@2-9$v$uZlq@DIRy5`%jOLrnB1gp|0ch#ew z@H6A{2gZ|&yi72-*b#b=Lw<-?7W>~qJND91ceT6y4AXKFn&w*8v6H}dc3z( zCUkuaBtLI>VXQqs#yeLFr+;RRiFlvj>7m5|AIb+OC_nEz7%Ip%@Wl9j5 zVG6JQw~gY5DO&D7Wea-8McI?ob%l4*6Z12WIhLYy{)1BLNjZwi^>yiN{!R5mFnGkm z8dk^b9hYjIK6XiLp`1O7^>;GY-1fW91ntnBUTdr_-rrrpSAD|0fjvSX1d`Hd!Lz`O z;_qsm*QERjIZcu(zDv5$K`Zsw2d;_M+NItY1&hJ;gjXEIAWA+ljZE&+ds?tbBvNvA zbwT2ScK~(0PnF?OT?h+bNqDrpcriSL1%GGnMCrm;^ylOYDtjDRuW3f-Xem3qy8Pnx zk=`s|&AWKf5b@xyR_x%-_V@-XBp4(zto?EiWY__OgT0yi3RX72Q(UgXaA7ct#p;um z9>%a14PSJ&*>2dpXVdj=>Xm}QScufWXHx{h$zqc5 zjFDMF=MY7gq0Lw`pVNdDDuun&z>K@u@SLeLkzui~sKtB`#)4ndcRVdql9lNc;T*p_ zzjn37^e`eOB?ITOD=s!c!7LI*!DJ2?iJkb7{!|Ynxfze|*>o~zY8+LwxB)6PAD@0N zNT26JYgJgGJb+quEx)?Hz9cyrNAz-FCknsQKy_B6VHROlncWj&vW?xPq?6t}jQH2cZWcmkFbik(AzQ$*J(5 zTuNyI>k!^cOPm1O#ibn@I$8T|h=fcFaW7#b3z7&LlgmP+Of6U`o$VVvr8L*#l@XA& zuH!ED<2!R^w8)Gh2t(pSg7@P89ow_1I~tpwcC``7DTEoYxI!_@ zgv|JCw!c+ro>6CaEGs+1skNBVV@e&9H{wc9Y$t2~Qr|>-U3KVT&&!QwvzTQVwWiOq zDEPcDKY6>wuT5*)Yoo!uU#Br%g0D5KbqNJ4k&Nv@$^eCax9cXe$ivbrx zBmHav5bG-Mhig}~n6tk4&wYj&Usv(PST%U3;l*Lqnub(r8Xjr6X@#bTtj_d+m6q;gy&g>af@2A*&;fHI)KLv`N*a@QO>jig69Dwyh_4x2zNK1)oRu`^bL(71-}uJ-YxJ{mb*-faa~( zybFEe(x5UoDh@nx)g26DXT=AuPIRae0f!*s`GOT!C0E^P?V;4QPOZvnfjtljT>vdL z)$dq=8FX0fMt}5l@~oQ{7=CNWhN)y<3KxY{?}rxs$z-Q@lqX<}S^sS;qB3QfhZUi_ zG9S`DOPpnPbCJ+&4hF6Kc77Zc%Up?LmB{1Y=eP55B!FLch-tlPq65rZU1>d0!da&N z9?=KV*w0Sa6m}ef|8YkbE5N)C%B%Nq_8lk~#M$Yij$V5nb@cV;QAk|r>QP99=TS$0 z)X^Vx^hfsl$bS2Je$>%_HM}=OM+edQv{Z}k6oT-he(gkhl4JOwrzdEQv91Ml%Ka|^ zx&)$A6y*s(qqzZFq>wFDy0aPuw$jQyHDuQ|k5$!+CvE!Ix|Y?Yi0)AT`g=sTv}%;a z9lNZso_7+rktF)P2pc!yx_(w0fuKZke)i(4bF!dWEEn{ajr7O48%jq9qKJEl=NT+; z3=d+dIMaPyym;?63S&UqhYc_<_?_PHS_s>T4e(-C*{PVZ2ZFHpm;LCjij4Dc2;W@Y#D_M3#s3h!NUSJ+!cYXQ=LjhN_LW9aD0l3j4 z^hhsex7TjVDB;#GTfUHrs&ZumbT9gAP4I$6T9*=2pjvF2v3HjrGEB74p;&>)O=FQI zYjaq1>Q~N?KkEe;49;Z}yqnW%a__S1_kQjP@Ectv)i)g_W zi&R;#W191EB(giL`iV?V()jl>XVI8u@fc@P8%VntM6JH^mO;W-!%6BtLDxdj#LHrJ zjgnl%65+29U)WJMOsqlQ+|=IeoVH!jNB54*#&yF#<|NO+5tVNC)w z`M9ueSmUpMgtfTJ|j0xz1(!^ z7A`NJJbi|GiXQCE1UJ{D;weA;I9Vr~ZkqhZC~yi~5>Z0zj>+6n3rPI})a3QOZO=x# zS;$PiZ|Cz&{rQv5z0!qxTresFH^^If)vx8Z^R3$?F0_p1swNV+!L)Uq^6VAM=4$br zJl%A3s>3c{zk-$(Mp(5$rc85&f^`FvZa>g&^pACh-S}FAoMOLf!Ccx9Kcoo`S?guD zY}v38T6%9oR8DEW@@`JGe7uPq^|s=8RtKTklF&$1NcN1BSDZ7&wpb@{ zSLCeF=b6P5Vqi)WrkHEoRmgC!wNSWOurGEfK4u~tD^{dD1Gxoc$WCFfp-rR+IaCYA z3zE<&OC(9DiVRvf=yRet+NJzx8x4>i?W?Y8K{d3-={C$TNY?B)$7MED_Fr8muZ3+E zX_rfY0${vLWoC!F5u}v`y|dVaQu9z}D$)1&?r71>qQ~nB-^%yMy;eRfn%`~MLaT4o z*P~ybUmx}u2=lwvU!h3#9Bd)@0b+{zpOjOl5!r^J26xp9aEL2&DgpnCSP{;iRrjtQ zkDZZyRj=I|m9T-;SFzQVmyK9L{^y^+`?tquUr+9|+%W7SlH{nMv^ z{`05*cJl0#Kb<`LH*)e21SqAV#lM|w-Ph{mekITEok6ak_Y*YAm68<(bPMcr4SS^V zv%8bYUrr_`$Lt+V^Mp0MqxaUa**!d)Pa;t;p>@La@2lJDcjNK+cQohL;!bGJ**nED zNWqxg{so*scTazJ%d_}7IV+_S>086p03!f|?cZ7TRdY6)Wdg$sN(B}QRdG{^GgN-8M%B!6`MnO zK>T}58deOxK@wkz_%*f)A8L{R>yGUd?OH$hn<{`r zYt7!z>#v^H1FgKW0}Vx8J|fp3AtInLOdHBEO<4lfCcRe!NNBY?6JJnUF8duKQ{!ZH zD;27D!_=D%wI25w;7rl`%?Plu2UTMBEQ`$+b?$X%)k8Xp85CM;R0Pn?CvBNo@OKp8 zxe@b>|Lod!Kre7>D-ef^%+^GMieM`(r*ugQ1~Pe>dF>%YR=an{_vcuiTsd(zblf=6 zv_U#v)7*eJ4Okw{vcUgp3uIv|gIfg~@bmWk>bg4guu?{8sm!o#>!Ya&7|f>7o<82X zO_s&E;F3Z?8Gq{-`WDm86)fX-@az;~@oYD1CN_$=_y()677a?f1 z{M&f-<#k7ICd?6aq&3 z>&6MKjkQs+zNt5HUV68NW*Ivs;ZdiVP1arpXBb@ zm?(#ul~h76V8NN;DEc@- zu@(rFZMrCI_cyh;D{RzB7hYt8SA9kc$4wl{2s3!C)KUT{wyrz9v3-aFU^R`x(zt_O zih>x`9~{Tkn6a$9p7za5h#Lp296m}eaUeEmL$~vsOlfg5!e}r5u88Am0{{7BN{c5= zExQ%b^Wxc@0itu)1TSW*Sdz6c-85Ir(HiB9N7A(0bYFYL@oec#)Kje1V%w;+9Ouko zllg?){MG&Dvt#)8XEzOQoQ~an%UJ%R5P8mGRMR%{6I`-lZ1_{{TBtk+<{l<7_NBRe zr35y#Si2i;Sq@c1QeoOQ$Gfh=oW;$W z)LJW*GQ~4<$+>q9 z#o?06g_L}X1<8$Z3wwwPAtj0V3^PcM^`%u+T^p*a(QK(Q+XbUE0!qAjsnV-7u)m>$}lPu?;7x(epLWkfbkZGh3qB@|%Xb zz~i0>z;XA62wf>MFT}lCkQt0lZ(NZvLvtrfvUk8%WJ;3+IGb6~Vavs{sDNTDfS!*1 z$#OR15yt{dLs#xkjS8hx&;R@IZ-4w{eDwL@p;65LHbG_m=<}mr>>qzTIyyZ3;p^95 zUSFR7$d7*cAuH2c{Ogy)AK3YifsGs;eZH>b*J9gvrpBTe<9c~P6yC^1Y!uaVW8v)+ zpkH`Cqsl!~^9NN?StiJ4$AR;gYlE)rk6C4^24h$@_ZQI)6Y~af>{^&_?xw}CYADwe zAx}%S5C#8vCn420wbpK`3IljGpZee0dJ^kyEhwDU+6Pd>`Vdgx>Bw2CEc;qP#>j0H z93YaPN^&!$l1F-IH(=Vi5qc8OS~Gk@@_W5GbtN#apc0|of!a)8YO@y&4|msQM~gLao<&r$G0!A}EQP!7Oj|;pe4+29 zC$?A*^}utX$)2CTa9rsNMhjMS@upqW@piZ9)-ptOAFs*}K#~5imN3yHWQd$f zc`u62lQd+r-q;3jYM#bbVPgfA#r{Z34xPVuNvWcgtmr${gP65# za1gV$KYC==kIed!S>yA_tb3k+HD=wf$$-9eEpA!Xjd>WZ(X6&Oh^ynT+Z9^fEEx7G z&BjDyn!I0VG-E8b2IWToX=?|@ueu%_L$jDTxDZH7tp$00V-s-NwW}8_FIYqsi=Tty zwrW4-nN*Cnq6&muPCXaXUM{7<7g7+j=$9`-E}oksdQZ^0hh_}i-bYJ?ytJ)f7b|laO3>~bJT1&s1ml`Hq=&rHr#%7 z&^hxi%FcMASn;;Z^mViCMF-LCm|EaMcQ7)D77VPI1$JcODh&oQ&&W&46Bd&WwdJae zBF16^o5zkYCdh<2#${2bNR^1var<1%NSR4y0*#Oox*5&6GE@G%^~VE`x<28Fps_sG zRMG!8PWX&P%P3*Tzt?}}3o5&DzB<=YXrB0%#k|nWV{4IRrM)WHtA{RL1Q&G!ZhUk3GQwIg1fr}cL)xPdvJFN!QI{6-EDDS-2L+Y z>R;b?>u%L~rnmRh?5XYPneC^K=w3=_oMt?Tn*Q@AJ+3SU*#QZwR|z3nEnzk`CD4eZ z2w^=O{<5V0m+NfrL3S{3C!O&$W5wxVS-?zXmSf9zR&%Yr)@pgN46v)8%`o;}=JS!E z0@7zH5N9m~U1q9)-7sCQT{g~?8m76yHG;qTK9Sox`#pDpB^aRg4Ngc@0pwHW8o2*U zBmF?RdeVTvMV>8NZ_1qDmg#tUk-Dcrj+}PDHs0 zZ4b7lk4x0(%&=Shk3YK4XOHHiA2HvW0o{S1m~cv*a6ZEtfs@D_eDfUsXgO#s#9!ud zB=R~Ey@w#;(2=U5ZEivCtwUaVa=P?UA8)FQ%`F(V$?#re_(DH>geTpTZE>=juZ)Em zX((Oh6YrbLy)=rhu!4eW3P;USAbV#^=fKR*s2~kHIUr1@>-Y+t6Y!MY@Ui<}$W)G| z!CiOVU#Iv8`^@z;Z}Ed&*GpZ;e@n{Xnud@8hpv}4Gdew#d9D8Gq5$xMum_0a+!d4A zWrJ-%p`e@Kr4Qj#P7d9CF`ZF)Hf%?6DtUpRdmH~2VuNfkIa8wBjEZ;Y@A2goO1;Uu zCH#~-5l0;EfxsS{X>yZ04#bg!m$@VKk{JzBZU%W9XYNBhS2a7bfR*~EJBpcINbVjm zf-W<#8Izsc`>T_z8#$d)EEXnUX`n>evcV-p>^96PlNWIZGZMdoHdn!}`6bXpm(ylQ zKbO1F!K3`tNDTgRh^UFeFrN{l$S<-pBvRmCD;;7esc4$#UJabPsP3o}0?w^Squite z!;jWpy>vF$X}o<%aWz)31W@_`Hc^*mHs49jvj_5pQ@vibBLb{yFcG9H`$LTE0a(Ng zZXcqt(ejIarqB-3LOi&T1T^J?6l$ET$H+$4`Bt2P>KULO0PYo89*?XyS#7I98~FJ5 zvo8@co?grwoMbGC>Ceo@GEc?G$>QpuxPvhKyi5gA`i3q%wAh7q!tp1>Tus!^*(7I8 zKRUA~SiX;Em$%Q4kNoH1uT(o9AA6E^85KT(f(`HD$KgRgta@3la(|uOjG51B;{ND0 zP45A6g=NdmoMMf$xKEhOb#_cH@aJn+G_$2lw6IP*n5*e$Qy6~3e;$)bB`M3z$jDnn zF+>(=-0R=&0rw5;s`USztE(#{_jFv=x|gZ?&KfUwvREC`j)G)kr$|!&JX|Tf$wJ-~ zak@!Y3q#t;$%HgKPI=W@WANOoxRsEyPrA3-sjL7w3W2<0E8+WXJ z`DcT}Z_!mpU#$briLIv}x7^`kQ>_Ki=UhRWEL*7o-Ykx*u=>#V*Hzm0UH@%Ww0^|U zYOLT_ZElCtkZr8hvwS~qKlsKgyWuFV8Hq>zH&h_rfDnkqsVM_*{K`ylAnrLB+e+ddAYSU#6#BjM~@J?LNv9hyWFM?M9{)QWn!s z*0NBV!(hYLKz#?y-L(rN0w6mkt{`G060*U*N-2d>UaYJ<=JHdTHj!7HLbc}c7S{*U z);Xljb01Y3zF%&k1}Jwr`r)CR9?-v?ZIfwQ9B=ovbWgvFeS56BN?e|iOw7+e$$fp(=qOkM>u1-DAK}`Bm0m=nllefQOLF;ePfVS3KfuP0D`dgx zfHiuV?=39AD;Z4`MlI5B;IM2HrrbV{g-O;}(3H__ly;7<^BOyclb~Q2FpR*-0#|0y z{o+GG1HS^J%)m$Cl!K#iBu7%n;aiinL@)F?$Q~JU;&dav?*|NG)lCW!Q&h#(qTm4M zHI^S@67@!;PC}yMjKYht#D=8V_BG~^uHCvwb$N}R;vXMV8{91`I+~5;>l-_lB7*55 zWn0)_zJx%B>CzMNG33Z+XESNFZ;z7vXKK|bD;iu(&*FEi!8r@vJnrEEVHz5E@>v~t za^;q-zV{^+k`G@*a%HqXr&QrTcgEl}B^2Q`CD8uBjCY3r)ccNu&D-8`xQc4Dg-=B) z*vKnyCo$Fb7m8y+cIw(N)24~QZD;G)v>jC_!nCIFP~aNVS@dnm93I8CHy|1cwrRVk z>D?!J&Rw`h54p&b$ZyVY=4(e$1#ul!bMfF7(J81Bxrh?~X5K>}EABVXXP$QW*C52k zb^^UX_Zoh->3}oU>cK}I4O(3HMt{AH9SC2(Z666=X2ft5e&)`;V{62xPIduR4O-ubljQg=L@;=vjNAN$|5xYOxc z#|M~m&4dC)rg&_B)50(Uv4d|ye3HzzlvK@lS}MJAG}t{ z9WawgOqdIZ@wqcO`-IH({+Rm=u( z)kD#k$LC?L(*w*ezC4q?E8`2=bl)B(xE1J3DkI#AWPkl15N;wiKH%*}d!7FJXf=os zZr~~Z*AV%i;@OvC94cJ<4{_NgyFL8EUqfZ5IRy&mi|o3Z5=zbUNNlgz6Bu>K`0RQ? z`3WIXX)2~vh~@4^og8PUlZ2qzOm58>k-df@`L*~uLdluN3?Ga=s0OS~)b{X??S~&e zV^oUi4EEI`!`5)wXDYFJnQ2l8gRJMWA*fLow9ft>Ky;HPmmC)EM3NN zyG>eo%n=r+buw5wmn&{rEIem3pD#)BF zadjQeIePyZ>so6hArqh8@t+AAojhXyr~`RS7MLj=#oUm|3=|8v`$* zcLvK{f8-(7#(%(DGWWhW0JR*2?UMW-FlG$6WWsS)h^$GMwIEu3t4CeKalVgl{_8}d zd|9Cz9e$!D33&hZJ>VVnQM$9%F_%Ne=o9j_TN&cDn|I+yRV|d$yFubv&qwNk!s_R5 zX-2oqnLdY$P7H0^)B$52sozfu2;m9f%5~LHKSyIQ(5SX_e@b^#VwxzNRwl@9(A5qo z8I3s#1@7oU^?SmFI-_|I!*=hZ=i?l5NmJM-v+Qy=viM4qU67LnOFqI_g-ltw_>8I+ zamcf~=2`VYsW!*{J1=YL({Q?LZSvWs5KjW6k9b-jnkU#Y2=-+&ogfF%-|44Zh1)nr z2QA5Ra^jlFnaOdU=WKKu=d8M zttRyJXjI>X&{UaH_XK&op5~~c}qg+l{g)cBl)ctK0)_tHgJMTFjDOdDfVM1 zIVJKTn6^JsB?!79yJ*FZB)+g5zc`g%6qCv>Av{f~-XoA8FVCy-obvJ8=MsP2<+h3N zv~#H$WwSu1jVp(u!=W!%J^6~LwKF9#3RNRx-K`j@i z9$NZv%Q8ECuXq#)vJfm@LNVLwXFg|UK;Q&jqA;~pS$z@6#rwl&<$&=S2F80giX8Y<=yq2 z$IH{$tyzEYH}@{Rdt#Wg>zuP5i=0chrmaCUg%O=%oh_?Oj9lD2e#pucu{)3I@-D{9 zI?h&>9U0wTB|FL{6`Wje|2cu?6GnzK&%$Chj>0`Yht6>s70?Qwl8ar(YPDMsT$hCz zlmRToI$qBU4IZyW(GXfu0k428wTiP=`%1H{l9c)-IK9iwjg{v1PY2S!%)>r&^QuJ3 zjXw`{>iJa6PWs9IO;cnsVyk0?dbZZjW{EVRX`R|M1;*+RxWD2G$;^X?SeZ!3m3IvJ z{BsV*Cp}d-k0WdF{=r&!z*xwrGPPD^dgp{qz&*gJd;SZ7G`wB+1}TkEik0FB64Czv zRtdiS^mka!AF&%1>)Tw5%a*w`$HP+7)53+T@ya9E_NMaHTJFr%4Tw@=$4NW|D~sM5 znCKGns*&^^evs0udvK(=N|Tp`8HS2nmZ*EZFF%0IK@ONAziR%&E?Tk0sW$I-H19m` zqAhEZSjqvS1e@5^%hHW6`k(g80t2%HM~z{7!P5f0>Pl=HNJv6K%9fCqKG5*KACVq$ zw~59XrU4o4te_^F1SxWu(xt*NlUSFzcphv0lBDc74l zn4YeV>$DLS81!-^FuP=n>5M%}n39R&dM2hg@%lZErd%vMB*s4oJR}!A-6>tI0}PbK zcH8Sc<-`_b3KKkeB(N*@lm7OXu@0rO%J&hCwX&Zqi&|rdE}lbJ=AOEvI=OT(t_h&)-Z7rxN7)u z1)fYdxILh}Bb_vS`dw#Eubkqk+1v_-JmlFq;lOEV!9{$2pgMZ*>%}beiu3{S_TG5A z++!y3`|bS}HvE+a_jzwP*Y9}{*YIQK=_?!)@b-kd|5OF*Ad|;2`RV9=*0cos7?32K zq5#9|!>{ky$zUF0+$w*_9&PHiP$#M5*Up>sap2+QJpc@_?l>o|Z;nx+ZAl4rk*7#! zFO{QruwFmSA2q!}pKPhG#K`#lpui3;Fm(6Aybb&N_9@?nX_scdK}n~m+KxQ1IMfte z@gaU3WUatODb(`{8kPL~c!bL4FB1OyLj@r7ar@1q>R`(%BaZet8IH-g|H}I?hZQ~3 z4+F`6rd19jMG;3%4mpU0-UFka=;c_#(b={NR!yUIG>uEuH|27d!`D>MGdw$ON&9sK z?JL9L$ofriLw7Kzb{7ZRdHiMR>&NxmV(kPmNO1`B(^1~^Lu$Y5%C0PI#@^1$BTi)kQ?1#q56qEo1moT z_r@V>=^~hTId&v`*^U`jYcpLCqMu_qrUnr=Y)uALXf6kki`^X*p}_NzZUC2sC0PA@0tTSEOj?opU2Up7hFb2Y1_o%Ws$olWLa z@ym{BZ!pvSznC+(+Y8^J4YLupOoZU|K5SjxNzwM0N{Iu4EE(Z^b2kCs#Tx8YRg)zo z1+kM!4Z1Rx%8;xeHgt*FsXzMuN5O0~EmFo}Kzl9w7N8Up)MsG@VWPY-20_1}7!Ysg zX2Bn-S)+ajWVf3px^QZ<9M#y;%h=-9Ae>;O16QRf`NQwIf+f)htDZ20h_)+jMnK1D zl3afu6mISf0g0Z5K_C5j91~-`gUY>PO&Uy*GK?l&zFAq?S*GsDR8yU+ucr})r!hvb zL_cY~{F1i1Z;Zl*uUSakEx_UWO;>$FrHU1jRh5*bN)w<%4MSI#*5r6>5tucXL{+S2 z7oP6kp<%ARFu)MFY`y64exJ$>1#tIsV_^W|)rE9m?|Q2f8P{zCsQ9Ipcuh}G{|1;8+*6OG|MKHGR|%~21kn5-Ds@gRnwp)b z%b}xNW$|?Rx{-2K@%ek+3-)P+$rE(KMBDjvk5){xdqgcahcPv8&94s+uN&41FIB$^ z3AA1IrUE)}AKzac0HCB_x#x_XjjxZdak&pQVQ$@mdFvT0mUMV$e~@Dx@*4eg_U1G0 z5X*9w67GIOBaFf0j)iv|uDHCg3%z8}kqEMFrM+e@ZFsd2+ekqwZreyWr!>#Qp@xMn z@#dr(q_0~NV(%|smx!b)dkF{+0kFJqA47Y_Q|8r;L0W$F4y)BPLwLv;!*FoJFnx9=rW=TqqDnuWeo zx_y^Y7w~&h>wzOxd&u_hjYfRJQBZHIJ^R2)%85O6{`{EZf~adXK3{PWL-Mn=OpNqc ziGP~2rF|snphoP>Ii%k&O5Jw1CV4|nS1!2@PLI`p+9o5;>*x>#QUx)33rD@YH*tzZ zx!$~j65Q|)P3NRQC!GnVVX(t&1tkdeC2F{s5m@ z;_p5#M^$1o;~2EwLx&@FOlj7dOq+Dx&r{da4u8BqSkjKf+S+`xoE3weFCAxy^D?%` za-Q|c(*Y)Fk0!JC)q`lpp3EAa%wHQxLY~ZQ&uG-oXavusD9@x2&nyp5ET>N_z$ccu zCzhcnmbNFBswb9zPb?`fTKP+y_*bUdmS)i% zl5nR-ZaSdg;lufCQ}giZ*E4Q~80j*g?3{nyJ*>bd6>qIsY`Tm6rOAv$#0V?&&N~~y z>8&jWJpRB5W;`qf=2npqD&(QV7jMA=5AyibwE&C@;s%~DK-n(S(X?b?mLa}AKZ)+v zfiRRuzc6z`a~i{F!Yh5`;*7klOPq(3np`9ZTbc?i6mpyG;uJew45UCs zYatBKaB{p_JUrmU=+~YTWfsQgajjOEkTnYhUK$GLqMV`Xn!9P`^Po{e=4n_o-`=<; z-|;t&b`bxl%*3rv3|_pXb$W2o9p*yqXs(O{hN{xPg7YKw@om5~PqKH;v490JzxDB4 zh1mVYy+HKX$uYuhg4FlG8-bqQ+=p#uA#j+4#I!*2iv70K$1*1>JQavL*2jg1DE8gj zJs{UD73%!qJEyME0@MxO$X=KXNps)7XTh1F0PFZd5F`}g;ES<%zA;~1^SQAm@o*#u zL$I?8GFh;5up6jcV3!c$fgKa-o6sy zjyAE?ZK*(EUab4!Vg96+*MkOr+*Jlzzh*;#FUNQ8&nIV1w~6i)Yy3QjlkO9;Q@>>vP3Sxf@Zt?JPwQa4^GtHHTr4L{8i zz+-SnjGe*X<82g=tYFyb{S3ORll$(z<-UlL&e^irHEQ-Ew{fKxVQ<0EU0VGs4ST5x zR-VJTEOnIAg1)aTlx&bHn@TR;r$45X*YEw*@6#8qVm0Ko{|cMgaL4exN7tR_b`us+ z;@Rf{v!lg5gt^-nIKU@{f@O{fE^yAE@VIvHFjr^w{h*8Q>2!2<_HO!IfgKVHC1K{J zpn1K$Pcu`n8HUR{c=YAPdp@mOqAhis7K1{BA)>6vyu^$inA#!{{M@;^l|1J$ zM0#gLY9~?M&m=H%cI-EL@pXLZ_kRJ#y{reGq7wRy665=h3Zjp%pHYptwZUVIIFNRC zW8SpqjbEkZZwa2?mjG=A4Sk90Hw08tb*2l`YS zh&Bh0Zp=_k0yPH#jD~*Paa%up+hvW$w*XC9h=c#gEpV3wUcv9SbL3uBt4I}tL!`>s z&wdQTc>K<7?J_SHl3a*pYJ5%9nPB)?qu{M|y?wH!9C$lw4nIXhNX3&|kqYZ1Bz@AZ z!7}D`E&PZ1m_G-nRQ?rq;Pd7=B(nE>w1UMH(sv`ZyMoy@Eq&!bzL&dxkt^4Mdd5!Z zGJ?x-T9{a?4Op4uR68!dy{mw;Gp`_wexs`e#Q|!jnQ|?xh1;SpI5{TtZ*44?L$MuD zgt)&uITm={R@*%b4Enknx^`ec-p`KADV>Y#=u(Bc9gNu5HZ@h4SZ0qg=ekll`_E+s zF8cQQzv(xa;K+^PuX!x6f4KyB(eH=Ac$KWf;J~y}Ey_&8lwKtkoBPOc`}B>wL|rGX zY>ZLT&Fa}n*b33WXWEQA*e(b|87+nGNt}Y#l{Nka$L3P2PL&#D(Ec%n0ND`#YCr2) zaY@+j@(2+;mf}3x+qrPJH_)br(r1AEN8;5nnF4ZqlH8^XTU>BY2)a7XsH5*+TD6tz z+0hp-CtZMe?Jm0F(>wk z_^)T1rt5*s0rH#f<4|c!Ig+{oY*+@byW;72V?>Jd0GHydZs=?JA!X)?(X+(v<9}ZD zcXktAs-f$_J$8f}MR4|$pB>{M(Up+-;Igm9Uz`+b7)JW?IM!t5=1FI(7f#g@K1niu zY?F+up)*C(|9B+zlRQVSR&oyIIr7ut;Ib4s6@D4WMVjpr7?oj-{4SmH{1a2%oevvn zC|#+^Qu8UA%^gp<$rcV-46}6b#k{W4vT_zxLb%OfMDkm_M=x`1cyx+av@__N#uUn5 zYF4j27QfpiA6B!lL|Hqf-=fggNPTtxBE2=*mD(rEcKm5m3CgEw=u-iYT{(>6G%5fQ z0~J1*GI$!}_^Pv~eC4XvekfE47{YiYOrJoALSjsGhtLUEb5gYhmuUc{>KG3$xK-Y+if=D&9uTu9o`_l{2d{x^4s{C zFxzylK#H#-7F_l8EIw6I;cBX~@d%u1(dkR-J?Cf&Ddekw}wQB04Luy%DxQY(WM2Q73-ta36sNIh(yoW@+@) z4Rtx!#>*~kJ4>8_OY^fSkA{l!AL6fv1v(!SOSHoU#&RW2is`k1%_Ru&K|I8TzxanX zrkLlNe|H=sJTfTn(ed%I!UjmqOejO9Xm2$2TOzB{==#TpwqcU{YnYMuz}$yV=W z=O@wUZ#M2Er)*f#@ZP)4GtMdxu5K#MHl;miy>uJ@(W&$@rqQaYyne#tOYsniq zzwv)3mPZmiE8R+X{wwVZbt_T4nn@>lO{lv= zsGGN#?jMJt{HrRZuPi2C)GGbPaODS~M&WWPz#2c<4C8~=0)W#~W~ay4`B|LRDUxId za#IXKg}e+hyXuG{({qo>-ydVVP6CGgd3;Pe8`gFj#B?b2^2rigt-4CpYZW6Zs{6w~ zVB$1Lm^zy5`%02RmQ{4x>D%!IB-?qXg(RT=0I%Q+D8Im0ulVaz?=Jw)Dn1P|oFFPUah%BBG{qQMUJb6DvQ&778(OvB+&~!sa7HFDYec;N*;{qZ>zNKMk+26Wegi!_mo=`=MMX}s=k$#ed=y& zsS9r4Tn=JidXfw@JDJ&JmG{oRY#T*?ONC|9IGYjRnjzjZZFNfZ&~D@!+B0w6E#zCF z#@f5MZqRELtV*F@-?M3DBlqf+oD_X?Y}UhXmvIm4|N6?^->pvkdQ6%Z(FTClJroBN zP6bXq>i&wm2*$Fzb?e{&Z$bJ$(|Cf%FU3+^80EyS)|f;CJ)&CAOSZ}dtI>u=%8CX; z#KtZi-}fw|`_`mR1^dxc6KAkR8rhGGN7vbloWqcRD#>w~%KeRBusYl?I^6?FH+#ghx!#^Mq1`NnyH9Z;A2acgCl#`{<#XBdH+wl zh3$NsCNGy`vc1L8;e7V% zecgGhgrqL-sku|{mzT8%#JLwG0jdQBeX77{;gu(VOwBbcq2Dl|cgV04*Y>SdqUq=uMSO4`8!319+lz^VzR*t*q2pTp!0PSUxB3Nn#SsD&3?63;xh z1t%s=Ljs8mQ1kzflaXRr^QG84IQa54zm5ylE!WfCdbXg zR%gZQLLBS42C;>Uk0QmF0TQvr(~pXof^K6h^1uX=$IC}D9RazpS1U*EcjAIhlamWH zz1S`3HH;z)+3=h$(EDZyi%&R)+&bAQBe8@nMd}f=$S{s zKYQNfN>r}t4=6SvzlCRPBu-yZ7Xwml6`ezuUJ$dN$F@oclANB>8s(UYD;A?w)gt8ce8K;R1Ae-s$@P66yiWb1eXlJHeLtSAj|{(_g{gi#AN#k{ z!tc9ZEU*yuU!{ygKb|gE-Ls(AA7kHSV@Qh~iV>?)2P>2qnlGH@rHUjO0R{KXnR_RO zF~!4@AmV|BhE9`*C1pD3<+-dOD@teTWUB-Dv!)kIwsh~G>=#n3dH5EW9GGaqyqzD2 zHO$u;s4r({>4{3I&^Rb+*4ak9iFm$}||mwt+IsF@%Bz|qFy zec{i5Bb|@zBKY(K!#~^PTv4AE7x1GvnW0@DI80tR8kYFF7PFO!w)otLHJNolzNrrqUFS3qflowHISjkoU3!Y zf;wt#OH`1P+?MW3{-`=Xake+x|Bni`MS&dMRXJ=+vB7WuF@B1TyG`AC{VW+=B1KU4 zI%lTGwUM1IR$@07{v%lJxtNVsMY*YwOm}q}x!<7Ozx)F2Mv-cecX6D?)SBAcy1Pd4 zcdxJIThnjU#s*!glGya!V-f`4tFrvn#^IF<)wiZu`_0PE=AEorkHzJRqBf=Zxxoup zT~vci8Lzdi3g!feWvTbO#g9*RX!w)v&rDFKxdh7&eB>jFZxeGh=Yhd-j>YGp!bT0B z4t*|w^YD0zV+Ui3+09B=iU8$5P?u2KdCW0lU3<9(gsg1s{&-+3}FY>tN&+8-_4tLhJMrHk804N(B(LXYq zy$n2Xc1Uzz4s@auV?W<jDvQ!nZxqJVic<7h?LrtZHH<90?FXsL8`SnkR!u?GsH%;oeaL^PbF zRlC{Fg*sp(B|1=B%2st>6V}Ulq zK|k5#5qs}X;hw;R=o=;$l_%`AoC=6OqOc&o^Topx3^SG;ZDpCz*IpxA`9ErN^bU>kDW9tD4l+-^i%EB@ zOwxP};!~;ZD8>`y)Yey@?9}unbL&drS_fk!J{&}{R~c7G{m-cw6>H0#rg^JSfjsgY zjtgCeO_|$>V*b%}6$T_5O9cYX77nloD;`w!_u#`w2-QlSkbVQ#AQ10f&zjjbLZ~X9 zHKj3*7_x0!nrK=-a!65%KukL6Z7`EHF4(U0V$F#T-SA*cFB3*J?__?cdOY@g8b=X9 zXsKX6!VUz@M*LI?j5U7|kvZcN4I2^Uj*LhI(~2p5Nj72wJt?LNa(>|-d^%U0x6nUc z03V$?b`kQjv`(Il9wP`0605pcRXsqkPpB!w$PQhR-8|#HCcamL@#tGm6y!!>ogVNC z?;-3v>`B{fN|}#kSR5zI}G-A#BP)ytuWCmU_AL6o&NPA2C+Ig4rbAK+*$?V9(+aXRs3; zBP@9K=be`PRwHjq)_**49@6M-GoJ@O%2?S##m3rUL%Y4?|wv>N0CwIXzjgATYnU z?ck-HW;NT}ywT?@$qrt^+9)H{xvBw1{s|6f_KifVQ&YR&Y9GQxS-o>&>h%zRgz}aXU*EEm_}v| zS*}-_yIEKJ5NtWxbdRheTR5E6=hg=|7U!d>P?+LjvM?Oi#RVf;L@H>l+cNf~Ys!Lj zKV21$*2*wIXhTCYu3q#TeX4nw7n9Snzx;o?85)S?!22F{v68^MpGP|m=fLfCpj|9O z{`w;90VKAUt}|!4Gnbk(uus54#TkHI>@~$-XQli`qWvOv4f$ecCX+@@U%0W<7XOWK z&-lMsN4-R1{u7XjY%`d40_{^xv7(0U*-CagXe5^nRI9%0D;$#4fos-pfk-x< zo7-ukJex~6xpfX70Lmja4}k$e2M+E*vQrO8r`GoGXsS7LUOFGc7;MUummk&l401*U%F+Uy>6P`Uj>nNx)7teA%)h1?TySAlW2mxyrO?@ZCq$qcQ}}qCF#*^M z3>$S14LwC{QBiAi6myCWF^15&JT{mpe{@P?RY8>1w#s;BWz)&&s`g{HP-U@iIV?W| zeD8~!wSJ0Np9_cJ@pzLFQ=}-n=&ynLWOQ<8>wBLsS1+z>C1d`xD(H^19|F;PzDH}4 zJbz+|Fl`A$<-w*>77suZW4J}infX32JGwJjF#*4a(!J4UL( zn-C2vZft7Xb+5V2Fer{&`4gK2#QY)^n8YCYZO2Vv^*Hz2Yzw5;cb^k@%MriYo0Ns7 zoMig9`Zw8llbtvhubsB0;$D{(Df{@#Pe_utvpFvNR0QULgA=m6|J-EI4pMyns?;@& zJLmU&UY8 z(;BjcVaOrH*W#M**ubEG9Oo%OVxYi$OpGtV*J@gqfKnaWgm;9&VSbA0r*?yR*4SI} zz6i+=FpJcF7+&b9dnd}>U@U`4f$dqsvutUfbr5L**f%~uU8k97aY9=2ow6V>B)VG4 zqbqEp%3Ly75Ja(BYJh2`v+AxAem7-+gG)hohe=^{d(+ZFV`zqe?cGI04;+O3KG4Z~ zdT|4TT-xo+j7OKU_dGNLbqQS$IVWx822qchMtq5pMvRe`-2?JS>H#GkxQ~FMj#s&) zf7bj}uuk#W5F&wME-hUCY!H;I zq3b%i_h~vVC^7^2AX~IeAJ%3rbm?BSG5LIMrpJD<`fHd3O%W*kiYL)&Z1P?KR%a0w zIdx)Z(&&58M#Ns(@pRNGTKNI1kv;&sas$aII&?QhVFv$`PnfiulE;Fqdq7M^lk)t@ps7;nU#0*OMKKqssN3O}Q3t`#X$ly)u z@!nYoX7IUjGk0ErRUwlgOm&~d8{KWLd>J)(5lI6h{cAV*kVgkZ$>(-e=Q6!*bqI1!Dlyg&^8~auHT6#H$i%(D%Er9`zK%ir-zYyXFepDs zpVztlC=&cwoLy3TKuBLd>Ql;>aG|GV$0Ng<)3ESsLDb(0rSWw~WYm61$1SLh45(ZBr|Xk_z`9 zGwrBG;d>hp>yQgi4ZzqnYs?!I(UnKx{!k=Q5dl%IEhgQm>Z4>6RqL868q+P#m1K`spguJ+U2L_jWAS(s9yM{ zkYkG-XMb_yEH>r&boh5^JF~QEpADhE{v-iwIufAAp|qD21L)6gf!Y~qV1w96i>aVO8)$|{+=f7kkhVixM=)FG=y3jQGAU# zF7=I>gn!AbcbuZ_x2_M)s!Xx?&}rkyi(Y1zjz(VTE`d6g)%SrW73X+6@j1H% z{e2DHDxf)IB2fRhJG>eNiAzrm+3g#Rj?YS2fde>5bky@a9{hH$QKS>YN9_ zn|$ja$$E;~;!r4qlnlFA(T5!mGSB2E8U8^l8$^)0;Bu}uv_fSDy1Yf4|FI!-cix|! zfSK;uh?XMUGw(w(&-SDU?I-%o-sAs#jQH*%rriq_-bk|lNRFu5q17aSCz5N&OJ0GL z`EB@O4mM=?&)#1itX1b$(6?$AJ!~3|fPh)c!Qb6A#}W*T_yX#(D}{ns_E%el{4$Xt&9lOF{>u9=nhB4 zAQ53K?1nfhPf%oMXsC~o7Sbjmy{N5UBG?>u0<9$;b}-d=*6}ap4|m7lE^PLFJi2rE z^)@jF^&GyVO)C7OEkJRpukT=XaW)a#igB@5!!4mndQA612+O(yd+}L-{I^$d7FyT)>QqCKpu$bCXT_ns-U&t(+Fw|^n`@H-l;&570kA?wA)r3L)A5?xd+~FVM zSigOBJHS7n=>`f?u88>xKg7wrwa~9NFd^wY>O;vDWJszz<^m8uT|Wb@^?No9W$dRseFee>eBQ{f^*dL|}!i*}hpk&0Dtf%YK+>xOyNl07gsimG|dH*|GR~+9M zWD)PgIsTO`3QrUI)NLZ=&;=VWVhN$-U`*lKHYdgCCHa?bypOXy4ZRJHJ=*lpJ5ZPN z^ua!D&l&xp*%a(yu{Xe^Y&ks@=;hGAa;N%Oi!@45KdbAGNO5D>sC(}hsvQqJy-rJ> ziCk3CV369fzgNSELO>?SZM>`!4ZQeHbZnpsIv?BT?Ath~R&5EZ;6Sx+`wBXmbIB6QUtlih5TKJA=RaGs_vdE`=@)KAM1rAxcVQ0aZDCHp8UIG>cFc%0;- zJPeSNL^b8|l1iKnC-z}p4ISe3kKNRLM5l9hAlX7CCU?HH2R>fz`eX z*$RjO3P+iMy4o(UqF)gpZ15D3AjiNL57;xevA0M&Vn>e zd~wuwiR*P8*Y!-&LnC^7-m7>Dn+FMAXu@+Rag$~m($s=Np`^rTjkNNe5c(f7fejXz zO4$twSbfMjyT@srU|ien85M0i-w}Wn>IJ4Uf%# zNI!3?PWvZdD5*fm$mIWTPP!x;p$1@p$Qr+7lWIk5$Qutt*7?=2{hFmlsL$^!VqdyH zq-zhj|GE6nJgUD16{-FSb2?xB!xpGv33K6W&ozHlhTH|W3!yra{8KTmR3HpwdSu~S zS9HFja&eq$L-cIPaMw#h#hAFZ97LI#;vyOMjnA0KaCO!Hr+GrxtvKQDpL#0| z%E;bW=A}}ad08ooSYojj@;%JCvmj=$nh}t#%r=DxXX!!Coaw*3!>Ab2g8OfzRYPH3@HD zy6Vkl!U0>6WJ5iYMH8hYA7gLnn}oY7Rr}pShghBe*VsY)30N#%G`TjMPXjOR`x++u zE89``%*796;TtcN>hSM4y?)u}`CVGX*jZdjFDZ;*HbIB9kT%m%bR_AaRVbs_3QL9Q z<>g{?w7(X%UPEa>*19~|-z``%Gvw^z3;m%#N7oSRJVbm=M@hIFJOOnHO)Tx_1ndWK9m=QP!=BM!T4kdPL%MUV;(+ULO z+tLs6$O57d;XUt0{Ema7hGgsA&j-LT5HN$*O2_G*hNWa~TX`k98E7Fx84BW&_tIyN zUl=D%pwal$Zt)dc4DS2U(v7R-2zB?d1VpXqkc3ac+$NAH6n|vDd`pMHEoNUq0_(*a zlWavV2Oc^-mHCm8F<3C=#uYB5dpR{o+#2JT=1WC{o9PhadwKV-uID$ibsrkDvJ&TP zeZj_$$_JeRheEO)GACkR@?KU|*46-&Tj;yTZ6-Fueb>Jm2$(xKtA zN7`++*v9TAyHml!#em5RMvg$0|NHMB$FZbZEj(@n{2(&;Nr$Vv=Uro~=C@=Jhq8Fe zm$&JO(yz;5McK7yPQ8XrEEmT*7&kS~*R4?b=QVZXiv?aotmA=N6N$oJbwQ~51m!~D zSjUm$>tzSM=Bm0_ef`wD7RjJEWn1jT#Df}1T53-R)FBlMvkk?wQF^LqZO7+C3~5JI zopSK94;GvQ06v%-4fw;OUE(GH14uTTXI$<;A>jQ+F^Qb*qoOz$C_z~Ziviv;JgxOJ z`vKRrwdLI^g*C(doQ6p%i6ujk15jMNPxQMU(d_so;|J?|i!7JtSY1{?^vJ{Pv)>Uz zGPmVhfvJIiwbK-agu0|gNdMuy z$nnU0!WCJQR7PQyx;5danZp(bup&B=qeXJ)F@oD>mt*fy9?8nePOYA#GJqvcp4K>K zjtGu5Wn2D7hf@vE@pm=6{CL4f^@!7?>}2f@Mek?EAz~4%_mB5% zpUy0A-RG%pSjR}bL%dPAs^9sy23`8=jU)a(HGDj(aOr`x*B|v-Eb-u;C4c^e&EwpuAsgqYR1_$PX#B(Uu z|DP8L*$QA{_A=+eOYPe%I`#gSH_lYp%8L!JVs-{@df|E}(yNxvMeT{4gEv)dFniva zO3+Ch@}lStMam)Y&-UP`y?U=m4;;jhIXw4<&U5Fcq8<%< zj9P&z1L1UB#6f~wrqRAkgoSb02>Ac6D8t+pV}{?^mf<8n5@9J3bF-Z%HJURm zqsV-j51%tCnPBYi0|-0q^!i2TjJATB6(8dQn-#Af;DJIm2LT&jwNWo%Q_6`0WIO*} zdgv5v+ay@Ej4A7C8Cz)!?lu`diILbSTZ%(KuZ{l`-y0-xJ)NgmzvV)SzA1j$YrZd zg$1pPJDfuzI~0zh{zAP2#XG>$Rjd`9K%X``Mn7U3EaI0vqi#3QYPCP0Wffbv#& zm36s&`q&iSIiqWmokCf&^$3Jr-ix?M&@3qB9}tV?cOu6WTXB!vLRZ~SHQRzEkN z7+)?T;XuwY?zgSj8~jF$mq}|zlvX3E+U+iPULDM@{XK}wFSLh`2|%M;N{xBMI6`0D zD#^cLFa7z zq(`e`zGFUTm3E0`5Ns>zuh7<2HIiThDFO15LP*9+%oZ_JpE8v*kF=y+c`g%TzJ_$L zg=3TpGyJ&(#s!qmErSWK#fw!FQO%Nv(G+9>+d^gyG*W;<6Se5_6ZqD0H9<1(RP6f- zTYQd!R#){}6QOOTN#Mwk&av4QTrGSwwjUz@npDH`GqIk1GvdL>P)j^X1v_vUwc+c} zXz%rx3-9a24B;2s$LlWb-;>;zm)^Ih;o6-~uh)x4{Tal+>X7=rzPF{Z*>e-2$!4e3 ztN!y^%>eqg&(5+1Y ztV$WbdgX>U6GN^Fon38HBY*5_<$quc8}Z_JR! zG^3&Owt6hW{ytYVVB{Z~&%RKm0efX#&J8^3R2^3v$Koy~j{x`=+WKYJlXvg2jQZ#= zHLE>Wq~cfqhMnGv9xg)~sE?~na%gi^KkhoL@_h6!5FU1$Y$G+M#%kYdN;$LX?$d(4 zF9t3e9~ZR5Q=_}=DfO+``DL_58WAQ{T7|XttN2{X?~$2D6fpyNw&!JNiZcFl@N=wg z>+9z_c%L;GTK1HNd#(SFMNUfsTaDLQPLdvgb8qWjaFKl9KoIU$FGa%SxHRE~M(qjJ z3I%h=PGs1b8`+YbGmoBr6s?C^L7ajodeL>{MGXsoOP~mhS(1Xp32T|uhgm6+OH;I^ zIW_oL2S&Nsrk%lqJ-OTli$pqSFmkJ&_i!gB`6wD7D0#c2&%VM0x7$g5pa?z#MUv;i zH?p}&PfMZ+^q{fm_u(tKq>1=+qUlVwcaK+Exz%!ff8v>uG@zoAEO|&%7cNvUO){(AB2q~ z!=2OJ<@53Kpl;5{2nr63R;2h7yd2{rfC>tgv$dFDrn*X-$M8r=E53c6u}2*=X4tzK z(yVFj!+if3avh8axf@)K3lQ96AOYHl=0+u-CXG*Y-H zm!((ia$0cB@*=$3{@93gwuL~fTeKIx-xLINw04wt*cAn|WV|f(0XaZO6hSqhXkhI&+_sdr)_1(h6>Wf9DW2q0Hv|R=pLPeu8P7Z|UQ@@$e7c;h zbg5e7hK#$8ZARN^My)YWBnLtU?>YSCu!;9_owitoryE-qfS9u1`e{pLyBo7Gm zGFLjuKh3}VqQ2)i(bDe40hEUF6LiRcYvyH+5?C~t@Uo|OPTMhqBf%40*x{zUaoum` zuqy05d^4_8dm{LAV{xvroLFA;hP_E?#Q!m0o^rkj>*!dM$3~&v<>ZY9d)Lf{2&LR^ z%X$vyUmut+P|+gTqAw&Dv*@S%X|NerB3+bC25{-t4K{$hSG~gu*ti%zSSN=Rl5j>V zH&mcB++@@xD=*y$YB9#7tkXVGj0FL3F~N{sm=$_F@=R-f#Y+swAnRy-5O4xDW<~u5 zQy4WE&@0smc+!X%&|HFHzrjP;Bpkii0ch(3G>#W9eiD&-EK_ziaU4tMo?C$J_Js(%kR% z;&*{$?YF(p%O9f|zvrsM-Q7yLm%NsFBJ2NAzn^~h-K-R%a0+c?rLM%*sjF0WMP3_J z#DtF_WN7m}f!O&`kuHg#S?0(ZnflS31%Hm=_j%n6Ob{R?z zP;QWNGfwCq|{&|DY2}&tV!zM5OCGF zk%&|G$*{9Zd0aSb#K*N%iCkcDR?z$^&vUzHtVifNzRk_LtrJO_B!$*uF!`QF4~XN| z1|BHOQ4V5uu5=TBH)HJ5GsmVm0fTJJmJz4etI<8T!{C{AwNG&lz1R3CC552(7$|?zEYlKYBieQP~>YoD5WveO_w&j=!rXrHUg{k!OS$aE^P z-iP7ACAFv+ccj5wFvsP{UR*W=4|z-kYD|tSvxa_|&_65t_xO&fA-6ywE9ugD)sGLa z^9o*;DLxjH!K%3(tQg{}pJspW*TxFn%&TMO7TmR{=#?9qbZx|++7~VSSZz2G;K?R5 zLrXW7I}aK=>kAzpO(T)pI4(dR*!l_vz=CwYZJ)LK7It~3Z-S!lgNd}gIgzaG1|#a` z&3oTB)P&$SI0}Se25ong*RNNRSz@PV6`SzizNal=~r35 zuA|+O9$*ZsQsJx3jPE;GNUqCTKc78WY-a3w&UYRZ#Xr2e@%!s%fiIoxh+T5zmddsR z$Tx!^cDN-cT4oLUqAtT5)h=DiXBMgRwvv-FQBW~y)2cQSHJm3K+9dU=#wqgV=XT_h z@=vRapTj4)fBvy~5|YX=aSQ!@VE)_He;F)Za*-CQ?B`^nH%Hp>BY0BK(7_oYiU z9(GUNS+Q?9r(trIbo1f%vD^fEo~!w5n!?24FWy=+#;MQN02|*n#_Xw5-g6J~vk70Y z8ROA7HM-F#0qxG?_~vJ?^MIRcplt}h(+@|~i$<|oe0<4O%v?` zWZiFgNfFVpV^wa3FJ^wm&HW=DE_2k={gNpcBi&xseXxRpr$I?8IcgbwdD8_VgZ_256Gxvs z_Pny0WeTgW&j;wnoD!Wq5%Vrp9X|dMv7J`!N<)^e#hN#M97}*O)GDCxyv3 zepQRd)^^C>yhLEX06ZEv{mK?g0Dn`NUN13=*T`3?+z`@&LX#jpIb)-gJ`NX)s zNWNi0nH%;Z&F-aWaa& zwd#tWk_}{FTbllR^MY<^nuZCar(c~9)kAD)66gHGC|&)ZAvP2n%YFdIyV3tW1+KlW z^*#Ceexs=vzGr_@(O<=P?sDUNfs{4^M%xf)24o3ddM?ne)^_DdEJD ze-wSK^$wYXczcp5&7O#`T&3)P95sfMjCdh$k7fLLKWn-agQmD|yLre+dpM&ELgg9K zpueBYJ@bcR;}_#-Cj@^AVRb`M^= z@$^>)L~Qbabs@Ol;r11&^{ulZV%|>kJ~8xef(lxRbouBS3kAN;a2(CGShQS8;445Q zj&C^vlNOrKo&QlKrG$yzrWNCHiN-TY5VKg@B%;g+Lv_5|>c&BO<40#{Nh&r1& zh-mjG&Hi(k3&Lx{#D1zfvooD}s$cn+<4wrrb$Q$^@OD{k)3}ZK0F`;^;Y~+(%T(Bu zO~0HZ)(-nEhxfeV*s{XBmepF{zCE%1Z+lfsg2qvNRm0s>zq`@pUXMdn-}@X&`<##I z!S8utYhAv3Wjw6#QAsCOSu0jaBbFT6-Gp!}CGlPjW5h9Oig*x2mfQD`|*$Yn|E-^6verBGstFz-^kW=tLfa6mPSoH(@d-??DDX_JZf$A}#n2XwEGCeKChob{y^|?VS0YUx3#qQG-8|}eJ^0)mi z$&3kdm0z#c00Q+_2SSm|qq{s33J#PL!;>9g$Ck;dw6d%6Tb#=3rc0v20|rt%B(fx5 zbVu_qzgQ}flpGR#$U>CMTkv-B~m}K}TgjhZEGlOwL zIj1xhx>%?$Gv}l&iyfI165;w)ag3g$NPOY!?kgj22GzO> zp(K;`u03We_bnEXeOr6qA3{n5*2Kf2b>JbeJBgxf;YPR?^Qg@JiCE97W-)b}xboiG ztREHCBx{(7k`7BWU@K51J#=glN7{}|P34MDa^umKTAtcmUina{E`T&&SUZ%|YFOdp z=yMWt6QQR*YO6g~2fw$}j7k)nUZlt;y|W$y|C~waZ^F?dA2g?ZDzDb^ns5$_m>PqD6==+;-w`eZ4MEzx$`glP%}Z@Bfh3X*Utt zDg0~#dADJ3qVVk>^yT>${pB_1if&zh2v4Ry!X0!SjKK6l+z=JGTgGJ%ru&Ab-fFo1 z{IO{YkVY!Rx`++ z-2B8Y2|)^@4^rjSDV!`-wFfQiFzp@FQ{of$FpKeD<%7H5Z3<4zqpusk(a%3@CVf7p z$AU5}2LMB}8#W;Pg2{<3Wtm_}{+pg5A^5{u*V#@K;f&BPtGQszU7x7XG5h+OMwf1y&;a) zu6DR#5g?{U3Wl?{^@}xq?sp%02)zTwn zH{>S5_0X@q2oV_3VxFut+b!#6%V_Xk$`Ts$G-UQv)m`)h@p)vIK^Z0#tu%9>dYC;p zMKesH3GYS74htq-;7^43h!xfF62DV6t4U^|*C=#*K8Ed&By} zMad6?TW0ud9NAMV)j2wxmxheRezuyU-uEU|_H~~t730?>+wKRqzsjK8gW6nerpjd- zg&QHT2e?ELLTGafeck;6640D`>gaBfjrip!=6+jwMBvl^Q^=;u@7gi=bV`v z+|KMTqPBK3I6pRX=P$QK`ram>&eIl*jew^C0GQqzkAvk)wOpD{gucJz)PTu(9=gp) zC5}OXM^FGcHc2l-&a^TxGNw^D$jwi=7{GTY1F_ev2CoWU65tR?9WKP+X#J;8Wz#^3 z!AWILeM~VfbVe}Ex^e6gH{m}4x&oEg9#MA1=zR*29nNyb9_i7g^lu4c?Gm&Y&r3SE z{+inQs>%7&vXC`GLYjN@K?lqerFfs7@~eraMXA2bF|c}qCMFj zY|6m!W~$pdh?z_@C$!ytR*4l=Nu@tK2$i8Og~#iQYpV=c+Akd8L*Li`2mR`w8z#cy z2*(HYwNR0Y94UUOJEUR5b1#&mO1QLA=QZHY*xFb@Xo(SkNxxUUm>Vab*y>X3CCt*Bz-4i>LPNpgE)L+H z*<8$Wxgc7nC_a<0<9gsz?KySPb`wk)jM6;52GL=vuGVR55pBZxQ;ueXfOOP=4{ z=V9bP(}Kw%3o**J{HiWZ0NOiEi~Wk|Dwi(!EIglqI% zWn&kynpI<6^%PhFvJcBAXPmiCq-up-CgpW2m(TX(FK5uZg?caKy1im@9Bx0^mmYy| z@Q6r{T$&f+U*a8u&9_U^lq?0%CX_gO2n``dF5RCQCorx_vM5r{S-Wv``kD6BvG@VU82yonzxZ-ZQrc~y< z?#dkTAEv=I=z5!X6Gnf4OQJGw?3|<->Z8;2VTBzQb}t%0LZa7Xo@Ta}$W5BkSXrwL zTHu@X`5u<#rODpe5W3QD_jbHc+EcF{ssT2d=5e{tH?u!Lo zEt)w44ZIE*=}IPRnpra!!feX#YI5-|w>jL5*)5s+%S%FBq{ry_TvYQ`!gYYOq;Vc& zlWeDH%L0Pf_g83K@f>er*gZl#wmL1-5Hd4iE8rU_BiYGqavpXO#?D$BCqzvNaNSj< zA_xB~fLASlwPSr~TP#J@gyGFrkE@WGDF=H=2JTq8yu*z7b9e7q*9$e^d2MQsLqd59 zsRvU?14wc#78tmfiamLgyxQ{{FO_#Q8#GT0>7k09&W?-6)~#Hq}fQRfD)(zZr4 z`=-69L%2FR*R{=yZLH1ndXfaY4OCsxs{9-rVA&7r-8dlei5XVihoi~OP-0x*&H&}& za_qm)0+B0#F=gb2!szX~aRlBF(F^G+HkiEv-qNw-J!c0X3U6FT(82%wyB*}DxZKs! z`}6zKiC84=oh=SEzUvR17z|?6uN#s#Li&K6MPwWy%wBc69dgZgzfqI=>3`|A+gW6r zwbTo2B^g>yXL^76s{cZYvY~rVi`^j<8oF21w0l6XCymMFRh@liEe|gYzf{$yAn^Rs z&tpNuUraYFD+@R6m_r_nZOpGaWzQ5`&2l$zGT^i!Qhi&G^|tF_>UID^tHuXUYZx7n zGeuf!957j3#N3$yNNp)=$#KdpxTutez1d6V)PiKJ2g*jk0`K0~N{n^^TUbf$fK1~+ z;LQhiQtG;NJyoJ*i*e=!Ik!t%hVND7RO(q?kbg{RDb861Y{l2tQq2z{h>Mp%+kT** z_Og|L*BABan?Y0caGRon23vIHP0|@gpUos56G)CB_7YGeu@TIfZq?Z{reT%fQgfwj zqb{Ww2Xt3l+iRn$^Y1iJJ=L{Vg+}c(ns>J{;^?FKNA1ie16*IwPSeI8_fF*xn}G|A zy}7BX%rMT2yR7k-X>l9qJ^XNd0i&r{{n*L;c^x_x-N!ts{puL|B)-j9x`S&D&lfYh z^n476!_XIf4oNuerYLXQ1RAf5%o;2Cq^K&w$q*Z%h8|x>$9Wr&8Z+GaiCwOI$BC4m zTj-he#a#qdZoQa49Si;nAAR5FC>sgrs1TrY_WEBRc8#r4WeQNv(3rh zSj_U?2zd#K3_vQq^j34^gBnxg3~GYyj55FDX4aFP|6N}K@m}I zFB4GjjBPJk)%HI9Q68M3kt(cpRtoT28%P@FsQYHGGMyH$8QIfL*KUC9;j2;8OVf3; zFr4HHf=a*hranJ+y?5D5?h*x*rKJsv$&^mif#`4y^+UC@m6qrKja)6yst1?&GlJvE zK-$+q3Le0DkWu7QKjbS#b*M`=?Vl!z13JbUOg7KU-U=H7Fo-D%91=r-QpuR}U{}nr z8oX}s5j=Dqgx?JS;f)8o?fXISOMzdob>;_wMrPCxg4Ol*9|Tx^pr9TGKM-xGL3o+` zAt7!BQU0&zlAaLHK>mA#5rns{@%wSWJ+A)@)NVlY|2Ko~KRJj$WJ}8b#mS=u;hhEi zw*mZ54#K-xZ?v7Bw&V`Z(-5vPGpqIEvMOyx6G0RiXWJoz3N?*OX_ekm`weX&EWT{$ zUyr+rHK`*pXa#t}ULddcliUl!t(-B-r2(|B7kLMK%E3uHecPbCd$OcywuvD_0Xcdg zS9yfB0`epls;C* zVwqr(lak^Zl?(U2iO#Lq(GFUgK5_L_cOHTtigrO=j|k#QJoQ-NGJjzPeZs4rAqs6S zyg^{3CSXxIImmc9mW-bf9uPL&Buv=SK&-AhnS$=ur^r>Q9 zlGES$h>piE5Dz(ibu}0&;XcfvIa$@b01ivH8nfn2XLPJqN{YC!Y+mk0-(w&>2hMXd zSN%p%CCvf;eTt43Kg?s9=f3wWiGOZ0d}nU&T*DrO9@?a1;H`}~WZMzvx@<|A zuUFcREE+AZ#VT&bW$w&!vWpGTqZXEi5JEzft0caiI^g(WhqYzKx`RWv(XXw9r^QBk{=bnmv7%S3SjP37CkV=U_tmM?ALd8I}t4!#zKMd+`zTs(q4CdX^*J-9+vP0{V9}r^4gt? zH(L|SNH!jd8lObQJNE-wP`={1xCuo{2V6;+ESr`?#d{W6Nx@F2pzNwLJ- zn`{EPbG{bcNy#xAkkDi{%L{5U_S`(K&L)ba(};s=J{(GI_K0OMM3-2dcFDK40WCGK zHfAc088pjpOljJE?R8nd=eWmJ@yPmy5mh+}DZ}-P)WXe$_3Fp7|Cfi1dhl@rQjlMH z9t^dr0^>6GhZ2lhpaSCJA{Z&;Fe~Qa-Q!)oI-y=;*%*4SVXbY&ZbrqSjUPkGek0g> zeiPXY)5)D#n2asoqt5YD*=m5^<$-*4Cw!(fgvyn>^J~9OjjkUf5Qum-BLDB`p5?~r zq_=L}pXQFmJwkJjlJu|VR z>G)?Ng>TzzXX6bY{fIgy?A^@zpq9c}OOt#>yD}W8<-O73YSH+fK>@?G`(&6EFN9AC zc(O|+b10m->ZajgpPhC{MZ5^_Sx$?bP|2Je;l749hjge2Rod5J>UXkYhn@ylkz$o4 z4wx6h(>3I?4z57@am-?EGQY9t^T4aE%(*2+Uwvp@qS#ev*_5aE!8i#|0}C6IfI{ev zoo49tzoBe?cUpBMS>rhh@Op_p*XQuTxouAs+nt=Ob=nZ!9JO(IJu?*My-r`-HuRXu zcnuQeWKy#I?%UY?875&CLh)ZcxJ4V*a9n0eXa~FW@U;Koo!C8i@K?J~+~7i-%0{33 zmMc1eu4Hy_W)ZtRj>as$vam6?qnEnLXrX%72I_yQAf$;egBD=no_wmb`bro*CU_9z zZ|1nFuWDk7pt{>-wDv{b3{KClr2zBpl{>_`P+mVen^JLESWNEQy+7P`MlLt)x^b($ zqlSgE2f{gVt*cHJaJ=poQZb7H#`N2jfNjHjRr)(1%(h5Ii}jfw&r4F}Qyg2MPo&Gz z)6>u~2Y7Iky0r69V}+V(>#W4+@TyhYQ#d!EV4r6|*ruxHmF>zH>2?nUjB(1tyXED0 zke~CeiyNetruyO&w#y{u(iEJk97eV5lA1jZW;IUmI`iX>5B9-atTe%U4R>1} zDmcYhTuK4N*nGN7TkM7Hq~CS`8#Y1BXfXeIPY=3!Z*mWh4Ij68Qk7nyJj-EW7~Xs+ z8~61*2KUbvis1V{Pv&tCzhH-6oCu>;Y-s|rgL0buum>$Dx~~xHF}h_3iGWO>T`!HW zeBIci;9Ouqrm~j>wH!Dp5_{+k4bJ#_2HHE{_LrY7=M&6dpw&@ADkzyUru0-{3wL z*lDirbw@?QVD1!^ zIPAPit&!YiiW!%q7-ihWuXoP&SCfBhsS6mHYPlgGZ}%C+N{xihHEVn`u2)-l+;d9w z8Kz#C`=d!Kj5B(EZ$)rS_2QbCThic$4_tA5rhn;m(+6jU1F7pgX*0~EI-4H5je@OB zCP}rD_x00l`4j9Z)!J35AYNs(Xt`i|18tL*A7DU$=q=f8#k<(0A9!KML zjETKnX=V!FvgeV}E;<=qzo!+s;YzSb*;HAz?)2MHP4~h8YTGpM=AsEdkk!%UtWjIv z3pt-lb7OZ_f0Pmap+8sx{|ezdp|*$S$KPHw0BxbXuj^hHSGgrgV9m%o$cKGbc~5PL zp+ET|^!_T?9E+iY8mtXGP5(>oDe2Z}JM(P={OM}ZvC%T%J15=H-N?@`R|Z4or~+p7 zBbjX4i}YFO^XuqYsz;DQA%x^2u%PUk;I|>k2)!CQLxd>FjTB76m@C4(mz7wy4$Rb8 zvn;2ix^yf;4PMtR%_*DhKDw%mSMjjAjah1$dYZ9!$d$ z>Pn1LU7DL9qeH|J*U?pMnG#&xa)WgSW^iCMj5Zq8moK=`IqI6m`z^x0bh!rYxLAkX z>DK%1PW1c?H1qqgK_2)7P*d6T1rf`%Mss*L>q1g?X@`9kosFUxXZuzbf0cN02JY-# zaj>x%@LUZQkzC$@Pt|Eyp}yN;0k2d%1zYk{!{iGf@{a4750{(dYlM6yV+^Hz-pBEg?!@||e0?F<&f*+^NWYLopExEmD(-=NU z6aK^&TQ^7tB=KeSf@RS)e4_=?U8nukbQzCL7wzBGxchabKG26|)!YQM&h%>V{VJ*H zWYiiQYDYo$MyJieg^ju!(AhN@QSaH66VOv@CZzc#2V%m29JRrh*|}`YgVU3Xni+y1 zyPg_ianNqKAN*^t#VP#DNMtDU!PmmonFJ8C+)((N*gXlK;DsEs-REb8bDga&Qwq$l zSjqO4FM2rPd(GKwNH(0H(0j{l1QBG{(N0wRZCiJcL`gi>jUVzGdX8vOF`&WpF63LmRi}E?GJNBfD+BbYS z;}GsaBC|Hc@W^5SxsEr+Es5unH3rTVrh;z17>R=Q&Oy9Lo14dXkkjXDE1H3=+e=c# zYkasUqAmIzxV$Z7K3<$VyMYFd^X`Z1q686G@ldTV8Sgxs(Ily z8*x4S?{id~(D0R5zH)}7EH?!AvJuLjM7TI9BL%+a<$uF#g2{e&oKva?Rciqx5p z@G&}bNG~0is|q;h81DKOKl|0u!@qFtX{AVVrDAkXXz8h$$^|z?lPc$UMhB#C(wp0e zzdj-FQ0lKC`d^u-Q!IZW(SjPg-(OaOw}S4FvqTFaEE|3ayQMktoe>*; zkcIDFZY$F|*=Sv7C|%?phhS=PlGPC@s({8fs^L^{(eqD@?zQ?MxR^s?k7#|bFCr+g zB)f(mH1Mmh!NNgg`j#O4U|?X4G^MKlgw#Q&|1Y1<@^z-;=91}&dtAS=uG=177q+l( z!<#bgippq@q(AEVk4`%T>fkk@zXe;+Y)&G3ZScGbw||*`5jJh(rCmd069iv#2YKek zTU8h$GG;7u3-}A-^jZ8V;7+dL7UYl43uToE)C!uCAS(M_4b1gr>Q|uG((9Hn(qbid z4?EH#(s|NWt`@Wv{sRe!yaniG2ecJbV-V8f_i8AM4x12xIK2E+Lbhg4FT@qKx_z=p zhqfj$@>jD=dD<9Z=dxaqqv2%3GdQL!V937?AqqgH`JIG{_GPxSpngW6lXccXrc>^I z0Wq~jYZ=UE27M+wz30x`^@DbKH1N&=p~}J^?XYE1YKUX5TF=k3ZEvj`1HSF6%fBHo z$m-~Z>CN4L>uP*0qU@I!QvU{qu!(LN@QCha?G#g4=(eRA6VJ!=q?`!UQB~ixOK%}; zZ0rC{*T3Y|9mC2G!kIOCuc{%jAs-HddYa2 zr6+5mD-NTSu&c%gj9OPpk)#+!)E}%*CBaO@DpOI-kr{>bORtB-3Ex**x9tD?**ra@ zq&dBoTN0XmEqIc$c+7U7a)Y^|h4Js+aIHl^w!qJ=r+EEvzqgJ=HGTg{r$j=|1(K&< z=L8nTq;$iNIkw!o{i)|ghLSeDy~Bh*^O2p^JsNrpfkY_{No~bWF9Enq9=+aX-Qy@) zm7!W~M~G3ECB2CL?91gyC?r{XL=W4LbD2)gNirp*AJ2WWYZ64RqWtty2M%HcDfq5< zf0}Gy=QELck9+B94i6lg{pIFE5Q+}5pp9UYd+=EZM6>ARYG6a~g3-`QC2CTv@HVdf zp-V+K6}@!UT_D_8q_AlNr9Ze7WU2A@=ljSe7#QQm zI5e)IG-8&i%83|vVgnj|-IjDRlBco(KmfkRf@zS(JmNLx6PSs`rS4)Af<{LLMVGdp zEF_%f0*#%nE#u~}b;Vjbz9Bz#%BqY#D5%I@)vPu^^3YX&NWe!|WNay`=)D`e6}WR-OQwIPJ!tRzhG0@gta}FnQUi#7hWl z!szTY^2M17qzy~bLs%v7)K2Quau2;b5e|zKj%{qo77RK{8u@}f{ z-g+jQD$l9nRbZ>}U1JSbHcS#JSq^N(5;_j7!&hlE0I3WXS1=9NrUz?P=kl}ZUO18) zZ#$3`pt44p-#^H|H;dD5IFlGgZ^~v=GZ2Thp7%w2qsnDZE4RD!owjxAa^q|J)odq` z?8~_^YaKFxGQJ>{-(u-!6^9oW>&7eX>Xw!=P8}w`-h0+X(ime3=9q#ve8GUtni4Mb z;GLCYTY5I-1=D`zW48yyjv`j&zr(R*jswcnB`)hKzYc{Ghpf|QZM0p#eI8ig8#HRH zq)4L4uvz;y+oXkUNkn!bgIgmR;TvIJe2XIN*vl3uISpKRZNh6S@T=9TRtOEEz-6Lm z0%GXiz?9ZXz?Y9o$EWaB%PAssP8M&ib3iE9G<)T?Q_#=)M(xC>vxu&T;A-~LREwMP z_AziG)no&nTa5jiQxs83=wM86ol1*NsV>|++>1kmWk`J4BojYrY(;H=}3 zzq|sAdmVmJF<(oZ?yI*X76z7AEneiq8;Z*hLnv2RCt^%cb{W3VIi}NOHi@Y$sz+an zk5JJN`SMNscV>f^trUf0>zS|aoP0)J?Xc^sQw}>f1E}?FF14h^OPrpYx;cXuUqZ#6 zI7Dm9)(aBT9Om8hrPKO4rTU2i6qGgXZ7=&|atx*w6P1&ywD1`emwt{Xwm~a_8pG4g z4gt>o0+$q*Bm)IVA1JoV*18Yyx$8W#YC(#)W;X29T0`w##vhiGm#XV8(s=DR^oMm9 zN=>tOyA~+YRO%{~qZRm#nD%L-r%a~QLpLKRKd1F_l> z<#BADcgLn0=UZWG#XsQ^(F@7KjZ!cN6-K;q$EHv@&E{7pQk{q{5;Nq*|%Eg z+2JCfIyR^5Tr@AVcY1=lo6VS?>a~ah$ZN-XNW@WPxisst z;snO@AJvggI_SRZb`FCgl=;d1q}0)Sme6xtZ_U+8=L{v0(tb_f$o)sQgbQ}`v*Zp| zg)Q3OUwJUZbQdDP*0!Uor^sgE*E`kqtBO^O9z3iEg8S4+b?(>vMS-8j@^l0sItMMO&_f5>14hOR`)!(LEqDiA@d!pzJ{4~HQc zMqZ^iKShZlsm_P9=9=^KJ{(zKh}Wi z_O;VJeBQ2(@k)~2>33lmLO8-t-W?U!!8**e>Zdl!+_h|^*LK7U;aX;y^EZX{3)PvW zXQ5}<`=FZwc6lP3!hFVTn~HbtiobWfw^VF7m1Z=a-YQOxyqGHov%Bn5Y+Q+l)OdVT zPjlO-4q)BpnrY`*Z9s0OMIH!Oj|1ud>FwyTX(X^87Hk+` zCt>ys_NXGH7u#}HmD*Vxz|kYxof$X6WQn{CWEzM%!*R)cW-D z_R0R!&DQ~L;N52U?CgV~uH|-kiA4fCmxi4)2p21S6rr|lf{JO>{4o>ee}tiVz5q$zV}l-g|%5(%32?% zh0+&lbUG>v;~!D=bN$%Qk1+K=Z}t+s(}U&?*7+;~9>hi&r|D$M4qh3%xv^I~awwWm z2LxDFFnrolw$sx<0q1nPucdP-&1OS)#HrWcr^pSXn*Yl0$%Rb6BCDz2AGAAZv&CpH zVyw%k4C{z846SU>4vN&!U&gOay1VdN0v1j7C_5pc^7zZN1qzHj3EjEQu3P4vBeQaH zJsGnlG_H}H8p5}S5ye%yK>xK82Dg<}?`A0tz2WeEO?c43Nr>mVz#5kD2rpN-MdwZ> zcBQp3n5B_-zb75hwzLROHNmytg6^6h>Hjsfh3V8Uq{~8^V3A)dq1pAd7*Gm4zxsi| zvRYn<$v$|zqADgp8*bo=i7yf))yJ5}OJi5PTM$PO1Son3Sg$GXt#Q(D+>kJ(^%-79 z9$tM?c-_ZTp}4cJm>Av!lV?4Z z&jz}hxl(^b4v&cM-T4hdlKi>HZ^_K|ok4{_}0)y$_4@3Q%i4b+)?xVrJG z!f&$H!Y>TUobCuSv1d~er(ukDzaLvr2ge>0!F#ZFLKL>@T&P%L!b$wu)#RtwUe$0L z+vKOrS$+x-c=BY7nPhVb!m(&hogbBolI~2Q6YjZiciv>%GN@If8GB{n;Ght_ zYp^)?a6aO1sul$4-B=>JzLv}QDm@Ud^jvsIaGqrzmGgVco7d*rM4#%5WaMK)z^lRn zOq(Y=;Ee7v@uc9iJ`u@Glo5f~Mq4vAK9jTQrYz^Q{?W2(yE#rY+Y@#J7H@0s5rMb@n1R$R;ajfXbBH>gJVpTv1Nc) zg-`!hfFEda-pLoM3^v1-f!43poG7n{`>BgHR;;V6Mi!s;3w+dAvR70rgINqC*_BT0AFaTZt7SPWSR1CJAD@gXb& z59Y3`*~ohq<{GcmdwW>t^kFV(OZGDz5-130^d?ca z-UN0JbvbKXRUFk7>NJZr{ zN|Aj+sS+w2nx5W|8*{-7N!jt-l(8`W24b}YW0H%jNBYT@@S`9XWX14IC0u$PtZ@8B|;1hB#+y{LUqG54L2KyZ-B!~Z?SJO=+PAEx*Fw+Mj+>limK;9 zxR=31*e>xM=1ie=&;r;Z#9l4n24)N+hF4vb^-)%h4$9@CcO0%kTt@*Sbctg1*s_f$ zuid7upt<&UCL0Ltti8WPu=RqdDA%&0W}TOw*vBt|U>-v8Jw4dr%x#1O*^g_qKWr}j zRfCa`sEW72rl0sUq@r{o4{SkER0Wwb17sA@Qof3!wSs|ilmX{y9_sd{cMF)8Way}W zFG|BL80*E`jbTfJaB};2y?@`Ap(D6rEer+WiV^M-MM7OQ!KTf6rK`?4aLRhWaAqFl zqgM7`5^~<2g_k%e^%n`>O>h}ivktV|xrp|D6{hO=7xPJJRrFFNbm9Zc*ML57kQ`KN z5Q%bSzjY1Xj2qS-LAv4&j{*(?vw?|rR_R@}5`xg1 zMl>#=EaLYQ%I5*Y%`<{TPc{n<90z9ZsYw^G`J)yP=IQ19c0an(^xCNs8l9|xbu@{g z_mgmCZXU}XPnWbm>dMj<=dd8wlS=JsVSM7kGa4Sa)sik>yCy`{Y9kDJi8p;!I5Oz# z>8n~fYCP2%;9Jrup{iRznZ7JHps9FRE(+kOMzJhI?>Mx|^|F+eom8B|hWtv*3~8C& zGd5Cka654g|5WK8Pf@9+?jE`2qz8a*d7C`j0OD6+{#RleCG9zuBKXfy4#A4`SjhA2 z751_nqPj=EH_~xIRzj3!AsTvb>gc(8SBWeb%`cC&nhF$Yo}7iN>SnHC@d8GO;;j&y zY~mcW-46XrV--G*UG5#%P5+TV^z(ncOKS7Q{kE~2ezifL`0OJ!T1=UO+H!nUy} zqP1x*3HjYxTp8Bq#k4ecE`F`pru;E^P>i5L+^G9>ZQ}6zi zf_&C{!JO8KzUFR3lf{@QEfF;MdH7)EhFQHpU=-Uv+?Ax(8X-|97&d#WCHgT_jWl+E zOp#I=qOinAG^Q5@(|(PSP8jJkS~!a?Oo=%DocY}y3>yA~`ki`cB)nm9xUwT$JO6+$q+(uUwLl}{e7|^p58cf zmlr~GXJMQCQIiDHFc)=q0xjTclm=&1WBTZcP9C`7H2RDe;KqnLtqPu;OJ5gP=sek&Q> zzMZA(3?><<;+$m>xFJzT);YN>ssOcZO`Za812%6Q?}zvo3-zYx1INT=J33{9~TvpO?g?$ni~-Vp_`J>Pvh9O!=mLJ=HfX z9{GmslNBN-3?wH6p(YAQ_7X0O!W0$xBn00Gj*PQ;of*)*8Msg7u}{fIq#Ore%hse) z=cY{hBJ3fGcdpZ+6h>>kqUy>g_YP6@=-{^(U0dQzWTfF zdb)`n4blllv|n*KA=|$t{~(n-)&JIAm~?w|Xu;2~n|lvBP1#iciX?s6FC0DpkI5Rc zO69A&-}8ktN*xJ`Om3IRj)VUBo#N*dP|Ga2T=6R!crE-9y3!Ijv) zjTd~;%R=|WDZ1k4rhnX14PU>;t`dTf>aPOQ>d!DI>l9_vgf?FAwn&2&n?@y0 zQIhgu*mw}C4AwKlZYlmvgZ1&ZkljCz*68xqXk) z(&d|#zi(saCm&eMvn&)@p)Uo6-b)-|jxfYHTTHGyRn(D& zBw@Ew1;VyI{k@WbB*ksN82*1u7Ate}ee3f0StA{uWOK8|y%B0nsMj=ev`{>?n$f#l(cjk}y=uJW1DU8>jH>+SpLOi!=JHtdZ$v-mmtL~c0Mt+=L7_4 z$gUrKcF9%yWz&JOco)Fay}rEPr~FZ4eL82Sg2Yt*_YfMq*mml3TMQ`&N=GZ|1x3g0 z{Z^IKt;!VYF&2Ou%qyH&yJ;)ATBpl@%P{!+oEPn+Otr8+0)Kg9cWg&`KprJM}Uonj&r6oWj6HXk}#6kA}rC0`6SLz!n((rLtlg0FA5# zRrvx{sveYpd~& zmq&Pyb~b&WMQH7`i3U%$G`bPDeP%;-ecr$ZFt>ClAo>wi42>Mfjz+g0(bPlq%Nrq* zqlRf`=tF)V*&ki$(af5XbBD_C|AARC+8_PLK-|yJt=`tTX4u`YRq4q{e4E5pbq#0M z4K`1QrKa#+)Keiwxcu?tM&bHfbt?U~W!rHFx2shUFH!FH)>F_O)6oAcjUf!eaiCTh z#Xs&ofsiTDywB8k%hVqnG;4ja7Nx8)8AH!WFpsvt{t=#>fj)xG@uy$|a~P*Q%nD=nY&y*Lt|W|HH1$u>!oQAjLmw0>jm z(OfPrU;LfDh@Kk7^o*4PbTJ)>zHHvJUFeb!3r1|eBMQY8Fmoom42TazB#T~Oo#IM6 zE7_`B-{5rw*t0Y4(*C$TFl7l zhlLPXRDOZ%DdB0-!ebn@E!OT+G}a$OM^o}McqQYQDb93KYD~<8?6=hH>`bmjf&*0| zk!K{kX#zF4*t8}K-ePKDq?SKRbx8DI*G^)U0WOyde{8fFM6k!gMOQH{t!_lr38D97 z-=EwuY`S%aG(3F$q)nCB>EVC_aWnE0^X2=`wPcYGAgK%>LuyX?^YbfO% z>)Xu1&+CHSLXzF@0*D9O*F>Ek*LNJ|=Rs4FoviPJ-{;xk;p=M}{(&)rtO>QM?A$9&pI4T9W{mTI7+slxmQ7 z3EWoqYDnKX}y9{aFr`q z&&|R=gAhqA5zANpsisdW18e^gc|KCg10MR{*Utu5P>iRRX#952K!xvL#s;YP65x%Qn_ zZUd=T334W2nLUNgiG|cpy@{mh`nGkdOQRd(`lVn+Td}r4V?N$e#)W#3k^j-YW98+u zJ2*hG--@Cs-809AveAQW4=Rq~n{IvAiz|r?8m5jaOKJwLTrNjnkZQhwfUSWYveYs4 zOyupU+XQW19>Bhm%=mZLMJ69VpwQj^(ueZ~4>xL^0?1M>=lq<<^RXQ}P z5(9IxCm0kBgj+&Ij}^#YD9g1D!=|s$A~&zHMfpUM&V9K80XMKhYs-^&v*M$pkp0xH zr%Da}6cYSKZ$qYSQvLxzFfXab!kKuU_*%4Dl`9Eyihx_;$2Fc8rD)>|JePVAIKw!x zw11_8IEx7%n8AlF@0oHq~-Mh+eyDq;6~R z2KUgedPrA)r9E9@3VkZlwc=@A-9Dw9tpWio-!^JJ7`!C-5TGI{|l zRbK($x}uyRCA+8TEsrOp?5y6IsjPyRf)K{DcbgpVCFF+hR*vZ8hHmD2Bt9WRctSW6 zf?p!INOVgu%Wj}Ss6t|R1QIp5{4%f zHqZ&9LiJ7s_kv)iWn#pgdKYE}d&9+it!|h+!&I zf;Uezr*$@{{<0S3evbB#>j!miE&o^q_RFySOcS(l zRjyFyiN*ZV%(}BgL`z8#mc-w3AV<$d|8fB@9?4MIhwx`~6U`1+r|&?@zXI=JgnasS z+e?bI-K(T;6nCW&D&jw-t8uELjE`3SmQaxTp`UGCOx$;I2?3w($7NOsCl2AmOQQ)d z&lGy#N`%*0nVL(&x*X2;-PSc9{D_DsHLYl)ykNk3$-7J)QU8WO@cfx(zdUNBilc5c zU{lCwv+3nABjL^`nUs}_9ebD&Ct{m=t4{-D^hKt{893{;mXj)dpbvC6=r3tLU4_s| zidJZx?vOBsmg*cZf<1-1GmZo{#zI7hQEAalx?YQySynCWkEAh{G6fjElb4krHygRF z8dn^BWbEI3xU3=-wJcIe9CLnyOP(QcxUDDZAC_Mx>lXyO`)3t`o##R4Kl}rz0E7A; zy7t5(YjzX5TjF_qpkFA_t%A|mpdq4D?eCNswgu@iA%Mucn5jxlnFvEnlMTDmN3i3D z;{Hv(@^Sx1V}WUTX8lKFZMdlws8OL}JBwZ4Ee$@OY5KPjx^?T@BA~g%$9NA zAmVXPw|Tg=j9d^;M%qxv_b7*+^A)o5O zVe&3^nt;vcvqsQlJx6%ma-_L{J}$dtpQ&@aHKaX?M{?1{o>umRxNGT3SOb%boLSqk zoZn@*LQQGs*~NQJ6Tq?LU6IGtoVPBTi$K>nPmUI>WYDZMDMA}aazv%iuT4mQQc~X~ zO|xa<_NcEmer@|?_Owa|Hperw1qApp0OB$CuS8lrmcqbOef)9s^1jw8kqJglA7NfZ ztEWit!5icZaH~vQ_;0CP((r-u#$nK~}N% zcSkErkR_3P*KRz>i63tfowyj;BRS_-+8j(*w#wf?M>&)~E|w_Y24FnfifW^&8p zczgB_5SIM%%!7s9%*0GrDhM2sIx2EgJI0v`CY}F82!}dh8dYa2iXJlfxK-=n=?q5v z2@_B?uOfmwv+Zamy;^u$u+X;XK5TeKF(ryeXuL?}^0RBf7*utFa(uJAe84zErfuoE zywRFYsi%l;-)4jRt~yVA^bqjKegN-P-t3hV%`b#yNQ1Y^(eb})_B41LXz1R1L2D4ww&Efrk8k^sPSzquY=HHGWb`*H*|6JBwxs5@`3;}1YtMmMyr^jEz z)Bo$Kx9$WyBJahf+%FGSH*l{eiVk{&f&tdA3>glfAc$hPk608+>mUCy=qkRtRQgTs zQiyo)u{&E9-4_B=Ruc(@zCYh;yTU-o8ZO=$KstVuZN{bw``1C){x5)gtk_ky5g^J~ zG(=z5avw|?WF;Ds$SKsdYZ;JoPW!iROF1Kp#?&QDaG1kU#V;W)#@H#QPTg9H6Gp(I zplH=d$Mo-^vB~u=DIl*)j9e1_cj8mAsY|{@v&mGvDjUHYPzn9}*DXoj6TYBe81v2|*`DBQQlIkuJ)p29 zH^5*3b~CS5|MMw;M-sP@l=&Z%)sd;8RR+zbUauA9MPu-+S_TZiux&=!j<&;4bC#In zcDif?uS%K~xZkr5H@cs*ROz~`(=DXy9D{6$JM>`Y7K!~&Ka7wTeRaDP*x};ZsK$qj zAlPReTd?@F*yT4Pdf!?Q4TtAn|B7YcnLGvB;lld(hoXD!4t*mGe5*wy1HgKaD+KOe#>n+QoMXL6#DzyL)L}v zW6;AVi%FYYkWH4Ux!%Oq8^@R;U14 zrVaSl;AqnTB*;|Rg(tTUAJ^+!g~SQc4T`79ex7W=gI1==3QI>vV%?EqA97uCVkO^8 zwB~yc)gY|u2PJXC(LAPo&yI6_;4b3x0tI{TD_O)hbsxBh&4WHotSMn#?RRL1W3=g- z;jf%giL)yR`(gsI&(xF4~!^Q-)C+2a>u@a3m6ZJVsi zB|YidKpR*5-R&S48AJT?W2TuuOh?D^TVy6gpcfj0gRFJBfmmFw;3Zi{?AY9jI5^=S z2v}05&P&=WW)zAIpRk6J)RB;r^7)x9Et(o8{Ay!*k=e^r!Yk-Yz#j*3_FyWFaNRy- z`H*C)a(1mGUusb5DEXI1WqL8VNHe<8lct$G(W$*a(vbPjRGoI^fq-8m%Ym-tcm?xS z81s*=!SulvWZJrCdWW)svh@s2ETWQdo59APxXLdFI)4A7<)fF@?$3Bz9AjNR`UgVB zpO^(O<%qNnxk)H~4Z=K76~VXwyRG%=ZGgvsvw0)n(Iqx4JS3(r4qZ;JS3^D2MVyfG z)1$~pmW!bSN6@uWc6p%6zp5is7IT3pq|}uW@y1gW>YRib9oz;j?hghB1WW{DP!XZr z*Yq8(BOCiYT{{X2y`>g;JJ$8zQ0YzMR2{sUqS~#)8*bGR6ZckO6#f1yDhI)j=Nt_- za$O_=+)lQ+Dx4L$4)0|=kks#7MpRTvI!xFn?JIe>{Z&|!5x<%+N{bdq-Ly-h4Dz(1 zFojRnjU~)qzd+V9^DmG!qG*!?R(4_D`6qPRm)aFFfhwG~1)y3|c2v~E8P1XObpO3U zLv#cgXk(!|)Ak4pd=p+SH{R&-1R^L0-l>B7wYzi1>s}WwXs+rbJMftMN5B7_T5C=V z>~52%hzi&)NJ<;8gAT@EKb4wt8EuNdb}*Nu+-XAOFU#A(om?6E?v?ZYy<|Hp%DNga z+zF=hOZtbzC)Op}fX~5-@ku)!Oe(+WZw9uyrw2fFxB^VF&?K(%>=i=vhf{_BuJUIJ50F)eG zU^{iVYhpDcii6-cLW%8LU32rXR+} z$wStuaaI%Tykm^Z$98>?4rZOQ_zNHhXJEHpDb2li0J(g!W)3ZZT4?;k^Gf`{=MOyZ z@LR9Zm`oEbBf0oqaQssK%gc-F@-1IYoo&8)hq|k1xDZ;@Qh}Y$Sb)>JenoBmIp-X9 z>`VdcfJW?i@~ZV`tyjA6<*`mNpi`GIaz$G6Uo z>M=N+P?}GH3F$SLh6zjAfxXVX6Yfe^bbe9VRfPO@;WI_?UgrU-n(NE2kv-DlK0!4g zzkSBG0&>xZ?%=a-vdJ!U;gbzG=Z9Fw17Nqhj4FH`x!Mq0XV@JoQz%lZkxHi1FsmntT7L|W)!U2y2)%qf6 zL8dt+VHoqdl)*H)jGGN6Iq~lzVoF>xAgET!C_&y#F27sv`0vi|4B+UfKh$^P6f4R< zEflMjqEX6pd$FyayuTDXhD$-T6n1$S;xoR2{w!Zge9}MJ@ULQp#Q43m?c?&p0_mY{ z%2|W$vI~BmCPiL6evV?jvdaq9_H>)4_n)=(c{b)c!0NhB8*EJY=b}9e&Q%0U>!FCe z@y6&h+A~Va+ddjtzgUU4%-HlzpxE(D%pv6Vet&)&e~QEF2)&OuwViLRe=~J!iDX?P zomN9kCTTRlPwUqLeDoYs)7(9ZTq>%p_HP$|pxoZKCGq#%=#-p`>f@!N#I#Rmjs7ID zCQn}RQ>XQQgQ9d*NZ#~xdHP%fLnVu^4og)^r93XFHG#E7*y87558pFO%=fL@H+1X& zCg&TJ4O95q)K!||T4jf#%9!>~tT%DLWT4XmO_M+MxyT~3fp^pTwRJP1KI5Ntn?M|q zNt<&T!7p-JzHe*QT3$~Nfp9owaPyyOL1U0~T#RE|UyryfywQ8`y8YFyVy!hY>P`3A zZl)*sJJ9baH(%f5deq`n;giPfFvMgESWj36n9iVMbA}sd)RLhW^H>Z@s4$a4UTm%) z?&jHF(;*;uV|D-Li)DFw05fcURyb2WXXTD{qvpo<5$6O*9tYG2Ap)pRM(pjh+RSUOy~4t zdzafD3`tPwaU@02F5ue&r61d~E_qCa`f6SMB~h+m*m*qkW=# zR5a#|dWp(`%sS@@pKv|IPVW*ARl>GM-D|o&>*6awvoA%+yJ9*1T}9i*ztYwNiGz@M z+B!_fvzj$5W3hTwrGFcC>5k6gq2o=>;H-6f|Ui&c|s zQcXH)QTE-Twk(J=VGW$S{Gl&vSYV&w48&U> z|H+}>hUme<;7|%+kD*-lum;dXSVUAl66*Tg zzr9b$-~mm~JYwl%TR7j}B1)Ml2ij@nTSLNaOyOu~X^>NRy#cEeBb)p&%o0aA4Ih0N^dG$2^-AMBAwX_DOHdB-Jr zV=02(AQwoLL;P^4lNyIHQf5YzBsqUT%6KRrq^(OH;h#JJhD&u`qj?HE_^QYw?;0Nu zV(Lo+=`^@{wyon3Y3$FJ;^hiITAD6S8GDJ%CTs%xYlqrO)cC(NSOZ!)uc6mc2_GXX zn=N46>r>1*Txp>52aUD-9S^NFH34%$M#vrEJ8vF#S=jWz8#E=5iZa8yv}A#y0ydTQ z&d~#Ic3?L+ycRQ$MX)O>L2OH&p`AIcIxXVTTKl_NMOGO|`#DT7|47^up*lsVM(Hvq72bo}H{VZm@O&T6UbOT-nnW_J9@g zu_Ps~vZStJ0vW!JN_h-MT~3)yIr`h#{rC5&&BV%`rP-Jar+?0(?k$ZJ9+F6t2UpDc zCs|CuV{)O5MV5U(;KZlnA=)oA+69F!#!U+^iWU0|JDvOue7QKlDWROu{iHr?dw4$5 z(uf?b6ebKYO?kwCg>3a3Fv>_!+PiPcmz~F735_kF4&C>TsPhz)ji6|>zVLFq91_lF zCqG)*MNy(y%C2m_MBkha)tzP-uJZEIIeo_N1p9j>#}H65L)O?r=0>+7-Mqu8R(l)c z2VdL0&_=&e->}e)h#h9X&ZwlV@CI_mcP~EuG&_&%#V?)Rt)Q`aHBl2(2#Msjc#pAk zG!K@QZVkv@&HUN|hR9tx^8<9z#-Cg(e3Y28-%zABpJYoy1u-IgCGWvIp(782K_EcZ zHArms-SXPG&q+qncA265Xbr$-k44cX4#SI#e6Nc2k*D^ejeUr!D_OcD3Eann!N<`e zEI87@D63VDvIR038w3=})(DlToy06y>?n0L3~@7DqVr-PsY{R%^TmDoM+JC0SGdDK zfId>LzX>98KP6JrQq3l#C0B^csx&pefn3Ao%0xu4Mv%1bV;uNO1*@EX*T!<@&joXz zUe2eRc>YE&+TJqh0PUiw4GF%uH^gzU+9=jh#E*#`RR8jijN>?}JpkR3#p@&{eUPmt z_&A}IHmagEWG2C`qd(yAM%!cXWQvD67yZLw6rF__t6nV z?v32;TGHBX6faR^&5;4D&oax+-`q$KZ-^O;`_SQ(lNtFU=n~QX>{t8R1{C-#4Y8lf z_!Rve<9>~J&f>RaR;5}!{#Veok*@p-JW3B8rZt&m!$+b(L7*V}H_&s&NSY0YgStOV z>Q-wN=o>VqGP$w(hQ>nZRQ4gZ*hl4O`Z|pwjKUb3V#wj8t`496!(3@X4_3JjO?Q>- z)VIMQR}BILte)i$s);jF!LTz7dX4sw6rW1aXR}D6-KOv$2W)vsh1Tq(A^rb30 zzpXs9LRz3)?M5@d)0A}~*Jr!rWRx|6fxZ12jp|f7!fK0T85t`|Q@rTjvIN0aTXRd>>088hAV9anvT! zR4R~Wb26LRKWFP>T_S);7Fa5rA!V}7mYJ8G_+{ldQu`8^?YIOo0HU6n00NJlkXVBH zLI9o@S8jfKSd#ZIiQDy8KVrS%SlgkZeXV=6eAxyXhMK$U<&PmhfwEOEN&q-adk+kj zo^I0!Yo|c4Mb+-+>_RLHj+rgwBsFXfSI~sH?pgXdMNahm7)8#a7j{XK0+)qlku#Gd zIro(tWlnHtV2?3!xjHA7%BZjp(@wBZCrD-4Duik4Ud==y(ssjSug z*MDks+EtV3U3IP-Ks@>~6ATR9hCUz)4KXItOQqJ3fh;5?MrS#SZ)aW zIb?h|qA8m&lS5Q9X=tg%$$9VibNM}(>|_ztFc|{-`w3k^Ca>3Wr_I!fq{Z9VN#z?p zWF1OK@lBjk0y=4q6q7;w=-(7)bvDGw{a5De z^HAA+Ua^7ZA1+>52cYy@p5Pm{hGs{iEOXO1rN*m6yZqVbr@)oCyRhz-p4pJ$AqlhU zGoNM7PRcC|R2A?1oKx|mQ$85ft-l(rLxQDJi5HDsM=(1Ny_CS zr6duXmE-=)TZI;*$0Tm+Gke$JtnqX+PIWVx1VwWM7iNX);dv`|PMv_R*Vb5ft=u*% zx<4+N5O8U?1Z4S2JHrL<27CH!V%%d6Wr^b7R-&8~3ZLkz5WiQr?3HTeZH=}rUM0#_%8Je#zZ$IOA06#Y z;fR2yU;{W)E+H>gS23x9wich2JidEoWvQvt7sl9u&>)W|ZQvnE77hTZKG8VB&PCB|yaO zYMzxkV!K0Vyf3x|6-4?o6?-@+V8*IJpg32>HXZGs`)+6sO1Y| zCU%Zxv=(Nf!hY2vA3R0aY6Nps;iU*7YKpI<$hX?_PP=ku^K?P>`)h&;kSoc%aU48}T z^m^;+sd2J|QQEh<&-+g{B1HDbf$J-8VXe;Z{eXNJUe4-L=p@P)9e-Ts;_+C%`{`%` zA8U~2<07E_LTXr&D1)(b(0U4)v_(5zgJ?xABOUFX(p)gN^fJ{XHO;*<`E^0LjD4Xq z^3$v;|Q{vBPV13iaoB$^lg*fn$c|OTcBG|YP z^O9R7IHJ|g9)aN%KUTz(M76kKj19>$@0DJR`im6tZm~V7UFOA6JYd;tQy%4^&Kp;? zS_~-TU;?ETn>I5=RkbfR%|Wre|usn~RY00;OkEu_h_M%U&; zV>F5LgEa(cv9W@{6Uz{jm`hb?A^H{YscXmmpb!R+cmEk$6qSb=KF+Wpv+U;vG|ZO3 z4!VST+UG}A)x(Jb!24Pf;29t2%GJr%fm@DoHJ!_Vyw%+EE?n!R- zHobH|li+Oyd}SS1yB~j`Gj(5Foc(_$jEJ+5jw}O{*cm*s+||RBhkOfXB9lziS**e~3`Qa?4cK z?g_YXOzi`>IofzS5>|%(%0<{4BuhtuSSZ^p*N~3wh`cL^#ho8BIL)MAAxAecF;x@Zp#M2psJ+;) zvnIULZlAyV4$NB>bV{tMRc*=S>%I+rYoeOR4k`zCCIF(UA;vD-wa)GJ0l#| z;tn&{@qgKRax1E;)0>8q4K$C4uUfx`s-__@7O{83SF%fUB7;$C+j5jVXjHwArP+N) zB-?1Nsr9lDehyoV#v7UO<>vc7T6?7L`#v*vx|eyo>Dt|~xV=%iy>Yp*YLa z%)|K`)gg7maEOG=3Ma%~G#yRGE&ZuQdNxyI#j3E^%0xuzmQ|JKiwP+4S3vHB?2Y60L?0YxQrBzzJLb>c>*OJ#O+h2utWwHUeS zBr(wCJVXo;%Js6FNYk6l)#!BkRqU9>s=h2TL!8tZ2`%urD)<1kt($paf^&VS`I#9o z#No#Mf=4^Y*xTWf(D_xDQ&p2XA{k(3*_qdIbG>PU1>>AQygU-j_Wn`^v)IN$-_3xa zhU0KPU+Oa0ug|rn!=FZOR_=+@&4RUgT(`FV$<)n4g%r^7LMiX&^L5^&$-={ft+#ry zCg{n-vcS!`6nErJyqFu~GygGe=CTZ5MX2Kii3;DXv(dvy#_R+IpqC?H#of~H)W!L2 z)=$9}=Ed04li9|dD$U QvYkovBIY6IWBPc}^P>myH|F`1_suBUt&@2k&n zfLQ!}qR!W1@TTr}Rs8f}nLT)DnK5fE$l{7@$Qm%9qI?KL^dsKzc!=P1M5*r59P z>tklxZa6}~V$D(fek-}|D14F@y>dtP!G|-(jl1$4Cg_2iDW#VWZKYqOpb^YA6K{8aPeZx-(_V|SPv6i*et`}X)?hJ&u{FLu+ z`NbZ;jtyOS(Bj~|Ir|ryo}=Y&bX*F#fpe<$@}*YdUnJS}`o23aWA5OH#<&nY0Fu)F zju7-|nRbqe8^5pSy=;pEy5;NAsrso$#g#7Y`g$DgM|ORBcVsVdJyXdd@PWax;^hH! z>a6?PK5#@J2jZIa>VNL=@At{;-DrootKZcseKkb>N8H|&q>PKVxQ%*+)6g{t0Ukkt zX6#RDcX}?-Eg=lI&mb7u=x^*#Ap{mhY%G@$%p*ZVh_B5;h_A^*2#=yLDvqW!%ID4{ zqD?4_OH(+2X6Y67ht4?vQ3y+_0c!rgd3n=WRLO*fOJX03U9%!}xu4G|C{mRdvx&y-T=S$2;#tmJh_SOPNu>m1gMh9Dw^y@A!y+sIbG~xb2Gm zo(95x&ZUG2&JYlUQ&+^uJ@5wWacPUf2f|tY+XTEzidx}L;O5uuZl%^{NUHX9A*Cy- zGU@5u+$X9c67?^RTYOPviL5kbp(R|u7rLn(9I1qfQaW>C@Q!{>X54m-Zo9HH>b8-> zKCt0mbKmg&IbT(JhiD-F7>VK0Wb2={!RQ4Q-WM@s-(QG;_h{BR<#P97B=i~yavt`E ziGDdP36BqT7I@zK(d~(Qi6<*XpgXX4N?m$3QX8(~C&@WrWgRN66-uI#j1RvzPVJAZNUn?*+trRAQFuRHtFvv4Fv zk1|K-rsQ7}BOQufk54vfPLldI6NqN*>C+c`3Mb#NcgVB;SMnFgYt>ng11B(Hzkpm3 zVF+o0FK|DUl61oY60`9xEj;l=S_kfr>9^^}#PX4=mDFZ{zfr%4XFBQH1B>~@ZPYVv z5OO7Xj?^AA8?iGjw815L>Ir?aA<-ERSVGjk;VmF7|J}rXAhvANIw0vz1748>Rn!H{ zKTOCj6U(5Tp9Opyy3oRipF$DjGWjp(SrFIboc8?Co?|QD`qxwF{&XU7s=?Qq9#4w5 z`!~Hy9TO<(wX#}1r6Ek21ZJv*S2s97F3{Qi&Amo*@^yY0ZkJ@uq&F zpa9%Wbvy(j&sAo;gpGNh7S}1ni1>A{nPWt<7|u69OVkr;OA|^2u4<_Me4M9GLeskK zb=PZLGv;2X)#}YYr1HbCwa0NHfGLWCrWz9gDQphWO_6KshyeD z@}m+bG#Pt0J49Qv56j;QX@TfkoJwkD6Dm;q?t^IB7Q*+@WIDz)h0X#GVPDC^Ku@%+ zpQ%1GEeR8~(zfuc41mJ%DxAZ?v(i%k38D}vBj+fU{6k+4=xRFnpkn13RRY<4y?>qv z6FQ%FRXhhUHeccTdb^j{KnKys1{|T+d-|COTFicZ5Vn$aPR-=-7WB#_k-ot1q-7JP z`=_*1VAd_`*Gp1%V)mP=VFqmoD6iU>(f-%E>%DDS@VJa$ub1EFZhz_M=mTH(>*`l6 zp`*^78LR&H0|u+EW5c4~(mdz?G=^3GTW1@W)N72be&+5=apTVl4Jg(X*WYe-vCyMa z?y64Fy->pmJo1Wl68hbzTd)DRU7(KX^7af4B16Bc&2z;`7vmU`$P)QWngvy^qr#W< zaIJ#L)e5Y75$_-1o1o`h0`MdspRkRU9;uyezk}azcL!ki9lc&pySodj_UAzj|MvU; znjgb9U%QnaOu&oa%cl}(lkM8I#RM6qB5K6W(HOA8}~zl@Sp zIM&gLl`Rbvd+N#dWif&^UB7a3tgQ*!e)ET(FqX6%2WX_lJ8+5`icR;&pXg=&v)jwq z7`r$nH;AyI3qKrXi@7jfUM4Hpxx98L=AP>mv(fCv9INia%l{n$P03<|W^R?l9%5}s z)bd+6@O>+*u1-YBzwWpEy7GBxUGJ=J7Bo{V}l3v$^gGn z3h-2}?fbg_d^&MB)BATS!|18x+%lI{SQ4|1l2^_yYK_-RNd6@F_JWt}RYz~5aq6EuiL^ z*et7DxS^}9U@uyBp()1F8G@0J`Ec?X%=+`3zpqod#KnXgJlBjTa8i64c&{;1WnQl7 zB7;rtvOwq43O>%}&cRGg(TKw;3uBLkxD=f-BShGxhX(|)XXa~XKc^CO#qwe1Ixt;` z+oaixv5ZXPek$d~na#IRE^~_f)N#Gu!^(Z_C$`vp?mZjAHvbDbb55T!li$-zpsB4t zJ_hyAH8w!qW-g*`D$WlmP*>L7%}gy<%z6uDN4V!jXhZi&3jVv^pOj0lBaPj`M zwJ9Chu@~jK?Z;kFa!Z+yP;VPOuZ0h+N3;fsQ#!+vSv`=`fvv2jsC-gVny*Qm2 zFMhFJv$XNcib#PLHN=~>n((tao~^C*7!F8l+65wN&qeHi}@W<$D}Czx{nNuVo$8<>eK)aNr>jFzxS!={uRtnp2UGkRhG4fJi0 z1K9ciF!Za9qvb@Gd}`8KrrEQkM?%<+ZTsm#>GfVk=7yf6O3I}6G3@eg?(!_U9FChQ zh4ltHJ?#z(E*Hl-dhAbjAYJFz+Nnsr;kWJbUG<{v8mH_OJd>FX^&IE6C37 z62=|tg(&M);t7WO&BR?NSn3wuCZ>J+P>=u6#ynHp33mg%aZQLqSO9uVN;e6q?^^K* zgKAwJn!JELne~!*lPl{L@->b+m2ttn2^38bRPN+!&q5`nd~)V zAKQyrumKR@BQ9qPdYG%A1sHXV{Wq@bonRGn41gX)K}9;#T5~YFi9{?FJb(j_HxW19 ziaWW;3wW3yLsG5}4T|YZ)fuHxOhc@vstjNNfk-g6%zvi9t$a3!6!0d1AfmM(NAU zIoq{T6Kxl%QdmDrl{_OK#cr_#P35JlofcC8JW=vw(gw{G;#=={KJQlQMOr-n*AywM zdS{qT&D1hQ1C>>!6}b1np6t%CDoDQZ1N z8t@EdwABUJMH?Qh><qaisKYrK^5m5 z`s8+sPo&K1=nx6i;4G@D#*{DKz7+1L<#wB{+cb!Oyfh1QOhmm`4N4eysU}K&3!3- zMop^#vl_``y1>1z@1HWhkWEK|~|LboAPV|oGfXwwR5Wf=+;;!tS?$@BiFn7nCe z+${GoiNVqzHtrl6Bhevy(xrLayOIgRc52u0@7t}88*S$2xhh-y(trlXXA4FvXR3?t z1ZZ4HfCDyl^U6o{ zxHNgS56|Z#l?D^rV$co?Irzl1D?Nvlw9aBR4jCKm5kgsOgy|P7K8Ygs`!yQ2-HB^j zoE30wbgA&)mvq#BQ|^(>P@g~`llqPQ6W6+ndIQtLe_!QR50l^9rPcbu8?An~m5#C8 zsRp$|q2?MjR#%4p;X`xZ3u>nKWyVh#Z7h72)ZLzT;Xef5r0iJ9Vr#ela=huJPG?%5 z6n4AEl*>+S+`Q1g!e{ZyPf|I?L6|}bOIW`d8B!MhU8-|GjmsM1XH>8mm0t#EoJsaD zOI51tH+3HkD}F2Vt;Ddo3!O+#I*I_Dd2BcgC~f+GB-6yvQRyH=0gx+PUh!#?|G^ax z0qMG80n{P@ZuLhQVTxY*y0zd=+=!iMs5~uFV9vymwDdLyWLt^Y-1TReXkwZ4bQX}R zHKCo=(wLY}vB>M5z;OCdDHNZ4yYew#*Qk`qSLEI9A|X19HX7h@KRBq(jXWD=wP96t z%Cb(|j1*XwN&O>Pc!Dxg$mtE3w^L550UtzdMuvQG=a;=X@q#V2RpE>SO&g_$Vbin+ zm$7FO#g9e^H2~3{9flZ`VFhBy4GsWWznVauLn)xh%U)KMU?I5ZN0#--+#*xUd$ZCh z(`_Jp&?U^G9k|mL0oTtGL~{G8_SNehtGoY@Dm7N1WkyQZU|bl0<9VZ6;&#*TL7rFT zM|Go3qG0jf%29#E@G(+kSQ4>=L+Cj+`vB&^VzcTO32&>X;#j>S@w@Gy3Upox5bA49 zBs0&qi;@$=%UJg2pG?uu=qSmr%r6?a$NfOV)0m}hXo0nNJo!&@b1QovEV_=HOTDl$ zuL@F&rsCLJn&6+Sh;(Ei^XA_o%#e%on)qCIKwYjSDyV08VF#bh2*@5u!XNs}atPH_ z5ayVVAWWuSH(Jw!SjNaQk0>2%&YjJw6Im&IEejE;emAW&tok2Y)!rTyy_m-*{UmLn z&@Y$#{cIaJ))tORZ=t3AN!((UcVs(eCz@*xw8{T6u6@lS-frxVHwPCKZ^lnsXLTL5 z+`-gHD{;DNI_33T0FZr4rgsw@qxwVwz$g~!nko{&q$`o*JKJINd75*1%PJL}&Bd5h z@Q|K7Y`oBRVcZr0U&X?-MCiL~LTZ~CG7Uy=(HT28hGX}tSc9Px7z|tMdKe5{Pr7~& z&=|Nv!F5pt1OJ`G9Sj{qFtA|-jY0auOfazJJh|Q-LOLQF@R(}0vbgtX12^BfXaDiV zdH&wqKgznkxu{{w`0qiZeI7UoSBRSF{9K)p&)>_X~oW-09I_653H2u6`+s zpCGut#+sf1*}mMRSUwb6$RZa^&R*f{ci{BzY{y6AldI_3VoT{0vJ9 z9U#~vnHaGqYd|9@P%i-J`4v6Lmccq~V-fWYlFsWSo>ZS5sXf}ahAEeRud`T{%eJ-7 z#jES04&M_+e?C2`ur6}F0oid_xnH|7juA&oVk5C;*eYF1PzOpo2=t5)l&;4bLv`b^b zL#6Ic_V51oD<*j?8+LVn#Yze z?H-m6_am*QgWYM=os$4;H-nDn6I~<2Y2bn;WP^EA)Z3g=i?9r?qh89oug;;KTWP2} z?-h!^M!E8p8lki5R%Pr2^13LQc9gm9dZ#!iY2uz?2o#3S>gnh{$9;fAoHS}6??MPu9r zK0#g=NZU)gOMx+#APh&)c@##6(b{Z(a&5dyQIGw~*%@|+C+KGUqgszC;SUb~ zb@o1w-8+}}XQPZ39nYYV>c=A-rXiFhne)Hxb6j5jX+2tQI0A)mnOFb5%T$l=!}1;V z_@3_=rgR2J*?8)uUyB;lHbv`UU>$&W8nXoWry zL`4Ep?!!;ug<%2P?B^N)SG|GGrd(ps-APHGKi7Xc+fTZ2uO!DFHOzKXzz4ufoXJmH zTOn2MmbBqyeL=EjaF9na#_dUn+el6N8LwIwts_gr@%3J`oyZDP-PbHye873i%zHN+ z$l0L9Q(r;Cwf%@ZCFX%pC9i&?fD^bKqv>TNL~SIlS{@h(BM21MLqp_^TfJHKB0gQy z&T%H{*DK!K)4WgI9?2jrvMRFku@a$O9Y`*d{v3NK^~G&G`acuf$i7uS8Hb5fyHw0* z6Ol{V99cTEQWyLj$#76VpP1dB_^Sr^68<_gcZ8eD}d?C z9rD#8nab=cskBCt+nm=s9vzihuT)$jEH8dF6-cYttJo4{zv$SS84Z~a%W{tIruKmm zpwqa*%UNZTSGTKLeMloy#~hpQ0+U7e)A#VpMY$N34~54;GCW-0GYrC>E&1U)!H0lKAE$K}^XeRpR@UhJ!NcG#wHsg4rqGt|O zS7k+&q#N?XZI+W?5DLBJ-`*hoK?4jMUy{|MRg>W?4WB2U zXEaJOOl{DJ*DS|OoEq>FsLGoS3jx9$tmV-f%&NGoGjT2m7{b{!`hQ!j9HfcYv^v}yTlLrRUA*q6#;ofTwdvm(l|7W|U?*JtV1;Xom@_d^Z{cVQhSCUvjnbT}b=!lImA90J zj;q-SBV--X~zAI3>26 zIz&HiezbyA5n=eaKc3G@A(8O;n9Wnr2-MGA#B< zz&@v;W;K*TEEUfw!?|5A%sm=_urhvIgD_+Y_)@NM7>d9>HC4;o8_)*BfSNSYdecPF z3eNODD1!Z7t%{MDvTJkdkcQVbvE|ZwQt=L+P>P-|=_0e5ETx6KOnSH(g^GL@jr{xP zWCu`1oX7r^>J+x`7hHBKFp9xT{cL@$e82Bts&!V(Qy{wSt|#U&CIn_?0e>#2x8Pce zEk%eW(Y^Xg9tdHZBqN7sz#yM@?p*NeEO+2jr4^+gGG_S;wqX0q8X))3MoOk-jXtS| z_x{}`+c8%v>8Q~8*m|k#ZTr_k%AgqW@8MIis)$p?eh!lgo=nKb=_o0wfnWbQr$613G0{@g|Ap7Z4QTCq{*W2g_#qB0~@UQgsf27R6JXy{@ zWVrHT-hlV+-ltw0<>g9wAE>nUrHdr$`bFBcdJ!#5+7Uz{8*S@x6sUROWzLjC>GF(f z*d5m5s0s`fgtZKuCyg{vDU+~RX!)IL3)kyqNI^tXtuYGDKNKbC87Lo5^Y*yL(*b&i``Sy!$@4&2F$ ztuq_Zf7qc{W8`Jh9n!qFj_P3(@12-SkxP7 zNZ3&?VHK6riF?PBoAp}k`9wLUep0%8e4-DV?+530Zgl)|YXS<3%ijq+xHm5DK&Gyr zZHuh$SScu;)sd{}k(7e;P-7+V$7pL_K3aT$PXNRXm3d>I@F~*HAS%?7f=>GS+`OZ& zP8$nKYU)ZdQK+JKC)qY7*mk@)r5T2bTXRrf7S0^kSym)y;8d`N^{=y%{%MUmHysBT zC~XNE!=YGk#ejEh1>cQ?*p6Jyv4gL-Ct}EOb|%}66c%y7iJc#S9b%hdj3+x*mUq~= zpRFhNck30CJd>nAmP*_uV%(XblKQY%)VU}#)!+zIofQQ2O-(Od+6wWR!4I0D!L-KT zO1hi4woZvM{mVL%Y}N;zI^U{bR6{J^R@E}qx0sl)XMOtSwV>_#LzFZRd808PF9*1rhu ztdt!5&{;@7cN>bLI4BWQu#0nTH1jmykVYkWihd*_z2+1MTOj(ju~MY+t~xYTQ7|+I zZ}|nyW=zsvf7l7KQcs!#Ad*Td;@I;w(-ubR5gP9_d(?l@tax?sR#4YTDYz32+;b{e z=ab>=z<8^ykUwyTY8fF4X=bW>2aC-EOO+a*xULym+?lGFBKHwL#ewc~pY3jC`~vwS zIpThz`>;3pxD&gzu{=tr+(4vyyYGYbJ&LMCgUbrCi0}wUMAztQxs;ZH6j zYDt8zyYj{1r6e?($e^ifRkBn<6I`kE?WlRpj=Gh@ua3!gpgm)%R?E3(UfB}VOZOr^ z&2r$T&SzO2FM;bxiqjxsP|XaU7MqWFE1}IH$Q<*(Wi|clGBO&PfZO8{CN`E9xLR1P zwa9yU{yFubyUo}@8b=rCVg##eX6a}tc0dC*sEPW+akcmPl00au-*PF#4|GWQw%S7N zOHWR%r}czMf&1R*IqdjC8(0B!Qu$wfp6}B<_tV4pC7C$ zBs%ryEQU?4blcP8=28JsH81$DjAhDIlIssrS3@8@k{Vpu9fA~PrQd^4;VkSIGV}r} zS$OhM5TZCafpqR76`aL@u3U1()$UF{ndT4x2N1TTJxR6iIMXWSRw?Liu-aE~rsT4( z+(6cD(Zk}{&e<;kLyjH~S*w{D6<=U4t3|OavitJ1EbHrhlpld*g7B)7sOSbN9AA?` z6^G3m*;|OZUk5vC)0;;;%YM}c7XjjINW)T)l5*v#FgjtSv!_XdEk8+lnD=PQVNj^s z2rg1hVvP7x73LBqRYWnMj~g+oIX^0exfvL(&?+d02zLZrt{XvHi#Nv5bcnj1{$izr zDlzlCptjX;#S?D<@56($x@QQG=clD<%LPR{kom?YmE|1**!a8$>tbwcv@~Y4S)6an zc(zw3q?6nXE=4=4V{jVRM=(EpnI!9o<0?Giq`e#$`7LH(KfhTua9#zZ+{5Qq^E$rj zwq5~1O^qjOLotK14Sod=4s)a}ro7zBdUk)skd+Gi=>dEOE_RO3MqGHkU9Pr)?_?{h zTur_29}57}EgCfF`DZq+>Ht3S+ge|JjU9VKVbk+~GH9TyR||%q0%^T(iLZ$Fv)>?u zRf6i{Eg518d~fY)+x)$fp<;O|zET~bqG|KS13JKzn>u%?)GPbqK%G4fxMH|P zO)AlmqqOcdgGNgBnpNjS$X?9MQ3b)=ESuKz&B7z_Cx+}BK4^U;Z*qHiOB#)sj#s6` z$L%MUjC78sze#*%EjrmSn2ICcZ2_OU$e5gIc4#Met#m~yo~T5$r}1}NNj(K$pJ?q8M3MH=Wq0c_Ea@Vj41 zT%jS4N_rZ7lo7JB$@JjM8|Ap6ebkkWf z$b-@SJG6>pJ3~>a{YC%PQ9YRBG?!|zvkHdmzzbjV(UEc2lh3nq@EM!<;&~G`=WIw~ z?x7$0pF_IV5%pR~@>>d=ipi6*-x45Xry9!xPhMF>NT&&#B!!I!CbwPgHB@!V(G+!D z1;CD1`Kw@8Ei*TZ0w;;4VYe(ddUudB;%IO0-+eJy3oE4fOO{_~+O9*Fya_Vj+GdzH z{_(oCW8`>oec)f%l`C8d(e;8M_4=dc7&Ia{gjX@=XV6DaGe5MMc;RHh z79^>Eh=vVGtk!Bi6Jleog63wf^a9OnH0bRf7rC^2O`NO2WGBpa!m0tRRG_IkCGOXs{75 zKHZY;0-H#emYB3Wz1e?-8>W*XdIiRStQlrvn5l?A1KBsarW%)xT2ll0?*=Nc(TY4E z^*?`M9uFKP3xAGZW_shRW|(RZ|F;?1(EScwcbMpo{Wcw_T0<(ZFWB?g6oeeR*ZV7HwnJ{L1`Y}qA~=Dr07BwH_-{g*(7~ALV`qWDCM>>Y@-#1#`W&TNH}i0wG)B#woEsv^tA2 z83EN*aLJ^l4tu6?X*w@tMmls^ejyTq&o??A38Kn4#@u3uUqSHv-E7B}4k#eWfA1f7 zd39MJ(549GO^^mA+?WdeYasumuVd^4sD>QvdW`@$PA;jQUlLpR!UZM7eM8 zPv=>Al;1LqGej7?^25bZvNt(A-X|M&5QfaG2Z4?1s)Qud4wbTQa!*$(z>UA_d~lE* z;H4=tq%G6BNal>sM~3#1kA{4c<3JrIQ07%I!n~lKJ9=6&*oA0W0;CM!A*Uwqs)G;C zZ+OQJ&LYQ9u?bWGGz~|m=UTV?iUUVt!k;#nIE%`2V#E=+ZEc1%LL!odQ7sUff25Vt zhPF&wbTut{$6aF+EC1G{P|;YNMwvt6xQI4_R-joIqab`L+5=?fdX_;2#WY3t$fY?7 z58z@SvWVW$B5x5rG~A0|P$`jd2Re}u-tb{9K+jwBf-&DR(q^ISy@}vG#;(TZZ)lH3J$ADnfmCeiG7&bZAsn~z8&0Rh110Ji=VKirtK9! zeN*4Cv8IAK(e-kU9EF3kzO6cx3#Aw5Pg=0*+^U%(Sp9>yszp?U8wbnh0k8%Pv~A1Q z<<37ulP%fLn@f%EeH@5b5Ka7xo8v7V86x|Y{ui)Fnmgjd5N)*gQjw8#gX9h}5);$1 z_>%3Vh;W#=__G+pY9WYO5D!cL_!xv@L}{%_R>sdgXxD6^Ex}k za*Ug_|2#e4*92d&l3Geaj`3|wjr7mKBi?n44+jqq$J+%P-nYHi+jY>H`d?KOOqpz|OFNwwQHM^dE;LxcCd|TO zS`SFu7n_Loly(mg(APxT+v(Ef(oILY8y!^qn8&e~x4HjpRWMP2WhhMdJDx4o2e$O+ zn4{p)?;Sv8FdHh0?62RXpF0?yS{{JF8Ma={CobAW>Q_g$z6@ezKu5opO%0W`3Kh~Z zL|*Sh9Bzbyp>rUwJ>jW^fiUn7_@%cb95oS|+x28M$bD~b%y8(ZvVv~!LmvM8$`u`a z-bCe-8DJbVbjx{V<$M-mJ=^typf$ce#h4gMS((2KWKU0Jau{gJOYUZ(UIyr$YV3Ww z6VH^U<1uLC-?>j~eUU>k{H0iP!vf;fYjJpm`XRo7s55xlqK@nS(9F^c=JlFq`i5OX zu~6;>no|5F9m?-2&GncD8Kz4e2&aPF5MZeW=;twTnWBW}sp{wML6rA73gZ|h2K(sC zI;5aL!2}nln3daHDcvf`U{SL(LiSDD3k*_lwqrm!UfMKdY%`)*mc?ov^xCNf(2aKt z&T1Q)3lXH8zKpbag4|U+MeWX#v^Zd-p{5ugbAycPZ+9WRgZJqzmxy2fRpHR=*?fQp z7fgA%kDr6` z(n=x~wJ1GtNfEV`Pyh2JM8cR`5c_8eDu-`lMgbyqUDrjzk1V%arZrCY$|Z7KTPNVk zoT_&fh?{p$8NpmBVfim~WB5mPVOQ}a%Vv+0-3Um!G<3o{{=%Nhh_zwC+xSd{z?XdP z@jjHHkzHSgX|<#~8@-ZebE36F4~BH`7YwW^Byf6jl5Q0r!W`DC@UU$l9o!$$S4)(c zJ=_5jIcc83Yn3V$e84>MYwkqTvuL%U8gu#Nqz2HbrFn6s-ty6~dc4U?)*0&`7}MNu zca^^t*Vp{?mOMQSR$8y?UZv)~F%XsxI+5x!bK!o`imK$`1qByP>t)3tS3h3@(yy*M zsSDm99WVQM%Cd-7v%pt8!`LFXBI&5pgP19&R{UUE^c#R>uW`)P@-zW0ymfAqk5e>i zA99)(u4pUX>=paimGF2;BwMRr>O@YBv7$an2Mq?116{*AK(&e-Hx#Rjp2JMQ51Crp z_^(+?FbJ7bTQ|I&AUNCFyfNy!{t?*Ev;0ft3QugBh1)P!0y~h#>b-VD&+px^xow9c zoKqCJFO?3(q)iMQAJ&=&1+*|gx2YPIc+^1+(i$tGUUY;i`RjE;lhzOmW$vtVS(q3P zGS<#QcS%c3L0ZwSR=u|fu=cXUBPRbcH6P0Eng_-)gWcL4qBpETf#LV7x}<+=2LbG$ zNo47A($h%67Y~Ktib40X0uB`lG-oYQb^wGx3?ndW*J0Zea`v$dfTN={gGqP7HuZNi z?k~eufdXDQ0s)J4PLxL$P$mR2*tj)p5{Y70GZ=Kx({jR}GxEd3CL+{zZNMbpvlUqg zgp@_^(wu@+rv{lSS2WJ;K-8#)gB17&a2LW5piKg)vNDSDXAsd#+{^xZK{z@BO8M(e!vWz2A&jO9N;4#VXYA848`O5KT)uv#0 z81&jQXa(`EA%Twxr+3G_TWg>PXHn2%wnc8sy7yWc8VDT!BnqW0>a;Uf!VNmJ3-(&= zz+?H9GutHUhGH64wU=OKXGGSy?4dkL34?2gUIRe*@4DGee(&`4nY(d=K&vWy!zJ0u zg$^W9rK%P_JI8hH`rcVCTHr~LdNK3sr>YuW%^UAu)#?E-MAiUivzW zMU!HQj|19}i|C6}-^rX$$S7Fe#V>f$0Lo}yh+CKgvh1j8-#bk~mXB1~y0CLQK+Y^(_roQB;H~nq0^X z>J^_wTKxclnCn6?$~KYbhC26=WSS-y{FhPK!b-8|e(2|6p$aN#{Xx-IS{ z*nk5lfB#h0&5^GG zpke{QS@3FXPTTG3Pnl={5ru%@S@3><6a5ZWz0j+wJ**iu!ND3Yd*Z@xQnz1p`Dd}@ zh~G9GGll1EyjclZ9|&4jn3U*hybNw^-JSufYw4;`EmbHM(F2ZU zeAvWg|E93aSn#)&y?ziBUbr^_WMJ&oKn!{ql#K;)`iOw8;OU(x3lGuz%DB0?8Xm!6 z2_bpV`7pKVtdQ*7l*86DKSghQYg|!n;ejlpvla*wRZ9B>S2HnMVb^V2T830dRE7pk zBnWmVDDBZy`xkb+BBQ3usfmBZRyVfuD}yEK!7F)NBg-D(9|XY#NY<92KbMe|hT|u! zlxLK;ky7*{>!cDH0ehsV48E@-8-Gd+)$f8RYRyoM9wH!@%uoEcXzlC?PaGObVP{NT zp9^dv;TU;#QS{VbYRy$7pE5cqX@F?!9g5xgoNiK``2?=Nh8p2}6|nC@w`$R^nFIvgm{ZY6jz6 zRcG#g_lY{`Er2`lx;J1D++8fV=t`LsQrBnee))1P60?`*P_iq)0~N17w10vt%7=o> zQjF!Pk!64j@Ee}99k%jT|;sE(mU!X%Q-`Q+~p_>Z7M z*@xJcivey#DwXt7?WU>1;atk55HM;G-!3~bHQZ3g7BJOH;?AIQ7L2k#OQ92}2SvyN z8w0^J$&%K6O;8+?hvrI<)hiI%mep8lrDzl#25V45XbS4YlGSSZ*4b#xCkm;#092Qj zNut8>!na}HyHl?;E_0cUw8QUNPI}`x+ge&G^@x|my4F zO)J0Y?Ol{My-MfY-@wfu4nCnY=@a~Brw;AHIxUu0jY8=G#^-Ut{X`--qcgcBn2!WG?=?k}zDk0>53Yumxy2wDfmIC!nH$mC zpbMw5p;cZ3;Oc`ua{LSeC%8y5XwB+!qCg zgOI0{kYmD|MM(D=j>@eO01vK2dR$-2l;D4xSY=-(Kn9!+6A%p64n4jO)5#$rh_3;U zCo{Fhdr~Re5u6`$sNvR8KK%qA8PnwRRX_k#|TCI>py_IVY*4t+M zky6j5;_j3DUCaQVczcZ!gUqMTP&J(O71CSpj*MMFUh*N{F;eT}YSCj$ZM@XFwMD1A z1iY_!1yyjqcUOjsnsGk1E6?-iUwO!I0j8fgdR7wm_PKYj#6T3MkH`o|Yt zs^BgS7ck>2Y@d4faI7DE_P4zHqbfAS~f4cR_i@7js zL~zYbGcc>fulfNw)(ICz>BKjbQwCV-L@v&8AN4#B!7&@ieVV+QFEYIWCW8-MeVQQ7 zUbJds^nw8vhfEN869dD<#w^x0ln99+W~aVWH>}Nan|VJSl<|CB~f;uF1y!9-rhUlq14@O?Q}xkw8%2LHU4S0pZIB21%y8@gStzJP+siiK%$ zW5MK}T$8~C(^6u{utsfj{3lj<29UDhnvO^QI}Cc#7nfvrFb#5zz*W;EfesW>A`%ga zo(E^^Z&=HM3v^5tYa&)&p(n_bMK#~V-t#(fH$%*HtC>CmzDS^WKZPaIbofGxf7mLa zvg*#Mu42E%zoBgEw?2F zIfH7_5qa4RYA2%GZVw~Kd7Pe}aulENhJbf+z*5WXRXBW&huCh^Uw>VRQ5}?%kJoXT z>#MXVi{-SY^dp)Rtdm$Gw{eRNh&kyThgx97K8E&Q+&I)v=E@cPz^MvnPtoQ3Ab=;za*MaZ|PNvhGYv76;Dk4L6_!od=51p z3WrM9bN9tL7fWNrE?jbcZpf$CrEOKOZ)~oXvu8b>eW(WrzVe|tVQ-XJMvW{A0E5ct zr!gF7J>HZSH`W)Ds7-6;P(Ri`BhC5s6c>UlxM!hmqEjO#ZX6KMAd&lOqA8LC*!sam z(po8m+xkw~&3Gf;fb#$+BXu*R^L@lCEP|6mL>vpMr+utFTvCiq30X1>3YEq;w6BVI zr%c`+XF6@x`tUTPP2TyyIDXw6mK0b&8@zIMI=@QWfy1uufswh!cH z7b3R^ZbQ*Q`)$)kup)es`Q1Ox%Cnno_z}3pEvUJ*k-i`|B%=8j#cE-W@Q*fDJEn@f z{`LIl^T0b!s1Ap?PfutOde7;&3{>$fkj)n5bNxSQ$ zSbLEGcn5BB#g$~ro^)Gom+mYURV5zH(hnNFv}H!FUvhPLwVI8;lZBNJU%{V zq*sbCe^_O~Rxm{G1HfjYtMa5_f%H_#I)J@WJs6rZxC^@1_aMvo!u;$&!IHJAE5;;# z@y?uq;Bi}iV4*y_slIDbIvP#YB8w)Jc0m&bcCV~)z?`5j`_b&}K;+OH`S(|1Iv6T~ zt~~J$+lXuFKe zpWHGu9{p^XL}(-e7P_zOy$LO+1@@!@*Ku2|6M)Dg851V3 zHqZqjReLV37end2K9=n=eMDE2xmf+9Ddd>`ryCr5F@yXPd>>z8f&9}PC|$NL{~d+_ zZF12O{Vqd}V8+;|#GXwWPu)}}9ir$lg?B*{i8N#I2P0;K5MS4JQr-?zuN>5K^;C(yjRKqVA@4AVbD~U zADrP}ZEznt#rjK;bQ%+(BGYHD@R@=HeK{3@P#hNW2CtZc8Q-ouaeu+!~*CW!LVb#{C2*Zk?8 z)j%4$gu3x{+A;L_yI}GDcj@=@6W%PFQ;}Jo+WW?ePpTBzm;CIYQBKA0TC=r>-)SIV zT{~NmQj8hHLzH>LNGMV$S!oSYireAG3boVE-?aLTT7W)O=`R!rY z`w@)6nnD~qW@T!7V2Xb>0Q%*9%iyYXbU!VcqoY>rDccF(z&Qguky`g{Qm@%GAHl2e zhy}fvOmuTLzVw)g^75oQJP`M`4!I#zAbm8|h!6C#2xbfoayB%Y;=z~FtL{S?Ib#~j z?$&iHD-~Q)%5X7?y$lG^J)4{k1y=%YIr}dOF|*nO(L)z(#~74lY*_|59bySNOCd}9 z5&Z5kNr>SS^@kj3790?P1FUe%bz7Z~XPtrW{t5?|h|vCp?;*@3Ec|G&(#zL}{FAPA z=hzyQ`bC`Ez)_%U$C{<&Gt}71fqAm0D!+ggnEJ&=$~Kqks7Kp7dwH)}emQ{AmdqEH z!>s>fgsO*4IH|7-N{(6E@f=#GxW=6iS@KGDC+EBbQ_Y9B*2QBuDONJy*uO#afEYP< zd|76XfJa#w!|Eg!wNXux7QjDj+)bUjYXqqy89bg-5e40L2a3I8UwR zK%+q`FAEXv8Sj^mHA(h6|E&i7=N~h(;{J=E*`9yfvy(9_8sN8r&ZV&AI6j64jx@Ry ziKBubtQ%m2#Z8YM3}hB+@gCIUlBubZ0Cz9=5w9NNvt#w5J4ln~P~NFv5#4K94e|DQ zKTj?=iL=+_3ycoiw}A4cOCBj@oUlHUubps{-3x38M0PrK7|2w=dh+#`KZxba%xda5 zU_E-OfxV@d>q=)q^2AqUremSBuGtLtVln3odJi0uk2$g@<+nWe%-eaUpL1UqGFBaY z#1r~(TAAd^aBkpLi^Q*?ViBau!7PSo-J1zo5bk23R$4Vp{7|C2 z<5UeuM#H3sh@~y>Akn8{Z`V+g5?g23*oR>}zJ_&F&r(5B!3s5c2}&S1`O#0bTQnLk zl^IeEEup5(kRXzUOcKFI<#)~kt=U4gCUp_-TM(*D zF>DK6rd9yPfaYr*Ig;s9&|LTIX|HlG41IVu_}7~c)KaE?dQz_UVezb*u&UDYNIeIy zQXEdj|O zXU3CHCuPokVu4SWSM@Xfl%OKEjWT2bSrIS38Ixr*_Z@8v`NON%Lvj zsmBLt|4OerV4xc;mI`^07c}y53I|Q*NshmVP=N-8%k6!I3qk+dm*0g)o45-p?_Lzn^qR z-?fD5xq!rkEQy6@Ud3@HuCdpQh(7xcSMRT|jQpEbqafI#4s0Gym*+L$sg9le$7Geg zP+MJ%H{rf{a%)<^(sAe8A#OA&>Afo62x2&X9=XZnvvXZ_lBfKPlt;PJc3+iJak|T) zyA8QZ;reorBs{30@5xVaTsb&nVn4Wq0%`Y|9+(~+iBf@$b$-@IO5>dLXqc{|7aZt+be=_eH883P`KusUSV!zO~uMx;k`tNvq44VHPK zlq{)Uq)&J57P+s?zIMrfi=m-|LS0u52`bAJ~YAG`#>F1^8zF={B=iW_U zDql~oWt03(*15c#Xz!&d#J#mW&U&P$WW`QIZ^o~vYKuCiKxZr85+P^ ztJ`-`mYKtGqY&!eMOi#$NP}hF6ku9n7+>8V^4>3^<<;#4c{>9sBCQe$9p%ma-Gu`E zZ@s*k@;`1h{QX9PKo!@h0by=YR~v$__Mu62_%gy8olft&@(+Hk)zH2`N>;PAUpbb_ zmcs`)1CyK4&&T@ri^Y9Rwoa_1z1m03o6HPdv9W?bi91W#!(1Swp>ME_24=_xatKf- zc^nm(_E2$|I_jo=GgU8JN@k)8i6FT>i7W37d;% z`p4|l>7kO$u7SgOjYhF{21{gmI1989caAOf{=dqbvvnp&vTW+tteWI>G-^FFx(t98 zu1t^X{jJ&tC%VLwAYRd2Yp7jlm3Wu4Una~U3U*w|bQ_bbJELu`=a;($`1p9vOI8ig zj{I(335{mem@k;KldlIL(_Q3z!;uCRph{*{x><|fo_z6O7~tSI;O_Nr1@URo=-#g* zCnSxIT){AU11I6^hJH)s9Ud1_YV;S_22f_O+I;F>A(g=yEOyfQy?8;>rY92#1lzdm zyK5!mPOmRs~D@&E#~Z3LbK&7!Wpw6i~qd6^8qYMWl%5bfa{1TtGnb2;W|C>E=^ z&;`KxSEHG05ALg1-9qr=4bQ0`Q&4WRFyUt)8zpCseG(&OeG;X^a#kv)xP46M!(&$I z_x1Vm(Yd4JvUB6nmV4LJ#i%aQS;hSEkzkG@O%SagAb?&+Yn${Un~S1`yh1`B^9SJ) z_j+Jmo;8_T_IlH4&CAAxo%~*SZm1(?-%w<{D!f>3O{pThX-4 z`?3F%!88@1`0NIb3WnwD#CXQ|umjrw-fRwOgNx*cB8YlB7oP&aa%TrCYoOt?tQ>T% zb;*78G*Q!6`^UJ{spiWh4QIu+_X3@E76+M#ZOo2{OVFq zM=>hUptXRy31ux>?3Vfxa3Vplt0OAzW9+Smkzo9OecefgR5e*ls|ZNKKK*Y#xtA)Yd! zc|x;L@~dD3twGT;JGk84EPLd@ss+Mmvcwo}?BGvW4C?5nOm3NWPLpD7I?78;ZfHhD zVh#kzHQi>TxidCtiJf4Jy`#dc2tuu>ghL79Lb*`d^o{|e!xKHrl$;oL;~L&Ddtn#$ z-{@lK9i?RsrDVr+Y)H!L-~9_&qJsD5`r;1|stoV~e+ zuz*}D8Tvrbkkg|gv&}HZzH6YSgpm{HCm@<-na#=dI<1l8AtT4W-DgdjlDbi=wZX74 z>*8~1x_~rkF0>wh=uHU-G*A_wX&q~`f}tgG$+DajEG?5E6eZQ82oQ1>s^5?!;MwL; zZI6#IpGd^r=zI<*8(|jbgx#@XO>(IaX%YB8Rf;bJc(vy)q72k9n4i^TIy*SBD$Ws@ zO=J{Le_UJo*Dqf6+0wVswJ+g+-UvQu48NGSon1fI+9`^$llK{KVHRM{{`xd9qksM4 z^@~?0W-VTynpFu5;jaTjxc{XcX%AdrU1g zN(v1dAPC!278a5m;R}KY@>bd2i`{~J#lGaM;DDj+Menb`Td|^Rhr((Zc$wQXP_T?q z)wU|YNNx&7p`zYBZDBzDQL0JCnb6mrcuTbfI)|6NQ-yuWWnnYS3YsuABUfc^VXk|z z&y9@yd8u{&naF~CUKDxqxt%JzBjKljyVUWOX|Y|!=%?{Su3T(W%z9LBV+54pxqbzL zwxHWio67Z)A$wEx)iX5ndGU9iZ?QJ!XWJ|Q6KO8F=t$wL&HkNz6=Q9zcN_@;(hIMA zaztLpJKkMqi3@8KB!4v0^Pk@Q(X2vi{wesezGY&emv2aW`Nn|>E*VW(SDMI}sJ}tc zx3*Z{_^2ib*t2ROoFuB;paPubj!r=eSbVxXH|OR*udgp121f^R4Ft1sp;%IO8DeS^ zxR{faD=-bXs|}a|7>Y^-poh?w;gNzR-LOA6rW+|U)|!T>jF7~|;(bA(m5#0I22+lK zP>ujju1)`nxje!`-q0JKalIzgmfQiNukdX_$m_giKUm)lCG$*Djj?hsiCz}6Tr9gB zOiv8Ec?-m5%~wp8F^uJdjqLG>nt0K;s`U5N;tQbFg6hslM*Q92g1-ERTZhwiwI-+c z!N1es-^<|NtKi=%{9K*>$7%c04dwD>s!LeeSg7l7uZR^)w1h(l_E}|tmF%V5KK()d zme9x=#^pau}7>4EB zy#o7KULHYoW;C&y2bv%PtpU8?m@|&bM=GIY7Q8q$+6j8=`$37H6^x;IJS!Mo&+`q} zc>dXLxMv09S;2T#Fq-c^v)^a-+xX0Hg%1DDI2wry($^b z@p*O2^B=%J5jn57=mT}x;i2jQJb6H~h@qTYw%%=_5sc+Ytn)2fUk%*q12=lxyoQye z!Li5P_k(x+f$sS&?)XS?(Ok+Hr&X= zXC&snj=QUe@9F+KI_iGj=5AimFF#;ih)53FdlFq_1=gp4i|qQ_D_41t4!xA~VDgF7;H-r_%KE!v1k1 zOOYxY-*M|Xoj-;Sq_(JXy4G__o(+HYD{zSgL(ftKe? z*rEuS7gc-B+9r;3zq-dQEqklP#Fnoqn5UW)bAu6$2w<47khakk-x%;|!5hyKS;yV+h<69O;#l|2Uq#P!2lEcNKMATD-GhB915 zoBm=G0O^|0!rayaSWmvR&xgi9Kid55vXwu$r*0qt6jUzAtJ$j|jHyp7DGSB#*e6C) zC`ec(VqVNIU8<~v{Ni`QW_>gV>Fwq)S}0oTnQv$Rw$f4>l({lL?}QQ@#zyJU2pZ-& zu5ie%gb4FyDR-8)9z|gna%XToTffA#H+31zx+vKMKe{itW)bMbp{8N>2o z@YDVo_t{N~CK2sA_f4vFGg97MRIQ6WyA`imQjzxM1^e-4-2x*>5#gbLHJXH#y)16t ziczpno0IR(L9hk!J>cdd0|}3_%ZsihUBRRsINXY+-8RQyw$-A|Du|h8Kh?2s^fbPg ziA7v6jr)v73nx>tOsj`hL+b3LIaJS(HpbaL9zUGU9)^cmFZ0GMW*gx9ATpb#@cX_x zYgAwjYcC>Il8lxf#=@G&sp_=_4R5323B#-#f7aOzaP|{fG^pFvqHE#e@gr^s>lWF$ z0@5?fRUsY8xjzb9Gig=c9733~QWJ;`l`Q2+=vZ~jRZ)EU=!l$P3&)BSQg&mI$F9J; zFZs@8z21GvDaiNv11!g%EjFj(E1uCJgUG`xoDBGYn7HGGL`07}S|GZFbu=YRk^k?> z4`-kL_VMh)yHgPNm>Ydn3pX5L(A>WFh`4c^O#r^{=3&OQDs@S-Y)#k~z}&jqRwNlf zYjBE1>$jpEVq{AQ23(dMwAE-u)%N77?#WW;Wt#vW+84lw1P#o5cb+SCE3+-Fy51i_ zQLR_XGTWEBLk7k&EHe$o^V)q_wr06fcm-0i4z56Zu5;OXKnDvo-m7;RRhlP%&SY|H z=DsrsR9l<1H4x`N}K zgP~_}@Of)SX72X%jTzVG(77V1e+O{`(Rc(%iB*}AsV-QzFxI*%;I*c(JSi_&qN_2p z8#PN5pV50YOXP~2UtN&2;CJn|3VcSoqZLy63wt(xL+=&CA>NoFny75Cz}6gGAQ&2ClafeOl)Bl1mon&H(-dt_Fx!%?DoHxh5Oly zl-<2hDSb78;VB!5QJ)J{q;RFI6(JLb?d z%pqT6JWY?x6o(s4qOhY$guRB0qz>1fD=1x*77%1E@$O;OD~f4tk)!IS^}Y@s1U*qm^zUWCj8wF<0OlHMN?qo2@|J3f!WVKbE04o9W(24kDEtgxjTWDL z$D?GXV8CXPy64p@C>eS~Ny)SlDJ#XuF9}GMiw`o57h;ZsAGxdOKh4UX6jHcu}u-Cyqe=N9Wvo zMB>>42*Xj^bIV0CnQ5N4!e&+voDM^aP^ZWdno;|K z5tFwJ?a%2OS4wt}Sb?%z8~Z>7U6`hTW0DpA3Fl$B#S=8z3;#14c7fsCis{o?&GM{Z z8Fpq|aU!8THQ*Q8x9qs#oFgaZyBFZ}JDpW-BZxS!#LM2+&1w0xgXkF}3Jyyyj>-4F z@cpNYog|ySw3$(ojcKS=vVkwISaHV_b|B#fy4XUvf!}Q*+!$7S5aH%vDpvYSJti*2 zd6alm{lp0up#MWzf16>nq(1znKdl3a*qWcondR2dwjteieCGNL2bd`E;&JnHzi`vT zD+4|zJuD+~NW-kDTHx+i+!(iIPYKJH^PMX%npWOl)s6kop%m=6Djh8|~@G%RJkauAsD=D~^U3k6YmM?724E2*E z4e}xQl#)bd83NdvLk0`%em2&iU=jb-?DpTlq+pE)FL2Rbe0q2G_QSi`D*eq;-cPlh zmWoYzU*^+5m1z>6yER;Gnrv5bnqZ7{r<ZHbW0;}+%RIHd`^G{@Thi-Ei>nGL$w7u=xeq!^srL`aXs0}Bf z)?vGx)YH1wn7sSwiyMn36N9u8kFzosWo0{zm4`!Ec`$sHZP8U83tMH>4L=APvK?fI z;br^c3Z^YXOftOx3&&*(no5Q5n8m4`cbcv`GB4coM0n}28Zsba4yzbkq}^K*tztkc zbrr*YX5G9#e1A=$&%-IHE!5>)N9Gw;N)m|JYipAsZx@dD&Zh6$_-p1a^?8EJGU=c{4yfL6h~% zU}ZkJ;ksh;ifNLwV#T34AS5g#Ht`9BDI+-9<|2hKL1dy`5pr_F^gUyOynOlcCCKS7 z|L})D5LpmPQkL-5=8N#w?_YIPA9K(DKKt;k#Vu0gM(U;Q)%>{Du$qwnb@koH3Voyg zEeP{|S^E17Eub&|^>@D;cpGGW39vOmPEzjjYlPHp#ZudX z?uLFdo@iwInE8#H?s7n&A1`7L_$5*{AsN4AWUl^F$TFXJPm4_)v0yXUQAJa#uV(wc z!)6EF4`U7tG}e&QZT<4wTDe3QJq2-vc1U!Z*snDvK1=Nji0Fz`KpnGoF+GA$)w%;=1Do@GKw?c|3#YW4R zqdL$!@MRb%g}Lxr9u(y9*`!TZV8QN+U)+A@Oo%VRbZNH&6Jkq|F{Nw@=!zD%EcN_z z2KkoCWvmY9J{dJ~AlfGAx&}-Ea3izXF){;LV9qX{Uh{e1DT;8rHA)!fhK%rSyz`En}z}G82k8#Q3 z(~h8I4{a#kI4;@`Pf|UHy*u$a*bRzL>^+K4+--`_kgpt{@dw0t)o}qVV?^FJ_X`Wg zJ`lkj6Now&mbK#1pf^fprN+j`{5<5$Fff)e$lxAg$IXTUP7e1Xvfa2=qFLF#u-vCG z*Z#XQPH8@92*;3FD9$7_hHS^1f*!^U^dKgnZOlK9Vfu+WE-|>!HOg>5@JWeVSJVNi zH@=`ljM+HiG>$i4C5p!xPZTF7=ROzT#co~*&5Aiq*lB1~Vfm7+SV6OH1GxRYONO_g zNk$d6q(|5n%?h&@l{>6cdWbT$KofhjvOsI@UK0V!sD_KP!>OszVAOw{&ZPh`0nYGR zmIb<(z2`BJMPY;z=#(l_u!YgI3Q);xp@PzUuycOMLA-t5t=E$Y)7y>}5A#Ca@zhC& zA*17p; z+-gtE?e2aM-~|CBB+&A+i|yIP_D}3$J6L!^h3!ZKsJ;f+v%Ps^ZtsCe=^bT2=NmlJ zy5KjZ?mzJrCe>vmhlt$j@y^U@z##iEWiNuMUH>FtVij~%{Td&-BW%o+7ob3P!VixX zNo7(3{=47ODnJM=Rl}RpOWYCJhkb&_U=OLh7lyT+U3TV!*K@(E_e0^_eN4>f^hTE2 zWe4{7IyW7oPuBt3W{I`6IQtx&m6dgL>(BnwXMbw@^Q-iyUZBI&+?W|x03}#sDh_$G ze{sh8vfftg3?=<$c65K8huWe@doC;cbEDK>E>jdb_v96Wwg%L>mN_3+xq(+uybqni zf#*4w1BPIHK&YWYNWA{kgkbvVj;1q_ue*^0tH-|~+CeC5Uqj^>C)F{lW}H+(;j z;MNZG@cnjTO%&s+1Rf8uXcxspLcc+|#(l3y##bD0a#G+LObvMH@HxSs&62#F*d}Hx zwvxqq;+rvF*4njiAdGub76lVJTMwg6RL?kh$WM9*)uejrXR31Eff?A}x4=hj?qPrE zT=jTAsrfAvcjS&1t%b8TpOGR^%I~<6y>7eep`?w|^~-AT{~AoVfguN%-)k$z)Cl70aJM}s2(kI!4abB42Pr=EE!HHp z7O(Y|07^T;3d8VH-o+TBFq2ry`-(k}L`;I#!qvJ5?0Sod?*dBfYp$jXO>R*o^2<47 z4XlBlA0639fEA;{Tah8+L#FIl`FF9~XrnH=4Q+hjiEZT62$ml}syHZO^uX4VXjB&d zclNE3mU>-KLsxSAMI3$oj!K+$lW?ItT7oiaam?lTrPHNbmU<_OTNZ1wk=BHz!OmyBHb z)vByQ==Qdns478qu_LhJxST_DgO^~HuLd*fFbba4Pot|{;TN+MHq!2~&(D*TthSV= zhHpd{?YHxl=o+fuiD5m9dZ-|Ek#7Ec4#8$zdxMX?M3Z%5fwXw7iVk*{+Jg05ld1VX zXBcu`y&E>iU>^JpsO3FM6q>j)rXiJy`FcheS+tUOy#*V;SJvsudl)J`t>p+S)Q|;Z zDW*?l)o6=S^o;f9)Rjqx11yZ1QkAv>J5<5UvIF2)Ay-5RnyaPMU>~75O}OrjK-UFL zpmaJo@L+`9!%0qUNPW1^_2e+UEM&P@LcSBem1I<5I$F2?xwT!Z#VeAo1zqvP*A^+{ z9amghKN0lTH$_S=eYps9TAgQo;_44z({tH<>8#wPW(lKbl4o%I6DmNO1rxlX4>;$WGweG(K`|8nI^M~O zuCOfqE+N}@6-iyQRi073w;+)p0~3GX4>r7migZddL%)|loZECnJoV8*VAqbX3txKD zh>EQT9^e9RSegcP{)S9J@?NmQ5y#~Z=M%zbZ07#*&A7Wp%LS$}xYVS6ueMBQIEB!D z9=7}Wk7jb_+dobJ7!-s0(`R$74MaeGZu}w)q4y=vKVQo9Drd>e)G*kV9W*kZ|81-ZSi*GglZ<>D(@&ZSv@xE7@7wDKw(Wzzyykj8WW-=;tuz* zP4k=y!oF|?utm7Curbs|^*dR|bZGY4Ls<1iX%R5^XBqiQNd1*3ZWp`=LX9N!PI6an z)NlX+E{1``b-QCXYqH`>(_1zpS4P$e!zFMZ1%Wa|EG4DTygLDeSdGH>56ck9L6E9m zCgwWN3pRBU7rr%MDX<04+zM1{H}Ryrq^Qp4DKu;2c_R+pM!3A0yA(+!SHZ@r8Tkkz zQ`S$k7^sBS3hRjyEMZE~VvT{#T)U9;Qn7iNf#le~090V{)`BHcC|#5Z>=Y$8g}h~= z$`2V}VqxTU6&q`01tCeYq+-E5XaE+zzFCuRypqvBaq0Jh&W#AqHEha_5nY^zu77}^ zd;s_=aO4S|?ITux#WYQ+ro-{_;~ZNbsIO^iV{l+WgV-D^6*yHx<~#&jxcuRKun*8J zU=0BlO&eOYZeiF@%qwv5?xuU!8!}3klC+GnT33vA$ln!hiZ){6z8C$vLa9jVA>FO= z>kNLtgysbcfHVfXv3petJR9|0!);wKt*W3iz%k%4gKcG6l?S|>8tF4BRL z_F6NS_s~X;aa&?B-w!g4^Kp)M64$z@Qfx3&OM#^hUx0WBRYU(krn{uwwXN&VmS&?$ zMxOebeK4dc3~Bl*qVtGYN%xF&QO3Da+_Pm4w|fjfy^40oZ9@%J5BBD=F)==3%I5Vl zZn$CGihfm-)~xLAZ5^20b>fU4GrR2$Tdn^3=@uP=klC)AN40ig14W$@V-$x1oDeR- z)*PEcW*IABxvcS{0qp}doe|%{^*Qq zXJU;D^)?^~G-r{88IIAq1ii_O^bin@A4}u<)iQYN6Pw2^0oeP(pT)J0_jm1wvnoK> zss)jdvhJ}|P-~_h2-oN_gluXZWlX>0LR=u|7ed?O-rkNy5VSNwKTi2vz#mQ~@c#ZA zW)5Hl?iIJx1eZJPqb2OHqVjK`QkQiOx(se}*PLBm;K<_peGf-_ZG}C( z;hEG%<&#+>n;#whGE`qMd}><>OX3`I*27!hmFN|Tgl4Or(X))ns&!9omSMFiXKHz( zvy6{U0q7atV>1k295lLwgN+Ph*)5El)Vbi{>?ptxEnN^@2DZ2d?Y3Nrd9C?$mgjW`bD61dn#WDDnW5-iY$D0k{b zIK_O4O%=z_hz+}-rIstIc>>ltJ`bE`D_=&)$5!B-4$_2O;}OTCUGUp-k%D!xt6pCM zH@!fv88O~#2c$ssvS5txl~G416x^SCWDMu!?AxPQ{q9Hbiw7;Coioeiy(0QvdfQRu zC$lgLlX{1dm#=NvuvoK~0dJg`^LNj(%>1{HLq;XMw9bt$1m@p!!RB)+K}Im#RyWimM#@Y<>)-o;p9#k2DDAYbQDA!a zbUhPHTRbLbBL3w1{Yznl9II6XXUZL92bvZ1q9xu;RqOzKeypsw+I$bGwxkAAKO!6ne`Bj@Xe7@JA%o0^5We|ZIhKpA(?BYqgn3GQ| zk$0@X?SJnl6sbS0QN1fob*buz9tn7$AJ`-5_w@jR7-j*)vik9u zWwl?&XMmC|vp~sqnV{sUrUlfWJtSR{9WLx|F=GUOeq-5;OK_=@auT`9OU(jyWSK(z zH8t|=)Bpirtf-(1Huc?4tK60sqi(5an>O)@=g$Y}`5+BHpDeXBkCMH|`;O9BRnFe$ zwm+_jTyd?L3zGFmV?wyD<*D1l4t98qcV%CEHPuRZjvfXms`p%>SS$!%DOIK9?&HC!j$! zQpHoue{lYsLs*Q!k@N105qtqpX)Eot*+?BH50)aDw)`@NVl9RMhMz=%4!h^<CpMJU7J0TWj~E8VqF1%3OmoB7u=Qsw z)!`FWHYn+2%$ke$RGThEXIJ_E}Fjy=CiT zWucd(P)nY>3d(SX#}WiSKR|%3>ku{B3o#)dr8fV02T21!aBn43AEky*9%SWlLJzs_ z*5Sm#6$HVjh~WUqq;`E>$eQ0HuE>QTvan0G1!>!Eu|sDiue_;kJ=%SdMQvO5*17E% zY-RWj*!{q9?}G5LfFIRt5g9p9Ju6l$06Q#+Du`7*BN@M)<#yyZHVC$&ln3J zKEu_u>Tf%WivG!H?Qok#+{5yLwDT>bu{?}kx&@7G%c_F8p$M{~xnWcP$4DA*n*T49 zg;g_hMidu|jMcugR{Nlt5nY2*&Cul?%^0S$QQ-^I$@zwyIk9zO&CTz_p^k3Z`e-r& zS&Y<}-_eCQs!%3t49p8);6Xov?~d9<({Uo_A@!MELj$b=^*p2K!8nu|zS&P(nW?Mb zoyt>WQym}0h74#6QRytB4so-7#KBj;v%??{)5GtY)&8OF2SMs7S7SD0vqW5#&G$$>ZxJ|3Z`<2v6HP6v{K6w3RSzvEKTyV$fdFcj+%rVojGFD zc3d7EW{7&qHs`^ExSloOw9si2Km-ZdK7pvQxFA1NhCD(H4g=G3k1-}Aa7!6gLWhw% zTGq!1`ND`<6ot-9kS>A(<(@0I2Z;d~(v2*IB_Ri+wEIGsnYn~&-?b&aAd!gA&HQXC zbnN_U0W;vNE^Ixfb^EC#sbskN(9;ChynRVxikrK~#xqiK$?yayO*NZfwY_;3l$l^; zB~w1Pu~=7uKW~B=@HUA(#IcPU!kDGo3D9a~IbW8QC> zq=OY9tj%$tf*|?ieg%0FAlA&~kXV7Sey-*r7REAH!VmVYDn-Ar5m%fL_vXhRKgJi6 zI<9`xwbl2s$kKbB_RkQ4AIXVn=(LX{B21g33SJ(l?*08ePvci{fY6|^`r0~u(X1^o zi%WRQgf@q~P~-%D(GM{2jw7ZRv<)>eRySN!xOLUO8t!h+tFwA5rV-l+(#xe@62(_# zrm0}ERQ;8de-Ya^dbEsy+f>Mv(bsjAc9_2KSGR`?V_#Te(Hrut zT<{*)pSNZ-iP6#DkoVOfA>Y(}gS9%rw{N>3=T{eREs&y6n$ex^`H?l>yNkM4RjW(I zdT|(u1N9ol34FX7?7vJ=<+{E8ddhMpQmB3v&>61D&dYDBHa&io-D6ijs&+{RYWGrR zsUqx)F8T|YCUUhh4B59gCseF^>-R+|I1eKnrN3O^NbS3(zX}WaS4&j;_yMc?hC$1IXhq~0LzU%ffyiObjBCjHKZr8hTjdp&Li9$g)+J?ZswO6TXAc)s zT`=aSqpdI}q=QButUnheHd9R%(?izWF>EGi(hNA{IQA=W7BT=JaoDS5`X?)ei`tuW zS-6GjXV6Pm^2CJ@WBb+0?kXPI5qd7ogO&(_|Ijix&z?7 zry|?dZnGRbql<)9M)$W|-R^o?HyW&;+rON@Blgp}Qd>X5oz0K4LHF0G3D53d&fhhL z-B5PVvdn2iM)GzT0rpgnSPnS%MrJ7(7PbmTo6Zu&Jq+dImd&^fLI@64F>H~r$|0O` zb^8SE^G$`-6{rX*%&cWe?k#|Lgfe{1^Ec$3P-VfYf<(=3j2ycc)fiCb)td*f@9phmuYKI{6fPWm9fNOLgj-5%Qf&H3sO_M!c>M#jT27A~IN=h6k*RVCyVz z!ok|m-UYw2h>knEH>%-8?{YW;tG#~ucK31Mu^TZ8drs{b61iGo1(~JStNgYMTo*&E zBWe!A%(Ys$tr;xV?U{F;+GrN*8fqxk{$mRdASzX5yDHQ*uIpRxH*Qsf+rqrndgi89*T`1avjNWkE%bsHqyYa4_I-Ac6HudFY<~)N` zqDsyPxPE8D&SvTiulVb1-L#!nk|;V(xUw+7eRc7C*+OeWqYEq#Q&=d{yx?~{V+$yt z%EdxeC~nqM*x58>ZL#WB^KP9F;P=JjF=L&US(X|PJBV2xwMFtjF>MRsT7Q6+p*|9E;fl}&w7vcX%KS^z5k~> zu4s{n=B)z(0Z(GdB8(3^FigIpi=9I$p^+M^6y&?}3t!_aGzs9lvLLk3d`=U6O7arw zJ^<>yy*TZu>F_0Y4&=I4!M$KgW_PA#T~(PcbL)i0bV6Gw-A1 z@9b|%&a!*DR&T=55(=LYsx@2XNN8q?O(faMs(}?JUCrG&<(cOOrTw6Xi%!W$cE^hP z7=-xRVFFx!uzGWgCFkTx9@%%WR}qdcQG894Gy6{t@{jS0)92=&VbojPlLGE79%A*7}#|tliTn{hblJ8 zRV{{7O4o#@DN%eOpfae?B%_*%WIZDmidF@sQFXz6EVO{)zEwTDr7EZo0B~ zfe^WGQwd#R2cFvTZTL2uY!ZUR`ez#OS)e>OIjC)F!8Iyra-q||U8z*9_4gfyS^c+0NJ8x*Oa>BbOU$PE2?2Dew6@dSrLyEq=be0s1H5dzsgkKS+A(mYX(z(Cf_9b}PQO_+`F(gvap_-9P zsT4QcWq8_GY2VmGF&uZ_^za5?1U1og(I^BUi`sN6%+fuW z^6iZFbvj&m^*7|ANeuO{atn#lzfgZ>OM1sz`E4%KSqr-Y66|l($h$s<+e39I#a4hN z(81f=uBe+e$)tol@iHeurpyoz_}6KsCgkeOzL*DHA~q6;9yv=|Uf8QD8(_oYoz&ZS zJvv+3?0~9ZgvGGW*c}5e)toN~!qKiQ-joYjkp-Z(7DEY`%`4L^|Gg}3GfC3`8bpzd z-!k%+<(XVtkSLLoD@`?ak*h@UowY^NNJCq^xH`YOcrvkxBkZX#nZ0;H zk|oX0O1*r`6;ybLzpOWY8K7q{F#Ng7)Z8p{KU?-~od4(9C84ERJZ+2r?`RyZ=6HqJ zYoljqf49T@TnmSo-9u&^J_lfSKRcT3;7IQ(RB*vHr&<>KjCZRw>K*u{(sG5Q579F4 z1|$j$8k{#8tYEUhbp=atAv7!IG+~Wo^9filuwU-p>Fx24HgE;XQf7a8^T!~H^G{V} zceIv-5{F<(zs)0dSALG?Is9kQh_}J1{{Kpv;Svokaomt|oaiL)jd9&OBuZ9_Q0BlnT;s-m>mgD4hP3BM zSU3ZF3wf~3`Rxm*cM0E-Z@JQ#3yv>C@*zS|7zyms$g4d68%@*V4c?~Cs9E%+!pA)KEH%k6#2J*eF-Aj*RTKeW$*s~BG4*+y&<@VO3bdMSOY|-k;ASq zGubeF%UghOd#7Wl$X{RalH7A%@pE4BuR5>TVM!s=-XpHFJVlFerTAD|{btHOP~U zEH%r5OZ8-8O833o!{TKz283)7^rr|g%FL-m9$1+B$=pm#DaR3iDKxoLY}nLJaocMs zZ$k^;m7%saYB9ncym=6jTXUy%I|n+j-UBa}uK>RHXw{a24^8}cz*gRcSwjQ+v^4q# zo0xud%vutvd<0Kfp`8x{{5{%YlSjV`emsEAzaM>nnAv!$*_x#+rIup9m?&*+)|tp9 zym4ODV5mq2lf%6SvJs+ceU7owsbNmnW!tFw)4N(Hav&h1XYkBN!}-qB5s*mcWw)*u zZ>@~&FpZR@GE$LtznESp`-6)n>BZZv8HFtLy)5`nd z1$*4blb#YwdU#fJFd^p`3`UD=U<8YHKd|O9vv(DPrvC8T_YTc;-DtLEyoLO4;2u#t z*T0SaJS=RVWoB2T2utU?xWH}=2LkO@G`F#Xsk|5Wv`ER>WmmvY6jlck;!sheQD_}i zlfZB_mbzl(hHF(Tfftx=%njn>9w4;6s^kDWjO#a(&oQMI{5Z?e-gqV9(&*>}>W(yRz!GfWLzhK#l}V4QFE(vQEEQdBWIYSgfhd@5NWNaq-= zPxtN%g|u)pO*Bd>n^dC0Y9Rg1#8=c$5EkIND3$(mX;yf+8rk>?Z|57mpeNb-M8JlZ zBupXYe8$*zUA_GoS0JJ%IdALCC4+GR<a`T|Gg@7vt;D*-3OQXsE85&H0wuq!pGxw8M3LQ?-?QQl+;ka z#k6dfUin&*5Y{$@6vwy~s^aW1FLKFf>JrC{D3<3&MbYJrB8!w^mD4#yJopBKOAk;dpyvGz*99%sc%|5NkLbuSEUXR-?LnWAra<}uiQE&< zQ_KS-bY&?hu2}hYRmZUp5H2^5k5B*9$PwJl^8yo!6*@w+lkh3IWtIaO{litjH!qJGNWmcQ4^tS~8XCkt;#Y1PI>hIe z^;$UEp4zIL5j$xY*3*12dJTw!E_6$dm9rJma?B!-u?1+u$L-)w%Q2D&!+z_g*ITwe zR!AG>bT4_16($U?GaAKc0>S48$iR19;&pu?Cgh{k=0ESCel(EaTglW%so|3c+XI}| zL+^mq$~nX^L9jH)gh6F^L@(7X&_AlVfZEecQ8T zQ2pi;Qvtg9Ob!1S^}eIA5kHCyX zt0yL{1E1a0P)AuUrktC#!|So?;HI`1*%|1Rf&K~Aftd5R&RbW@s&JS+>Z0js0YsPkFb7zDE z?f`hAVTaX*2HnFbs?B;rX0pI09D554*uJiptg`pYxveFNX6)@r z&*zSp0#mcm9XZYfJ95k7Wzya#>}Ky#mmzw?KhS)nm&X6DR*sh5$Wpshd;C6PxuDLV zmd^FHXT$LbHD|k%fB^~hfSCzlG+7!^Y>LitBPcqF@U59IN@%iq`@~YNUw%igL4btw zXt+2tW#fvhd?>15?8x4nAHCBl1)ys}Fl>cOW_QmoeXN-v*b2owI3_C!S(te+r3i;LUD4u} zrCuzWkxMgSXG@6et#H?sgVzj8wV0tC&t}IKVS2N0OH?PL3ePJVLZ6yX zyt0AME{8CzxKh-#6)RrAL&%l3A%^3c7SP6y8ZNSZCUbzlfSm z2DceV4tULsZEp*vJJzZ^#-bc4^W(Fn-7MaMytDOqjNL326ve&2%@NuTAO)X?gGs^X z!N5{nciTax;PY6(Dfm2`DbnM*y4t@EO0uRbL@t^vh`HK8t8qR=izI&lo7gCBv5Udn z#n_)+UW~Le1i$RCGz4$_Vr>ly|;S`npaswY|i+g^*?7}|RyUsM4X(RXdQ zp<3Fsg-T+v62chWrwZhZi|!>`YKGAM09;w~sjcC01?`QNR5a4Wj~XB8tA)Jzf7yHU z?#OK`adiInr@-mtJV}YF)ZJbt={GZevRbzF+>4$h+mq*bEEI{V!iWSI04%98p6~uU zxBy77iVIka)NK+u#!W>Dd2ICbEuk=V%~&bCzoW{mYwFn44 z=+Wn<&Qv&~KM>KC-M6k)cG~vgwn|2GlH#5QQPaNG$8%|!ZR=qSS|K7*O?~_Ojrh@P z&lX)J;@8{8z8F)tl&!Y*vLa(>HVDN1q>l@OYcB0Wp@Y*He__tue)2x2B`OnVk3r+w zkA1KzBBviJizFH2!@+ob(1&?2^Bfnd-&{>ce?f#rJl69w1(HP1Nov-&l=*#yS?Y@0 zgDR<4r^bi^>+7??jcAn%cm8@?Hnb-?FIm;1wuartqVkC4L(72dgr?MbL2JB6WUs&n zgbqyy<0#9IZD-?@q+BeIiw^a}$_Vz2BVb#jTnNHcvJ9zRzTP(FUyCgXcf}}M_1>4| zlt6t}a4NmIEKOl-I;-PSbD@7FY=IV7$bOe|3l=n{3o82u2w=8+-wWQ6$(Fhiwyu7? zk+tV? z{&jTp<>BE^&qsg#`Ok-cAHzTXboAxXukMdO9~~VY{`B43Z*DHnf2K#j{>1Y1&iwW3 z;ZNlJ=fF;mj=ub3&xuyJXUf!wi;+3fSKuSqt2?*d+uiGuo|mkfIK8QUXnNca+GotxMi?B%9@$~c z?EBy?7SaZ9vB6tx@D>}if=zAE3PKya#RhM&rgwisqR8MaHh7EuR=vdxAk_Gb^^@jG zhq2$1znIjg88s@lpdVNu~wfDH0hAPpG!!eq}PD zv`tUVFo(bj-cw1Cobx=1ks$x=I8eK?8-E<%D<^zFZwYqSa7IH){}eOshlI#OMokv= zYZ7r5?^R#5Hdx6)g2Bxsvnld1E^tC)O{|>LmAO8lU}oavLv5TX5=5}*^y+foG+rC{OYuBydm}Hfdd+@Q;8)MvElweW`%U>{~-}i zVpp~BFVD4T9GUAEtZ9^xk5P}6XjWfSjOHO;eum~e7joi1ahS>muZ;UTy!M_Vx%c?0&X}^q9gG_zN%TkoS*bY>n zzp422z!&#en7MNX|H%1dskSa0V!NrPt^5D%kNv7ZhLs9&eYaN%a?{#VaiE#td28l@ zK6ei~bBYUR%CJeG+l{KOxRqHT^wSA#A5w)!ca|I0)lonw6o@4+BogCqgWeC?J zC<+xaFf=I-Cw&<@Gm-iU$GsU;Q53_hYI#G?B`c48@FuNnT6{K&4njLvc4EOdxPZHV z-E{G$Xrse@%>K^=i+KQjDVRP|%_D7W)qcN;yesAsY-r1s*^#5$ldy~a#xAAhB}o7s z(SEAZ)=9IKPGfSfmiAFT1(WI~EP-^e;kpTcEX%c}I(oY&DRr%p)7(uLP)mnSG<~BK zN)}E)YEV+Er9T#9cm>Bb)QC=g4ME1570~_|UusZAjh-6=gr^xc19%e@|GnP=4WZ-T z7j%WUH7jo-vb(XRx3i0ulY>S`(_fcP2x`!|DM=cSnCrT+LkxxD+YqywSv#ks-Uzi-zSJ7=$2|18ZsMaVu*z~lo?krh*`}%c>hRCpL03a<}=dQfy|v)6#S$3 zD2o=8#X4*^6G*+dst>~|YH|@#a>TJ?^5+U%oBXRPB1URBPn%cW2VQmku5Ue8%LN`i zADe3Y0mH&f#i60;2#U6En5-E0_*EmOzY)_CZ1j5W`%{qi$WSU;mx|ba3d0^1YbC7| zR~qFrkmrOIr=UJ(!*tuK2npXDZ;*aJibcm+D1&gwvG_K=9VGS#`WuLhixpxS7YG;v zGh8uFtmHCtqZpu-#x=3Sb3=;~P7a}U@$_K`EM!Qadk*>;!U^Pj$qEJfVFkjik;3{( zPiD5Tu_v>)7S%8rT#P(PA42r;t7YOllO{V=Sak-G2aT$T3)-Pdgb}yW^!X4EZv?Z? z$xtu|>{vNmV0Ox1!BO@?blY|n1GQT!PZ%rD;xz_;#a$k6pddt}Mr@u%^#AP*TdJG2 zQeKa(Bj)?osvjAyyFR#;6hkPB@;G|j3tb_2{*zUFut}T2R6E2AeaL?HZfUA@#2E>Y zII}1N?O1ln)YHqglTp{ECq&l4yt`(VXS8ui*P^Y_eVe5nKRFdbbJBbav=&#U>kQg$ zBVeqD%7Skx{lv2SxkE|XAr8Dbd(tgb9b4oEfmUg?Z$CdxlZ3)U%vR5)T@W?Jlrbd< zGJXu1DW!%j1)RL(wl%*4|MuGL@jdu#NgU%GNGRMAEIG&3{u|IOcMF5~dO%XF^nvHqIvm;(#wPI z3fm9L0kOxjQkmW2!a)bYX`^z_rHb|Yt+LMn2dFqe^_5&NGYx4h z#dZ0p(%^2QHAIBJ_o|OeuU`oLDh7= zWM6*cUPrl}{4u-L1NdOV9gTdHlSAEH7tFnPWxd%aZJ{wej*I&2m3ZqjJhv+VJX1}w zosFA+{r!Om?hVy=t8S=5xIlH7_)O31Wdq#2DClB%fr5_o)E9vq4Ftm*8Of?8V$@Ia zxys`W`=h&E-f&*tkRjexmg|CEHB4Oc;XdMg{3S2uShsTACHviI_Chp|Sp2`PA~eWb zl+!dZ5(ZugcL03_syJOzfHTAi#N^8Y-`)vhl4tjLXFU0oL1VizZaiYck?aNMN9pM~ zawZxYs>&bGHRJhcT4kF{n!aJW`9B~9^|f)0*MpdVfL8MOfoRG0x#sEqO#TAk;;S84 zviQP7bS{{tu}#0mny#~`lN@n+Nzg;A-rgJ2;b0ACcdlDT?SrXX8TYOHyK+} zE9+Dj?=ekN(5dG*Q_%a-3q-PXZ`cxU!BHJmvKOG*5J&CO{K0E{UaMT~92vuuXMHQB zpI?u@na<2eMAWyIj~M~#`x|ruGD5M(?EHFgmO(6iQG+>MfApG=F6YbRt$ZdMskppW z=e!TF??~w`wU~K`^fl5`kaCbRGct4G+36^TdlNV`aTkehY%J4{++FH_$F}zU>y^%S z$x5MRI^@wUQ43*h#F^&BBq&=(wqcoqRyj$zIAC&>*xl9ECW48^K^g%eT)I&_%L|(d z)yHTF{kLZFD7q@aribZe9V^Km2fG{?8CAqAbBqnwBvq)d9Z4sF0$qg`*7njc?0OLs zAj7JB_`+Yzw(y_mfLWC{n%Vk`3{nx~4N2c+_1Bfao_Y^L8Mc4g;$~3B8Q-rAQ3w{Q zG3v%W#fSf_sZcEm#gJRN2a+CJijLL}SHhk&b5>kSq!c@=vH6u6F%b*mrydZ2Q=&c2 z$I3=oPjnrMdHO&-PrcbTj53@_2VT#|)a#N^3R6yM4+(^MZ8&Z`5)}(0qh_4QPP)VR zk7NQ!Y+Gs;0^9rd`l+c8NdofL!C1?2NH$CM0p0Fh-!|qHD>i))A01I&?Q0IP8~c+0 zG535m0Af}^31Ikyh*^}hSjoaymef~-Rwyxz-BamurdTMOOVIY6Rab3R=GRI(($&+V zVGu8V%UtGA5atN0cS>7sLp8$D6m{m@VBelt z_ZWsG?(r69WHUyUQbRRJ&TPc_HmSDUMkAC(8VL$!2Kj)IA-DW;Q zehcfuG)tcrpX{BX3_XL9)>7m*ZlOW(KAvM}rheT% zSiVkHSO{AxY!#}!burM-b&lfNl6gcV>CXDKl^CWN~jrsCGGpA zrI%2WYq;E#)i+VXp;q%{$0dSO;?|QEZ0+B|WTh2?7n`bWd-9~ON*@OVlT}kzfn4&- zcF$H<;eh=>DZOPzrOKiZ?yco{dnKE4z~TSaW^`lJ@)5|)2dN% zER+%}YQwU^;B_)B5J`dP1VtJ+5mz`>uN>a`m%H(vT*kvD9Z>l}7&`&+ef!6UCvTNgl!Axo2&d!juOOM*Pc=pPlH#W#!8okwkl zktfY^vnQ_2$p2}WMdXx-^+sBjl@O`nLyU7NfTHOEbS#1=Td~JrKl`7+`CQ#J+V<3#ixitLbRr>Nb`ywa*)UAGr8$GcbKjefA!3PyHEO+y3 z!?)&s#01qo<|SQs{O07@_`-sBg1qJL2H=M`k-`>swBY4t6qLyx!D6MSf~-Z&l*T=$ z$6igYo#aBKJHVivn~ghGG0mlJO^O2i5N%=pv?%)a0^m!4ylhTNpr|#nZKY18@hsk(#NUodMm#ZK4N(h{x9tn1GXx+@niJFHbE=XkwGohW6cmIt1fzX& zBpk4O2Tn?`^wZ#_xu}rMPl6bdSLq-^=vB0dZ@rv^P-nVVABvVx9MrL_b;5v$qe?*} zOBJAXWu!+R(Iktrc40-=q`>`Vn${dBXpTj-D$Z)GN8WEof*DH{T^voKhWznjy!_~ny!lT9I(Wlt1M`yMGQ*J#;z^~ov zk$*{rC(@!`Q%8O`r-P3BoS$#{Wq~Z3)Guu6^gj8sWE4hpS!+3*Na3u1hA?EHn{7O@ z->i7*fZjStp~TenA85Y8-J%Oth`(UmV-!Fx7c$InUS2`8_!&@76v4a+I^`;uGML_>HrIh)o&S7@d-0?e8#kH{uC(dq;pU1&De6ImAv zIG6n-5DcYgSQ}Gqhfi_Don9)+;I!DyqfD}kH4@*IznX?XdEJlb^q2)2%QQ`)1MBe_ zM;cjo*|gVXldvynf)tMMKI+?F->Kgq8bS!uAI4P4y!YnA!=Wl|COHqSnRB(acxrNX zE3T`2da$iYO5OEa$RL^qm@?=i&E8Jj_mq;Qpq46_k*=J~*EzFUdrQ5g8+jY!bU!M= z?$38B@U|Bm6l5bI&GU0Z>GGXn={ao#w9cR6P0Q9E;&FN}ItpI|DGa$yb`{^WlIHkS z46`J5!#&zPQFg82o=OcCwn}?mb=7@Liu{uBtr!JfzHEEen%q3S*NInC<*|C0R*q0H zP$%KZHcEe_`6yW;tBo-YcMgDGFRdmvgv=BURS07aXt$Rh9H<>@&KsCt8vnxb>3h#T zpY{9^^?Kz0`55bgxjL{l9Zvcu88A6SfmFv6eyl;^0raCrGKB;)jDi?DE+2+N?~v{s zefRnHaH9YB8T0eyH%R*F{#=>i_kP=d@b$P`>+$*CA3FJYA430mr=QXHc^*2+`GNNQ z#=wq~4j$^^+3~Dg8uBK&f)9R@+5M=i%RP#R$hbm|vSejY`q41(?{#okX~X?QbXMf3Gxx-2^cF-zg07$VSdc7H%~SkvhJbrje9 zgvvTnx_cbommNI;_N8JpTuCV_Pbvq|9RjiF4(~R0l+*R-d29>`GKB6{lS() zW)bTl5=%>Vo;AP5G_3n3uOCwcl}92HW9}bL|42V%2@m(UtQTUQ>1_;a}K~ysV8w#J=Ay#oRyB)l|gNiNW zoVZcL>&#nTA(3|UPdFchb;)o73?8QnOczg_x(9*&sgRE=&j8d{YMTw?ov6C z{OvZiFIW9j7OFUr`EJtnN)V-v9G!}yVhH*Yk@94+D5*x8xKqMbt7p#S7l&Ay7`PH< zBth*%@nMDCKDcopfrV5a8O3sJ;c$otQURo(!ti=xq?t6tT@kn?>NcH%) zY4|m|-tybHqwQY-x6rQKRSC9QcvDyc^7+;nyP9x~*|1JllIv%TExr5IAL(1jwqU)^ ztM+kZCAyAHj~R~vy3tGgvco)AHJ!HR7^4kVYyr(_CrH~SG_N)wDIoJ=yw*|V(YKqD zrcjx8iTP9!4fpG3BJ)YLCG9(J#`-SFn6jI2f;i3&7B$bVof$~ssJPV@_N9ww-k1ua z@8%047QR{%)@LP3t$9hKNFk_~o&K|2iSyVr-Za&$00&{3X=t8$5R2T`s5xIWZ)rDo zf^rH1>3}w(MSFa8Pq{iiQeLw0w3Qr5iOoyjW3Nn3zD8%}joGHkxL2!0IIDF>gAq@h z*yH(L{zX+1w(jL2%2vOiiieAgd#!%SG~v5Wk@RWt8#0uxx}+&k`8@gl{V3&Po*Frl z2T7?UkSEB03Q3Ml8_c`IgoUFNrfT}F2B$D3B%A{mO;#^|)!tPOCGdr2E#Htv&nGTo zl9MChd9@CJu89^duiRJ`)G&~3;8O7G^iBJofU{Ut-Gj!cYX7l4HC74N5a7A~qjcx3 zEh*k`%>D*c+5Dk8)xz4p=uud(dO{BK8_*QfxJ>#iM*zIAR9);YKU>JiCjP^a!gLle zcO#^^Pq9zb{Pfsc;lWjeI3(%SLk;M`N)LYLN)9%WqmtZuzk*-e64;Y!?gD&1HBE{L z0fB5nQ-X{QlfKVg3aysdt+Aor@PweRvf`1Jxv_Z7IQq}P8x_DjJ~T?&h!?5Q*`F<< zAe^AJ`dBG@3M59BLAI^I7<(l60JNzaE`Wxjt%i#s)e|qOLaPUG2+{D!2$OxSkPv{P zj^M2ssKM-w`5KCvZE}tNlu=b}z7G0KySaoh&UyiW$p8qOCfU&67+3A;SfH*NppF6B zKF6=t8$95O6QELmcjW-=uZw`7m)}Z=zpiec_LT$C)bsN@LY3NpYffAx>bke6!1V_1 zRkdrY)jDjDD6ukv+C`Y#QMA9OolKW+owmhT3(n~a+hYfuEjUmN7|?Z#zaKnECpsXy zwz4%Nbws;#z5wnKq8`mJ>omayks6$ol9M8-sL7!dtW2pG#%75(?#>zp?hP7wpS8q6 z1|yx!{g`F4y18ASz8!8Wpc>R@NTO4#ba5RnSwu5AS0m(_cL0Gp>L`qB%9MMV)}`Mp zBK=u}BLzf}(uoKW^sz2zo08dLMk8X}bP>i7+HmGHpjIkcy`ZCNM*13 z-(8JtOyxn2Vy5|5M^2{VKtzj4bPkW^nOW*wL_uka=6R}H!}}b*6k}&Isx7Si0=vd- zGzcuaQ*@7%nciay6Id5x(u1+oJH`Hj4oX=G<Ufum+D~|E3FxjMPC~NCc z44qb82)SjbW-3PAl`owIOGVBeZG(6#B;}4sJ4(i{p1<|$s+@ERm;K~w6Uy(!=rdMa z&B@&4`b`qb7dzK-sZ7{*MWyW@-tCSYs%eY4%Up!eLghLR23jX#GDUlRBif@%F3!@> zRNQez=dIqfx-Mf%tR1Wnih&5G8w4V-LMna;te`C=>5-cnS@-cH_qneKfARNm&Wo{H zkho~e6!jDP-DTvkOH`O?zea*2UTaO|uG*NHwh^pXvearvPae5eW?gk*{xTYOzP^3> zi+E^1M{T#cPjL)F!J47@sayeHWDXb_TZgEGqb4mh9}e|abjUWI6{@YmqxS=+P8d*> zM^SK`bS9^^g-lWQ>7XS7FYMwB5)jr7Wp4K_Lsq_4vcBy|1<+#C7K7VkI?T!-9Apqb zsKC3)pITQRGUgv72bqpSTydm(DN8~s_7Q4v}45Bgx)Uz@|oB1%TL z$hEN_j;ym0_Y{gx@os{_({js`kzPq6?xwQAwx_%&Jq^bPKWVzxMjfAQb|pQAp{Md+ z-fjMfY$_sa=1_MT>I*HQjbR%z$$*VmXUMO1*55=h zejU<4lUF#MRM+-I@wuDM9S6ID4I@^XP63{~FOc4_)M6{wSBDo!lp^niTWiUW0o$Y- z`!AP%^*aBOwICNgR}*12m~`TH*f`7@4ZC1avQyTOkFD;QvSCj z`J@#4WziT|@y@V2sq<(edbiZ3nC{?!nQ1GqX2uH&V#XYx7p2GJyX|5nq;%c3oRv7+ zh=70_jOvKJmSx-E5tQi$@o59%BK!XRl@?0_OK}N_sx2CrRdOpP6E4(h!|pxAENi3Y z7c~+Bu%$*6b;BjYO^p5C7FGmrc{hWIJZD%dr`HL+%#-# z78npa33a4I72mv8%rZf^%kPPt2=Mc_o?vo`M|)NRwF9(nLS-z*8`5}7{l){_Mq6^x zcGqc>VwiHv*zJnmNDoB9(|5@%RWOgFl^)%qibO|4d+MF*&n1a*21P$GJKq(K)Kqw# zL{_)gR+E~^Z=S%MXRo2iS7n$tusE$@=GWmQJPDAcwo{vPqi=F=o#5?P`t9D%GVqXJ z;ydtgXA^A9H}3N)qX%)!m%)jp#eeP00=NNr9n6f}IqbKF#vQ#VV^O$chr9^bhh0pDDvk`fHzu{V0ep+ zDqZZk?Q7M_PFk_ga%agrDH=InZHi-sI_4zvwmm5qrP+huFG>`AaZ%STklkv%d#^eH ze{yEG9xCdeN)oYqSBp!>wKEI_l`<_^p7_%j{5C#&C^p5eVY1d7 zrJVhdr+_hk#HjbrH7oDaMoxXEiww0RV8mvwNAK4h6#jNw@!fm5_GM#c|AF;Kg~2c% zL*flIpE=iD@S!;oTVLB8WyxISet4eVCEj0BmY@d>eK_Fj=d2>1g@QG_K>+$kvoDOI@r8 z%RnUPy~9z}n8a1ABO_C-Gc-Xd-wGW>A*g8_Kdu=9>z*#*)48s$q7pFg20Y)Z)-I-U zPMb&)7Yc?3bG;r!ad`$u%astuzyru?_7tGUAg`}@NSkRWI!pN12xZ!JL_49abvf|k zToN9C#VK@Lyg#)97*?VI(UPeetaELZ52dpWY<44Wy6GD167ouTI9oJtfqeD`n>W`X z(|IATXa**H?J>t`4s5JEFp+`I^)8!~Pkk_O(6y`au z507b8xRY&FIDNwa{_J7T0N&Cjkaw{8zqk+obDYxWYKrwabf8|HT3KzrBIf4FHq(#i zU%@4G26l91ZwEKo_Zz|@w(-K?#rEZo<^6Lzk+Xd3?%13D!B|;=_hHW03C@`W4JTev z8G$IcEVYMG)w2p7lZcpcb|`*jg^u=0Wy8>2kpiUy^8;8Y`Zpv`7CO>=CV47dQ`8_* zBu?XW=7UMDQShlg0*eBvCbw}3t6DmQwef@7ztwe2q+mA97}Gi)V#icips@Nn?5n(5 zl|+}tSp%>Sy2;&LSpOh}0*fP{?qfuz~nAaa<^4d?=*U4Ob<(rm$ zde6c@O-*bh3Kf=J$fX{|O8g008`Ad^+F9qkUb_AXF|ztxl<+6(}p_ot(bOBIvSRy`XGY*(vY^uqQ1){W1)17V*T z;;KId8K{<5+d99aCL@nTQs{ZGDu1Z}y*$CMhUY745)1h~f!K5-J9V-eyyI&7tbSsX zA`i!frIEzs;yINiY3bl*W@Yc)HA}oPnkKu1MewYw#;Ooe)d2C z+q6osQSc}#1c=h~0|2U!C2LB7)U-67NkwwapvmM6J>U6%ZVjQLtg!ig=EiRTo5QP{lqi)rHlj*Z^s^Z1Nh#cwn5Q?c zKyO-_!n7!j=~%baOo+Y_7ilv(#CB+O!Fn4PN&A@bztHk#h>o=>_IVM^lT!NnO@mpl z0{s!Y9<4!X$~_=K_is&qJ`n78enB^X!2ef!Zh@UuV2sb~96Z;%p!kl}uAn&n`_%t! z%I>z`rmTm3QVQ{;e7X`=runVv!wDoowOEbEK9BI14Swh_=xYI`*%>^Hg%NO@k@fyzc=C2w<6WnCFlVRqGCUOef2K8(w z^5bQJxEu%WzEq;OkTNGt%88>y2a!WG5pXl{tbuut;>w+|LoZ)^^vb=*|A|4PAIa&# zXaPe3on7`B9HaYyNw!AF5V?!rOB9oc^AhY6Q|()er!Y4DU0F@!Y380M4W5wLjT)5L zXORwTWQ$Ft4tQi3-9S)& zUt=9Ix5@$*bh`c$E5~tq8>V9+Cb%Q}EZT8B^NF2NKaX(JUb`EsAKt*;I1r&JU|El9_TJ(TEuNHBn-*d>{10c5WC;M2ngAD<7Q=5=_mqnD) zh56MNu3~ZmwfoG(7a3X-@koZ<8ToN23S*Xvv^+~~yBeF(m%l~M0I|1lS7Z8fun@!Z zzC1@v{-%v;l;R@qv@>pSzMP5iGAAOzBkO_(DfD-zQ zw$T4Wz$WK;KRG-7`8hKGh&?Ij`M!V1`NpvBhG-NGt_Y4Ugu?EKodCqOO4mieCJCEF zZiPlORDe{f21=0&@+LwEqNh(J6sK9v?EwM&Tqe5TIEZ(~|8QKbqc05B7^B`#LTmYZ zHxZ_dkLL={ViN2JJ$(u57nh}{hk@JT*5M>sY0Mf~WmKe`gJKv$ z2EzNXH^e*$>iIk{0Y@A?d_3IFIfBF(GwNLauMMmmmGXVz?%~dfg%EL?l+gl=CXL?k zS%oOg9231fOZ+@OS={0-|LG3?Di+-)%|+}qw0T6(KE#RjB;Xs_jnetOcereaGF}a` z0zR)?&id-GazDemDr1+W%0jBw(mQ}O`q2Q3PzC}`Wb>B0zq=T+Z3)4N`po)HlX?Tc z{4oL~98wv@?SYUwD%p&@Qa?peL_a|Sq3O5=%i!{U3(DV%f*f?CLSFd?H!UnM2JfR4 z7>o<3dP%l9l5H4P!xfV)*Q0__$j%A#7=V)ybi?4Iomdc+)KgL48_!VMrM=0vXx$73 z`BuvHAs2{cb}^3L?$-`RMTbTEqo3{-0ekU5D6;GSd^S4?+@niDv>!` z<6BZ@0(JsaLs+8d@Dn9Q2Zbx$tXPy&TLchzVEif~;yV_Jv@^ZC1z9^5sFx)y4a#M@ zGI?4&`Cq}ofcTFDFS=`rjOfQh@esTTlMjk-zFQ;wPJH_j?+H6prvdw6)AHF> z3q3cHG!hvl?=;}oC3AgCptnkfn-retGq&8w`G8y0*%dk+bcka?bG5h^-8)kKHaNv0 ziDvj|lVD6vu@+Q0tCda3kfP3${0F`#&^hguJDVX)o1~;WnWNnSWBz&U4bH*dhQ(%o zb4+(MmRlO&nR?EdcxfUb24TDWU9M|UludD9MU1e10Ti(O+U4KFHy?q_O*J@0S5m*7 z-n$8;uMQWOl6SP5bwG9OqLs+A3GOl7BtRgym)hw;7YRX7sha_j0Ylb_0Sq!8fo2Rt z7bv2EZ9A!NquOnDhzXLhTb0TS^DiBLJNMw#$>~N$#ze}N(^)%^E=n;IbPh!2yFtxa z|Hg6h|1Krl3@7AX(SU8D#`RF|*JCBG13IEBD=bOm%VfKD@Wb62Q4vQ^S-addl$W6 z&>b>Hc$DM2DD$6I!8jAaE5?ruk{!=HTK~53+z=^7>X+>k&ib!`jSnXJxCf1MpJYbM zmw8T1P629WIX*9b&u8ZrFXt%(bLBDC*xavF{J2N@N+gUN){g+YC_pd)#l%r(AYaP} zbBJtqq}mP3Wb#c3E}^u)o^OGIURk>;7DR+!t=2}nSuj2m-G%Ngm@jVpf zKXzj%fMe!qjPS)4kdeZrwn|?=*SM6q2t-vUpPhfEh{xm^ljVVx78?ZAaP>r3CPRX1 zoAak@XJM-+$@@>2eE=+slU~9LTcyZ~3>h&K3mo@ms34{O>K7>myi9 zGzFYzd)p4MHQZT*_A1I$ygw!@R|EcblBESHJkL_HtI1zW&es*4vIxn>(xziAN|eF6{C_2%APM_{E(8FJ9%y z(r?P{${t_r!pG<~x&Q!6$tV}NnOU8!&dII|AYSg93S$~14Rn=3ZHZB>W|t!U3NqXUE0nd}|9WYv?3Jm7(M>uG1a!Ok)h8yr17 zESHmMURZYVPbQr>;*ptB`a=qz^W*9My6`Zk@B95QcYivuzw@%)V|=sYbhA_TVt4jK z7u(IVzWyaaI?u5ibaR|xW#a8xd2h*^S!pUSwBWm^_t~Fzjoc_USfrsWJ@DF_M;n&A zUl7k``IH zmNt(R&TEDG*Ns)d?ikock;}>H_fN=09DtXBDX7gvavGk7)CigRY$&Gy5vY_OC!pfr zy9?1d3HBH2e5@ij88jbF;sRiplz}H}}(x1D7}P z926~75py3w<;jZtu{4F@c*-KdU@yuuyOI8+Fr6F-ZuD~suoc34CmV#f9yW#hi61bi zolW5E3R|e)skT+%EPGs(ze(foQ(=Vk&Ao8)Vj-H6R?(A)keGb*D(>~eE{zTcx*&ZL zC6SH-bav)oGJ8JSpt_2Y{yJAGuAqbaD}hKl?IE~}CwFild28~mBDWDwToA+*2WFIM z+lBS68_Nb-sp?|uRDi9N_ci^ouPSdw;Rit}62ablZ21pE6RJ)s4ao8D!!Z`^qy?a% z*HxW1eLHe<(4h$CnPitc-lLi}*!F!@vt!(mcFuJKT}k5A1pwv70ie(NKWvyUJ-Atp zl&%YH;zO^4Uc0VU87(-vq>Af0a6AS8e3!f)M0>($cxJkE&ug4c+RSDTE#iavGsmnd zUOP;**1#8NBBV^y#Hns6cW3nh2Uq=$h4pOfZ1*yGjX4PNkZ?v$CWgp~ou7ZmisCZA ziE;v&#FU!nxj`9xXrmN>Ge}zPHn>QeLsauc zomev8MZc-8&erF4`@3N>AQMQr4toa!X@}}#iJE^S2=UhY*4Ql7JAh-VK@!+T`Ql|A zR_Mxu_avOp>~T^-MU%=-;iA)xqtXWf^fB=|R784&e~@NYoG;?v(gaeBz?5nNN-zwF zHT&CjpvI)}@FmP&n~)r2XWkS3I6%-A83xOtX=H|FW?^uOR@bI^0#)b9v^xhj2f$cWsa zOuvvM+Y!Wp&(GQt@~C`Xk4)JRIr1mhen}WTn*lv9gf08eqL9hGpce{C{C=zmiJVh! zH)+{gpeF_M@5zMfLwD9$JCkIqRW$qILM=X>qULpu1XA+c!wVzXT0!l5p2+6nc}W1w z)}bjvjT3p%WVg$89NqH{r>D;SN@MCr4Yk+Qpgi27#{V2uiJPmnUl4@~Z|hkR!cR{0 zcEbGUR9SggV5-+{1^*(@`BBNvL$D2a2N&ih&`C}GCV^;|a;i|jv;hI{`;G{0b`Fuu zKAkvh0#1M^P#g#uUc2y(rCUAKmt_jFg25wG03!<7XH+;EcwSokQ9`z6QZU{{%e@Y< zD%cc1;M&y1SI-FUH`R+t=2|RNO&xbB{U;ijSIz%0MmW`JZ5Ioz`C$jO1?EuiKRbFL zL=)H|*>5p}qZ6Ph9{%WOI10mIaplmkzPp9Z)ZDetX>lVJf)t8rqTXDzLoxt2l8CI) zphjdVWW4iJKuTehpkV;7aKFDQb#_F4qW?!)wdz4v#%w|l<_@V>J>oj`|kUf|n2?-5LF zx$D@S+VTD`vzN?gsmE&*d)8aMJ%*R`{4{a`*sq$Gc0}yglZ$K<10<^21qMh=8Jl8L z>Z41sRj~IL671FRb`$6Uez&m=^t;=G#>grod`>_y3Oob`^jjeZ9i&U(4-$|w?+@)N z^!)WM1}AY{r702)ja%e=>DwsrkPK{@*}Y%tP=&Zjs2S73~jtmiVZ~ z_^3X8uWo&>4tobsfR_xMJwRZS_pTM44~+dr5K_Xtdw21ANq3_OX?QBp_3P zq)FD-&k!1Ccj|js`+UC=^8ob8L=H(D9b;@~`?qArSr8Fv>^x@tVF$6?jq+FMGLzue zXM8AVxbC~Vdboh}29dG^#yaD7vQf}GFjk~O;zH9Ws3!0rD4PQ6q~)eii_}>k0UQny z$t;&v{+d{WJ_m-Sw{S&>IWr7_`v@%!?%N$$U>s!CF5@6XJnp0!2A@j!rJn-jSF>(l zeKYFnt03MK4ZVj|UI!zlxA)oKc9w;&k+le9) zu(B5MxLe?Zx(|4=U5WzM91-Po90AjT3=#&c08u64v8n{_vP<& zlt4FXligjh=U^NtjW1WTpPWMwax&%u(LR|p-N@o>YkGE6;kY1mz_hkLDj6J~DS9L6 zY9Iu;Cf18lR64uB3q~OTBEvBcP@MU_7d8E+kB~=FZJ3X(ap{Ah+S(cx&l!~v{^#PY zra0~(#|P`@?_*KfnY;VzR*jwS*YQe*{)}%IPrg2$_nWG0@CaHjh4n7>9YJu}WMQQs zWRjE<$oEarc{UCx-}Y+d;o))-hP z$o-1`2$_e&bdA|!vgmld`2cc{^FJm#=~wglJ3UE1i!GtB*u%t&7NvC+qp%;pLCsco1TVhe%wNv-|q)y#eP$)NHh#;J+>|JjjPA40;4Sho(`^++WuWHC$Tbcy?6J#q5(NpEyrxX2;0CI#85!SAZ(@ZCZ zBw8|P$Yv{Z=XZZ63P67b<5GTTegKK|pc5%>4K;DLKiuPXe3llZKiZc-Y4ntWVZ9k` z6?eknh=6DmSl>TJDqNl;m$>YG(sYP`8-(R8TG`TBUR9@T>cQ50McAP~gTP7BUJ)!e z*$BdHHq9|er3L|fYsem5RB|(5L=jjR^K@0bXbocCKBWQ2DwFq#0MZjSfWD;31d?nO zkSvd$DG=_o;nUmQuBabVL;3SZcy&Sw(xgB5wYj-CREL(~-|nviXG`=qay!}hX(;aS zm}consP)R6&~bj~D)zXr-=`MMqEG4QL`?l@+W9@uj$xEIk~GJ87O-ZzduBHh@5!7v#lieNDcc^=9834&;whw$tw zD=)Tc_bH;+^JH??%D>rYUmLky8=1bGnqL8-Ny1#pQgY8q(`p~u>=<_&hK)A6-WjCcnEK zgeY%|jp(X8U1`43b@CYR>_=rJnQay` z92lpV{yof(+DJ0_yB-k5n^&*TIP9%*vsLVB*CQ3R=Yla%&hT8`*D4Dt)@u31Xoo;W zG1t&GgGOw^<8!n)f>b18NZSz2ii4;A1Cp`M*iP#s^GjO4FA4Phxc;>Jakzb``hh7; zR{Zgz2a!RpoQ)be#GM5APDDKc`w%cpnz+l9c5%@BOuKV`s`1+&__BbXwlHWSUZ4^; z?V-u+Dd3c3{Cu$Trb^M660S)Qc?qC0&GHPBVD;f~6&b1(h(yoo%(UdK8(Wlh4W#u` z0J;8%O6X`K&kjcD7JgXc7{52(7~&wMM4#A~kDrn(4^IE5qO*(1Ne9M|gX)_G zPpz!+vp(9dNXK%JNHbx5+aX3Xq!x^_&s253pnNI|1Fr=@2SGGEBoMM|aCiqThGz;* z+q%f5Tiue~O7g3-(FUQ-U^ejrh!C~Qlpd~7JX*=hJM_-ZTduQGE49d#b*E#>>3&wI zu?CIU`gKTnfJ9>LrK^VU5y=pqXMg!tGtl$%wlX)D5*oT(baG>SaP0K|Ew7>D248N4 z+9;NW<-o|K{R5R51I*=s-8kmm<`~vBs0B*74qW<@M{FyE4~NOww+AOCz#l_ZQI7gwr$&)BsbrC?~nVVt4{A)ySwUC*Xh%}_u4CJ zq?v!Bvf5BYfXa2C<~O6gQm}`jGMse8`?Ht2vMLA!=!^BNq79F%WSprC^m3jOJJZT} z@^-u#sgPy1TH+JOkXGVZ>y-KI%D)R!iXo-pM&AC4eyHWY7&c?6w6d+r;O8~nwQ_=r!kPCpsJtjovtHx%s9=+s^2)b)TI#&wL7{o zRtfd?yqIOL#97KI=fo4ZrwFUB&}!kHm%VOq^sKOu>r>LS58Eeup8U#fCWT#%Td*9p zdYn6E{dFUbb68@`z2!<@*nQ$V0hT@=O5lF5NYg1u9OEJ_=dMa2DURjG)UT8}txoD9 zqc8Kf#Tj}%bRjk#_=9xpf?LX^FAg+B*S41f&Wd693#FaU8>FS1vtj-{%y>cg=0

HV1uFH=*vKQRa@9K};&);fXwPr5eY`YIx}EvpG&n+)rfSs_6tXSPgf4%;&d zNiU{>S4t5ApFMZa3&Qf9wS7d!BWgPy9C_r__&uglhBTPf_rmKw9RVr3KtuaJ8HSn{ z)M`%4FJC=*hiU(PerKV?Nxv+%t(lMY3s`)Xsu7)=XNEan1%H%G!zu2y0dSC+_gd6B{^K&q25LZ{zqVVf8N!yBA60799d2U zMWu>0(61Ec-a<7AJ)WozDHYfxMk@=+za)(UKV+G0D3pYx7_JFz7!N)J=~DyE5xBoF zA`mgzd(q>=#S5`$hG#>qk~f2lwrQr3X%r7sVKr828 z{vR-bCTS2OT^bJ}CCnGarF7o7vIN9Y@dCd*Ly}gctL1x$U;FQL5U!ymY&A5qc+Tb; zGR1lUZ!Gyys(?HwZF+SpH2V|*Q6_XUWnEfOSPWHlNP77I=U@axd4!l{)=bFx!$=St zwiaNgp+R!FMpI~KzOYziwftxN=pxbS&2t;WZKeb~YX3+wkXxD}DdhH{;!wz50zA@! zpD-L^xWFTO)EvBN7&J~Nmd%*+AXGh&g;NNbjG%1T$@n0i$r3v2Y3l=IMU_d`Fv!fF z3p|L3<^v(D6Eh{JlJf!5UryZ5L?{IR;7NXH>5Z zh2$8YBOD(uXXiKga#K8$ThjOAf5RRmOBQmKE&q!&p3y7GIKxk+fP?QR+c&4daFM_v z_7gFo)ONIJ`U1H)a*6vM{QOIRDKx2CH-a=>luta%BEHBL!h4JFpx}wDgZ~tw!rBDM zU%)MVdHx?I1#RjIty0OGovU7y=~_tL>%R#v+!G;y_OpPAjTZmE>~jf z`SQGSkLAW}(O2~xDkfN{XQx@})RsUd^8~fVT?cu;!we$FYE8ttaHJj z#+Ng&ZXu4o#SJUiFOrD1X^cr%~X!!uvS7?W1GMOz_!PEz|AAjHk8;2 z$O#u0gk%^WUvU*P7d%iEYXCNsy0b&iKRKeonqcb*Z4ji!HJ#Em%5Iu|is-#=yStZK zL`W86ghM|0sag%}H`jZN>DHo7A&iAxl{T(WJ+Vz!s|IgL9TARC8INy3DKEs2JPmYd z8U<9~_+L}cOjPqG@?y8ov7?E=muZMqDiMfr+GZ#7u-flFw?)!gsOvVRNrT95cp2S$Wk-d~H{Bt!sVY0d`)KLdv zg0h5?gP(h?q|QR*FWKF&yeOz~w&>CHh&MhFROUk2j;$-4Wqf2!k22c(+2}bna-~Rk zgGhIe>MP|~ub*5|I6N7Ix5LQ4Zau>l9>rIXrfz$T7L0poWbRg7j-^Td%A%u%chASQ z%Tf+|-Yf3Psw6@VtT!Zufppc)@GVXKDeS91rzJxfTpO!EI@`M9x1Yx5#<)5Up`*QW z@q=QX+KE)Qt}BLbVP*Z#`V#pc@IU94|G}I;Y}e9p1ftLV81cvx{344_1~5At#z)(q#g)#E@6bI zV;aCxhce8c`sTP6^T~>KWzAKm9>zHL&%z>eHOj&Xj&)WDBol zEryQGda98uo^P;^mwLwG1=}puWEl&Q7a+lcqPPQM0H;|YOV+-U&UikKL491$8~J`9AmOr`Zn4BXLz%fAqv?VruLSIr9SCvrA5I%_%tSUT1U zh*21#|4AEz}* zNjlV2t;+HtYa(9G{XC6<&&~cm4qaqss!Ca16wvzmfJ~^5%g0VOm3-ue%I$q;8x~dT zkWJ1_9@k3pOGTQ|$;L+ESyU>qx#?h!gQK2OR3+!e^VLilw?*bdrN`{!xo5}gTRIOadZWt3QRH6ZW-Prp2Qs8Ik@( zqC^WVMj6R^(uNd}Wq2QHk<$W%94{}f(7$VlK6P~cm4DI8V2en@zA1+UXtEo421kAD>e`5v*JI-FPm2q#&i~QvoMyD<0Z+oA#xCdcka7tVO~d zwRT#S$;~z;2dTWTAsEDvZS?2XVsXw@2V3WPWv9KTj|b~pwW**nHlS;)Tl^?S;took z4%aC8wRv9Fm#ScCGSy!okL&jl(8R@iLDg|l`HN)HRxYCs2t;kVS z4$4;lPU&K=rh%rw&})d#m7%Lfqr|Dmjl~s1)L12`^$Wsa<1L26@hbW_p1;^Isa&B1 z4J4;*byqeFWvX_+6Q$EpJ?{744D@}r2cU0?i`4f7A)mh^IJ&nqoUh+wn)9%v)@Y#< zU;`$8Coh~UF_)-JQ=f$<+FW+;>%XbHIG*`6$ut1*=T*^L{2DVWW*B1fjQN7+%ku^0 zI*EL~9>^vXE*7WrHqd=u?IUEvnKd}$Q^b=iGfNu_BoStjbK7xKMwdi8qz0|MXY~A<%5Y;IWKB*SGPEK|@ykp4bN=;Qj{@Z2k`^ zD1mDXYV*@Fwh8_NH2j#Seta~oMQr?Re{gl?R{xEVv2LG$iDL|UzK(>;_}?HkKhT!{ zJIb67=)3}DFpB8B@BfY`me_~LE@rTEQXkagyBh)CH;2URPL4hIC1;)7m}YmArt4T6 zISX)R!CP?KSF1+zh;3BrIxOVp6dX*dRohO@x0jH zK-Rw1o0sO7-Gred@?vc|gUj`77Q9nVV!td$FZ1^l%i!AAKOSJCI5X$d&HNQ)r$&_O z-{UnH>Wv1Gs!++(T5#b$HcMGf;R}4FIUpQHe;s@4V!f5O8=Aa~{@Ki_#Md2Qg+!p0 znPLjAH-+0H%WP#a)BEzOO@%9Eb((elIl(Xoh$fp|bGiKZ0Eg5)D)oQM&)+zQyty#yv^4 z+Z9XBBruQ_eF=Yy)a6K_pOjcmlN$jowK=#_>ypz#4MPY8r*$!ugcYU#B>pxK8J8dD z&C~6Z0XLP4Qpa@b35aiwwE&Cs**58_=9CqTi#wqA>@GmD03g#kywJf;ne|=}6`(TA zc6LF*fJ>-t5o(vs6hNfE+`Kd_xpWp^}@O^^*W?P zmw)5qpV&uqnLAL)RnDXKa%X%kpK3$$sMy8p2}S!6*Zf%>i~3=p!Cq*h7BV~dsOo|; z_$aYBGUq+fK7xbJ6TMOBjN&rU*RsOlxcKFGF8Fs0QZn5-y=CLxv? zgo4jpf_dOz|=>_~_U>rB%jy3yUFLYq@Y8P|-(!+lamE2I?oF?qMc*oWF{|!b5Qe-35|$lzpUv4nt3Gw}KMOD%IYnBQ)VmG`y!;8G?RmdFhSNz9qXBGa zodz16mAe2AwEgt(W?iXx(}+ZQC{ep}n#HJU`VySv%tnwZ811&D{_ON+&Ft^^1#o#N zm2J#aL#iK5a`oQwx-J?i4s0`Cdg`a}4UpGx-ZER4Ou=G$aJ|`}$)rK!h@? zk30G+k4MNv5seEI1~uPqpA$cYJuz?AZAWyGHQ3t>B?^T9)&hzd;iB8|0!d&&_%$bQ zbO6J<*xu@39Ep}$W~C%Y`^vY}a@yzx-bAj&I;EjJ%>t>f!>@X^7fXD9g!?}<01Nai zs=R_xGh^ed>%dmA7RVLJ^6o*Xqw7Kf3+3(4Efw0Wjn$k`Az5y7$$Z+};1Kvl@N}K@ETk4) zjylWnpT(gy==z&?V;OH4rB<|80M%McZG9d99>N8Vvsa(i7tmPgX7vyWl~d&^H|u>L z4XSAqf-y173yliex<_`bdR==pwl`6vH|@0;U#ABt>c;1rm7MN;Dm z!gt`vE$4Nr{4wh?=Fm=HOf5(F2%qzo*O%1k{pZt=?=v>GR^4WC_^lEN9^2_NcM?tJ zkrihO}Zw zv%DioF2ZLpG_H1z*Mu_$0p6mcwpb_?MHJ1%2Pnf}=`9*IOBm*kRz5C%(b+JmMDY3A z9bw4GIJuTurlz*4wpdBm)-gF$jQ`zaT}Gy14cY_`N+u!5W)G}A$t-`TUi%#GURI#s zCVRfsuG8Ys^A)}}_b065zZ~)jn(3t#G3Ew6q3Kw4C1rFTA%vqRxZTiwGQ zNIZ!5>$$HARP@eAP-~8@xhL4cd+aW}3A}`;ie(tgto3LdX6J>O!l5H`5RBb$Er8>m zVpzOg0pL2A!8X=_zECnn22C}5h)P1;O!PeY@*NEYUhMwBoG*q>M6mPm72e?c+oueVw408?m{k3!39IhVs6$KD zj;G+B-d*V)3L9hS9OA!pX{7;oLe=H1OS{7vjN@$nhX07Gsc-TctgYuw+dC+TdRrBCH!f~H1r%OJM zdnU7p{gxL)ZAOZks!^4M31=7)Yo~lfaJ+w+tByw`;|32k>t61sM~xwY8toJz>xzrl z!TO$B9+$NMQ#?1@JFoiXX>`#nPNB6WR)jU+?ye_pMnKp9O18f`btK^%p=-5+ybv3I z6X@SiI#3F5;?|1=c_H!mu=4TvaLuPmE3qf`ocbq{Y2q4CdU1x)?q4r^y!^IHuR-QM z3_&ztmt@sxg6&|JA?HW+tcch@2(5}WllEfmJN$sJ+4p6Ji|1uB2@Gme%cOYnqOMOz-G$^6oDpqi@ zAT#@H>S*+=!U!zOJ@NGSn|dC+E$Eaf5x5?e4;BnH7{nyF*m~q~+U}4(VC_{TuG-Ofw?t4n^!HmVz7*>jXnl!> z_9IvPTJK>~a!_?l9XC`x5NlTX5irw$voH4)i7ofpC|2Ehiy)M5aFq=u%n)9oGfCyu zkJNO0%id6dRB zSKyN)WA&yavNe%;ZDErr62!}N!NV-E~f0gJv@&+9)VwT_ku=yT!Mg7<$ zU_k7}(WTF9>~>L%Mmxi@fSL9qmYY)EJ@T2K*a?)(6wZGRpXd_a#_emeTN{{emmj=tg;gZ**6SXbnA_-_)I zAE4#Ne?85n9luA^-5B(R;lZkW%GEfrLC+9R;JU;=+~go}Bye5FtV(2z&SiC4^DWQR z1u?`*;ZNT7r_18|!Vs!Dq9M#KUtbsIP*8Fv^H+w@&Ym+F@X4Pq?euMb?Epy*R@tUT z3oW1_9`T`K%f zro#2yE~9^N+rhPlFQ5Lrk_auaGz44Z8>ZIg)tmI3hT<4F&yu37Y9o9M3&Vgh(n$O8 zBzJLo9hZxI%*rG=p*wv7NYgv{Uury+^!oe^85z)QG5fELUP8$v4g+y1ur~IU{%vY6 z^~3yE6tCXDBl?UFir9!PNvP5bsKI9#Z=1Q<&lKyZM=6U_Ubvifdv(Mg(gfCBsp1=< zygaCgU83dZ;QqAH+W%X7==JfZkdb5dKT*-$8-x!)88G)80TyH3iIsL&t&dlX8mE06 zn&_0GeC_w<4-Q+ zU=qi*lT``{5Z_k;K!qNxI`!pp?eYF?{^;O_x59Lj+$mJ{y|KwBK*wC$z2fpG-mJAF z>8hUO7)JM=aCNdQ`9w(C@Hax}o^V`M=Q#>;=%lu6#Kk|YlOOu0G?0mi&QwlOr>h>5 zdL#L~{cG$^iwtNJ^z}fPuDV|(BIs+$04w2?T1R8$FZ12XcmjmxRkwuf8)DoaAKRBG z#w3uX6J%;e33KxR!MGYK8F>AfyvFJRSGZ5=qJYKGCTP76UdSR-6+WFH+nd9WxDwHn zJ|G$Qtm3KJxSFZkH%i#2rP&7p>)}|iO$Nq>^0XrlCaxgd2Mwp z*N5jlpQr7VOf-%TVLamtklCU)gsAZD^tSj#V@j8-!89Hgr}~@r8#IeiRp(06yu4t; zhl}{BVS?qiNBNSGse)KT=eQk&Y`6WKoHHVE?Ada1D}#s42WXSA(}3NiC&WT5zvW4& zQ@dJKp)d7pj7KFn79iHf5QNWBuG9l!HZI#bxwb5f=y;NsVmboeByq0L1j$>n#l+?I z+>nxL>@s8*JI6KU`K*(=()*)+Bx5A_M7%h6tyNOjoImYh8lTBrqIIFBkKmT@#XY=k zm+RtD23$=tKftq-`3#U1UjXGQp|E6pnCD&s*NxTdPQV&UgK{K158mET9>AwIHuRVv zBSi`QDncDIEjNAe1dX}wnZ||bqiQokivVBrZuhq%5kc+4Cyem&2S4CcEUuzAXx&@HujLTU*@S!m}9H5=$f>EEFyUp0( zs74D;X@7#t+;JXyWC$j~%pwm=HJGk8bE&|CTKZU%WLQa>QIm@}y}jEg+5N%i0Lze( zYC;0%xudsaUf&-6C8Y;f%p>A}zE{is^T<3#rt+x{Zy37byCxOgTxuAn!YO*x7kh$EB%uD$*3HgF zf=pLlK0^Cjd#Y>cJtpbv^SYvK;@?utSh7V2Z`MvsP%k ztYI313AW#E6(9z(4Y6YGVVOW9x*7m8tqgCD#8F_6ve-^eOM>!wcN@AubL+<4;6Z+g z<8)R*@bU22v2nsh(hA`%Drmo%@rbven|?oXNG$CX%>V#GCywwJhWa>t1kq!;sl=!| zgVkRchDGyqo#s8&mWi0n=q#e(Z>omNzR59V@@{;`pAW`DG)#SVk`oV+<^Nc*Zv{3d zZEFV6W(gY#fyusO{j1b%xaD0#gr4$*M-Q&R7Mhg_##UkgwP{Q2F*{OyCz@e0e6(71 zr0wW$aR?W4q}~X2T%1vAun@Ef(o=^#K(Cf>uG%KZslhuGA>P&#*OZ;p^zLAP9YNZ) z%PPL>gXL(hY%u!$ce|5H!pXCx-x* zBt9K09t_?uVg4ezjj-Xv`9+4^0YNYz{g2;|%kRw7FgI$ceGi9i#8esx0V=24Vd7AB zoEw~FA!B582yc=N5-qa%Br`{q{Tli?%4szE#*-lVZtjIr`&wzg;XRpB05V4#gqw8< z(K}K=zxJ&>76d2#6@s~E9@Vh^*cy1gBW*u=-qrP@Fr`&aYKny6v4>V1&Ys zem;Ct`-^s)-f%a3Q2qIy*OmH(D>m1HrWJ= z!%ETso@6A?}-iS@eopXc|Hr+;_74D`#UxH@dMp{0LO#UOMG zjk}H5-w;ZBu@>lA{LC0OwAh0rixEtV4Ts7yWo3G_v4QlFCjL5|QJ<{%gUCj4x!Kr} zRQs82p9k>gqru~Q+>54}BxGG`O=K+$krE{~CeUG8qYQsgi^SLxZ47P<#B>ho#r_iE zhI9d{m*naC(b)@s(Gchsw~~-ASdA&to)dN^(&z(b30gV0$}ZD%qh$ZGbb;W*-hG3Y zEMxt*5w*tSsT504Jqpj_iU!zB$c6|lwJ60*R{8?$aB!sp$Aw-D6m}rqL$meY5H2+j z9_=2*7k{1>l!Vz--cM5l#?WUlBv?-*eCL1lWDhXOTW#n0UhU7^jrI-;MnOcO!lV)C zdNQ7ApsKOlFO5sJ$I&kGH-`)BCC{}G6Gbd}`>#_YWmLI{+i9rvOMs4N$fQ(-Q8i82 zu7Wkj_np@wPKym81!RC0FKK`pW-x&r{zgqZLd?#{1lwRn@0ZeM*h2N zMuQtN^rVcIVJiF(2L2c64pk2vIC`rqcaJfKJ;aKfi|?=`anU6{-2o-A?(X{i-#!X{ zIc^hIzu&okY3kC5y3^3MOovGbnSELcZ$KB2wkU}eFNwf+&u7i$l#!C4eh=%7U(PL8 zdwPC=AZ7akj;hpOoKW6{WRcv~vhO#6(a*{?i*IIY#>f|w0GSk+DW4?W#+R;@?M@Vm zxmh}GHy*?SGN%=NPj&{u9P^;56W)NbK*$c})LaYL62D#QjAN-rtnY5)AZv;82xSH( zj4H{&zl-N1utP-P$|e#P#q~<)x_|l8eaI$IakwgMN=?sFBFLt)y;U)pt<5jG=)eHv z()Yr2r6JhSQos8-QKXFjZf)qLJ_kCUo5CodS3jr#{sjVmEGUG6KI@K#4H<;HyAJu9 zo$wyP-(C2_{8g4(S+%9B?;}BOWfj^n!{n)Xt(EhmJ1!a}i9gO0kBElLiIin>qS;5^ zPgY(8N(cn2UC%BN=_+yRZ)(UEdLzS~gzcs{cEnDHZP~IhNAG2(RxIbnlp-OR6dwgiJL9!? z>w68--2+joP$Ew*Q6m^xZ#StUv%#H7k#!;i!vM?J=Bv6H`+4iRGy1%g7`W^rE61td z5To0F)@UVjrarrSEtIvY-MCE8)|Og!beCFDx2tcyi_S(+jH|=DioZ)dIP7|ZH=ed6 z{jOM1Q4{J6U@{E5k4io}O=vk(jtJI6^xd*WZ38n#hReLSxZ5GR*_SfLE@7Qs4H$fQ z{+$gy+JCXpH zXANPPT_W<>J#R&lbi0_oiY3m0cCvCRGMAl%1ugtd1ki?_E+rKU*ZdQFXZGvOHwgrp zQ*~}-dcfuE9p+Tb+&Ot%D?K| zj9$QX12BYjyK+abb{k>9Q~5kpPhq=SiW%t`P* zj30e#>9b@s38wQ~zGo{^yCXOj@dK3$auVdpgu zKD@T~6-{#!2_|_VtUrt=-(C`()p0{Pz17&I@S^}4(3K^0W^FMpN}BXk)>&RSp9$Sw z9!LGpY_@#pm%CuG7k`e*f>uvOY}@e=r52f~Za!w{FL#K)Ya4D_WL3^_3XVt_jO84| zeg*)7eHOfZf_=3xW9WaN=TaH^U!PfZ5{&%DeuAS!au^bljA{gwN${Z$S+H6^(W463 z4~g>!EON2Q{n}zl1JbHuTI+nCBPvMsk^ne1`l>s@<{jDZ3Fhu{nSUS-SIQeUf+`~R z(YI_?t4wQf4z}i(@+MR0b;MpN?%nbL<>z)-t1YSw_!SnHsWL|exlUNW{EBog`d?WV zznw@P+sm|1E>vw3Reooi{$+1*lGPQe>wLyHw$nHbhSq0}S?q&Qa*oX6s~Yo#=XjT7 zvXY1UZ4Eq8&?mqz#Emo@{MINztF@7f*yreR@N%n_X&>UKp^?4A2d?0{1nzuW(tD9O zm8;!e!u<$t$C(fBwK7Hg=GB7PW9bYMy%{H92a0&e=L0hhSupPgXz_x( zi;d_l_f|j{4`?w<9E*cFcd5V=k1;SJ}itdhp=-{fm1(JT&-(ndd^ zZa}70?W<(2hR=EskP@vWjlaW%FQD_PQff9 zJ?cB;a%NKmW%tcom@T(Z)nSH`(p|BGB6NAU+?-zV#Po=Ta4b7ziY0YRp85xb>S(4c zi+dfk0MJ!2nS%uIGcu@#xj4J!5#2qfK^^jFbBM0R>-z0^_78-Zg4V9NK$eDr{sSTL zk_#k(iVnChi?j7QxzRx?hYr)mAyT0f>~M3oUqN`8*D4uv;EB;7w00`!#D|Y`3BZx> z>pOBHa`xKFn)@2)T$Znj3q0aZV@BDPg>fUc_sIJE|o3Q(9KxlyshgOX_H&2^pKg;8>-OThF?_i? zH5*HBFMI0~%+oWzga;wz(!hE8ap;`)&6f0hnPkC!=fmxE6eku-+VH7qfd7Twx4^8! zU?I-?M@Q3;F2O>lfx*TR6Sl-(xnxVqn5+VA{MtiDc|DMFR^4Wyk5EU~_yI}wc_y%?TiPcK*7r^O!G4;XW33u>AZq+3*g_A%T5akMRQ2;G^}I963>YXPLv(?FNu_3OCp z5bev4t^KQ>#Y|vZoo+l1cu=SqWKnq?iYjv$P>Gj2YbxJelTR3I53_8r zv#d8XPlHgRO=+HF)s73YGPJV+A7qd3cjgzZ*q2_nz5ZaI7j2#E!^Ywu=Kf6vYM~AGAnZJUoq+D6VQW5KT*hYyEQrKjv$ZqC3uKu8i{Fx7;RU zK?J&8lcWc$;5}1W@1cInfT~3^!L4pG`ULRUVy?z-NV3&DSXSOb%Sl|cxvIx$rhlV0 zOr)mME=^<@xrSrPc=Dz>#)XjvS~BPeAxFx!p%|^$T+`~BFeQ^d2>LX!v<)7anN4D> zm9ns0E!k`QdRQF)M%<#RHubOT(*y-Zjo9p$cJWlD|!0%bm@kl$vaUFcLI(9jk;gEWX6<7sMSI?h$>T%QLwvDE zAm=zqtFSKmak=%KL{Hj6(V$}T+gTm!!R~SuL4oaPFTB?kkq>`;A~&&+BU6%{wI!m* zjS1N&I??OLr8qH?EIjh*#44o|Oy?5JVKHV#%c&+0zyDdVdN#C$al?!Nw=^+6T4?l) zD`PTFltVq>X5@eBDOSoZj4(ju)?<4-TindCq^VtmwWFC!FMC2%O17CNP#mW3Ohk3D zn~02e-{Ud5gZ~cSQ7>g=`oos&82T2o`w3v{&{7)@<8vzRmrRD{gJtMI8K1DMxQ44| zEON$Ckt^NS;}drD#0h6D*5WOGMo@J*I#p;GW&ZmOqU;OR(z|lPE5ag4A2irj}^_e%g4+6?IjXmVP7i&$7~#@jmsqIdP)ct zSa<28ak=;Bcjoyz@I`*wHr3KoPGnf`^tEqZoIBQ&@$%`qVi<$HQkKU7j;eb@?XP{% zO6-sKxRSS-ye|%`Cc4+?gv8t#d4t|={*U*|rz3r7&gbQDZ0#;bsO6ipiUR0%Q}G(b zu?iP`D~Qc0kV{}TO^xCm36oOmq|)$#N4PtJ(^z~BUxns?u$b12}j@+hYh*7OU{6RU3c5 zeQklca*CDGF#}&;s1Sf{T1xMBj{b>(y@DOECZSy#U*7h1t83migm7^qo}Hs@RiGfe zM=D1q>-s__PUydm%6ZHUCn!*ijm!M{wRdaWPIfkyb8niwD95D`Eu(XIyLE?2+#r}= zk5Mmc#zDG+2AogzB-9Iwqdz2L*79%Y;YsLrYF|-}^IU|ltIieQ?_9|5w!2*5C1JCk z7vVnEIToqG-AC4b0lEzUo>;+XlXqS@{i4m!hTTc^Jt@}prBO*~wiGf)knun`OKKX~ z`6zNE6EOZoE<^pp>2v;-J=Ag$O+#f;SkGH#&dm1es9bscefed^zz}Ln#Gc+cW>*ic zxUyM8C{$lGq9@;xS^bzr@^g7mBRJE` z?1}75l&8?KW>mrr!dvMUmOE9@m9|Q6jzy~aHFi%f6RpTXCqlmo^s4oi3QvDuTKC2_ zKA=Ple~?s#*Kj$X)Xol9pQQ8T1_XJQz1S}`Rre;QwzCXHqNyw$ylc3B2TK)e{vz(6 z1gYRJ^ONYCY)MyTV9%=44eMtJl3LHBUw)CfJI2u?b;UkZpnl~W>hkdIfq}yriM1I=`yf3BhHI$$8-zC*l>02QvAXr$yWJ(MdqA6< z+7m>PP*{SSL_O2|mS7aBWBF2s#jl$SUuPS|p=rD05B9~CcLgdQL#RweT6#O$S(M*2 z=k4+iv!WpduUq$4J;7Csbzy?BsxoV{Ktlq^R(^O~5aeA7m{NaP{;E~lSFu^!FtB9Yav;eLn<04Rj0r_5vb?!skt z2e`4MvpiQY3%W!&a0<*=FGMzHJ>962r2;6rt&?b8-lV;~sA81P2nA&nv%4Z=5x z@Sd@>v(J|^p(frCb$olYGeDWLKZL)4?2vlSy-PVpng%-D1R3^|SkT)LLXHuW6f6D{ z^NFCdUl!Qn@v~(L7S>1|~UN9*N(&hprxw`X?}2`fH@nz76=v3|wm&bE)ByKqRDK zn3=N^PgI>&7go1l1|l7hJnZJ9NevW{K=+y)CLM)q7B7dgQ)p!TW@kvK9QN#8^|V*E zUk0+tA8Csh%KL=dG4m^78ubZadP>xW^8RS;p(Jz@e9ih}W( zh(tvYo2HDOGDz7wv{CHVF7%e9UGZI7Wi77M^Ho31ZI7GP5Pgo!h-uGi+*rQZ2ztWh7Ck6jU?ZcP-5zBVICu#tN-(VzN zi8Cd)ymYEdrji`C@d+H^-9ug(gF!+?2B*m7Nb97uoVBkd{E@?Pgn;exTMz>iFWVEi zUYkpp6J?kqra)aoV;*%1#J^08%lAx5^ue_xI6txdYyr>hm>T%1FoH{!{r?YUPH|)5_Y$DPJ}RKV4SQxJt*qP8Y&Gj_NUE4QYZ+pO1ogwSy0mw~y-I z04P(@DK|8!R7pH(IY4zD0*SK6NjBiww_X8e007Ve$0xIOB%;i(0TB2){WEeqdoc^A zH&5K-7a<4_;kfE<+%UG*J#o#mMx8I)b3cu6bkdCQC<)fR-i9=^_R*?VY@~{?U+mzS zh9$Q5iNBoSQU1UHYxYk54Pb%Ioi^lX&qEULwY6lk&VxmLzl^e5W+Wbni+G8q`h;=*HS{W_7KA0$bf%RQZA1<@=6Q&rGN^tT?4V`| z{p~nX+YK0{lh(HQy#nmq2THIRW6~rys?j)pbboJh2i-?QJ&xYK?utdZeGcUyr9!RK(nuzpUnX?KjY^85CoDb^yzua6&(g7NA7U5yrHK# zLXcEqr@kxK6IXR_GTPOel#0D5`bB)luwnwLVLoXtSD;^oATVa8A;@_gRoGR_9%{2e zP-k9kH-9@vw};o^iMGcwnHbb8MVyOeaK+b@2PfkQK4_|lvjKnVNrsi<$n{28{D@1@9KYw^F{f`YdLhI$1V(o8K5~(E=ScQ6t>k2y&_#7ty z+<<{34pRclSa3eFSc%D9T)a-pZn{(F21gYSN!`8R8`-1?2We`vC>{GBI+Ug67MW}~ zO&mom&J>Uc%cRgN4S=PV)eG<*eOmz@lguehx8n&fXmOb8j74W=FE=G|(Tm=Nl%p6~ zp#Y3)ySjR@lDY66N-xY~f2x_&!8Fv~jc>LJ_n;$zg**=%tk|%q z6AXxE-^aL=)>-2x>43oHSpJQ9Oj09@nHramXjbL^OJvB4Ng3=H7v$`W!_vg^?^L2DdwlSk)P(Y4N$#7~xR0kFNeMb- z&~ccG;q6p;=!z<=fLF|=)?+aOmeB(l4`X@60HxGNf{H&FN`smf!5j?~K)&2G7D^bX z9&1nSl*fPGD*z@RSe3z(f9tO~QZXsns$d2Fz|ML!n9gmP^~wvNWroycxRPh>O`m%f zfKOtgF3-@OEP3&{9Zm|zhQcKXUXi?Wkg+aJDE@LWtK{Rd+BS*QBc`I0%$cpwTqwZi z^bF-zZAt6ilf}?wh}`&zT$6%Uy!y6=xA94r&&%SN4;fEenTqeN8K(@-;L-rCY-n|J z7N++0O>UE?)IE9hSB}cCT41a|!uW@=2Sr~0l*FI4^pgY7c-e(@vp;T!j?RhrzkIG) z02-zsP>+Gx*Y=(@Id^@;t^N;X?-X6x6Se)uw$-uibZpzUosQXYI<{>aJGQNkZQDNS z|NDO58Rzm`RE~ zQvZTj)_5}2_o;Wj6=Yvf@Hz$3KJ_v<>_0DgYs!MiQHB!7E^NUoZp16B#S2Ht9^q?a zAUlwQ8OuscFnpZp)w$k0&lR@KCHTQG%2LfKE2k->uKq#ZN5uW%+OHBSKZJ)rZg&;E>&k9>C|Plz6V2D$el4n={nB>mS-`hRwO3#vONrzobtk8PJG- zIG)0wBTk_92KEY_?yLEx`=%lat968em0QeCOp_3w$RaiM5Yq<-#CE-xKM?Ef zmayCARCJdRRy3FeA<85ix6jn{bASZ@jP7q|ni-4AIOp8y5R!%|tYrl}g%H!O?uc z?Y!8lS6!yS3e8f8xE`D~eAnQd$vp0aLkep$9Ph}8azYAiZnDS=s>Hhrru5E4X@TG@ zq(}-mPs4@;mY~H5^|--F2XDFvMorH$UMJiOzrc0r2dYZP#W|u>Y~m6Z>I$ndEDYFI zz6fjRE|$gIxDln4(Xx8nQlH}$=LO#6#5lL8V=6Rpk7~t8%aGCOxKM%ykID3#ACBr) z;ySY|%|E;k%@Dg&7H&NtW58w4KbEtgEjE(2^s-eH-W%f5{z=hE6=RKod5}xevlP;R z(5X+E9OffCDB}-VOfsMLh;nf#rKia#PQQ6O-q`#HePNCs%tBELJg-3avLIQQT2oA~ z_U-+}!t~LwekY&(*4+}T)@$AqcAlR-Pz>z}FG(UA_E%ADGN8YHI$Hb3ImqAfK*5h2 zpQQ0Vqr+n{BDBC)Olux25AD@0HHaOB{ng~kg8jae_9gZ0igf9T|HbyVyGNtdq#h?AN+_DaaPG?G&3#z{zM?jMUFsBUX}eQ8O=bAcJq7w)iEr`y(| zt6hJMCQ+wydA{uG>-%i>Li0;XR?Yb%oPV*|d$!lOUmixg z$kb#i&mvN+EPIi4+*a+M_W@hxm;ieVsOlonj2Z>ZkF}1gtxbGd74%78<6XcU=@w$6_D*wWHM(!gn_r1<&td1KLOo+=GAN^bDvwZN1Mu$0Clt+0C#}V zwT7Da@ZCq6nBl9Z)44q;y7Sv2vpW$&g2+YO_4mG6rQ|!@_0!FXZ8WB6)2i;cLH}g_qZV0p;Jf z8=JqsQxNqH?|rx4^rHV}u(0ly*0cByv@*8o`EQbz@6hG{nZ@+&hXj8oniTVQW$GW9{%E!k6>V_YkxENw}at zO_J`i6UBZr#^RK&?xJ?tsl;XPF)fg+?ML zTedR)aUt5JanfsQ_OcLeG3A&j=U&g(wghKP>~pIwqhr9lsRYIkONERy8t=lX2WGSW zP!`2Losii^03$A^@f5nElAnl!gsaDE0{;QAm8)}iI>~I~8F4zcLfQ?R9 zS4tfkHh_t^6e;0pC9{@wsRG*YNv8T9MWxL&lhlu0owTT~`3#jf(*~CjY+YsD9!H>^1l-<>j zp1nkiCCx|hJLSp$b-Q-|@@;Iy-FFG>SlGv`;e|(?h|L}ba8bsZZfYPA(sXS>M=-Xdn?&%c&@qK^)@qN?fnqrhV zb;F@`%X0fUx78t~U9StMc{9!@Ze~Sf2g?WwYKipoMhIhzT)?&%X=%4QT!dOQeJW9D=##H16Iw0vWWqN1#%dY!nJYq$ zM}6MG`{aoS9%>3Em>eu{qi9;2pT}7%nWR%30)?4G5a)HtSehTpc-};Ij7LT)b*@*7 zYn%-jv<6vX$Zy|0C_@HnUMwbRFLMQHyIK0B5h1B3of+}vWNiAMO$W)G9FFKVUBhXC zi{tU*Q zH=#*tWZowW?iaTTT`Zs4*eP&kqZ_Es^i?5VPBdD$d=_m#u^Og5cC`Qr=Y7pqzskxk z=!&+juwwoaEsI&l=#f8Hyvkn#qjn*B;gw$w=u|_N^;2F>0o=6|`Tk_4LNTSxFwBCZ z6U*SGeE8nIkEJaYcQNBuJH|3-X~~pw;+X;ly4k8i3X9^EQ(IW>(6$Fp(Rk0S`;#*% z5k7(1R_Z`IkDJY7_#3h+0|dA=IFB4+Qau~}bKxpkTaOR2rzAY_!)=Mp=K&9CaP($y zTHUw%_2v0~a%IhKt!`!_37&o>uJrG9hAtJnFiW0U?nr=N3@rv?7I&cgP$qi81!?-> zOPx$`N379Qf?V)1l7#Nr;>k|*#WZ@CVE379XWJk7pYC7jc5S91>5x#bnU%5yxUt#S zv_egDVWAcvD`BrOfi`(qx>s9wI(c>plEfBp-dUaXOiunc(Kvnqt!}l}_uhVdS=_Sp znqi?!AxMSXS?SjHr{yl(Yw3XoBbF(;D+LEm1~Y=IjP+;K;+%Wywwm&fDZp)N?!Trf zBJSwqQRyz+)+;UabpONq@>_YgX?^|nl`j{Su+dso?S7rGS6{fAwj+Hfwr(RuP2)1uQGp&&q#rnYdsP!8S{4Pcj9#A(zT61_Yff5 zeUO`1@G!FI7$YjjftV>y<_TvFH}~7UMt`!@B}i?F^b@J6&7bcv`2F+l8eD06%Q|Sj zh@M@W|xUaS?9n=3h)ECPuxEIplp$C_5GcZZmm0tF-cab>7>w%ta&h%|CO- zi7QH;t3n7Z8M4|avjAuMucw5gp&n%OcxaZ{NR{A+CNNW2C&p8pvVZ>w`x<_y>W?-< ziD3~DPC2XUg;5%0EdKF*q=(mux!3~{SCz9-_;bz|aRo{b=g)}ybufdA3*^Zds%mkq z#{dsWF=GQBr}7l6i6kYLVWW4Vo{RQ-a*&ILwIu5XpYLpZNdqeSWbV&Y~9iB2>Gkva6ycZLBf&!FqPbwC!lm#kP-} zHvtONDSFwq&Q-mF<4}XNW}5dqgl65pFn~1eMa`-&y9~}M6KyXLo@2pI!7IuO3?2d_ zv`hJ7ni@Edp>BG*XzVnN*k>h%W9`zc{;J$1(qrYdfr-#TjjIq{csMV!7-UTq8kIbM ztWbFfB241tfC6%qvjs{KmtmI@6P?VHPIO_`p@~WJbHd_`Rgvj7v|2`_Mz_Q~pI+#I-Wa?9CIvg-gpZ{a~@a>^tMQYmJ%($b6#|9&J6Eya_>1%mej6O4ZFw%hEL_y zt)B3_2_v?-*Ur9jXDG+JUTUC4lCVdx8X@_CTr6{NR$A&U;*V9dBF` z>=~L@j&ffBU-;6;hXyjKmBT!T5`0{%SAUxwjuGUCD5%2R6B9I4WU2lwQ>;yCX8h=9 zx{aNz+?k0qiZW4WaCPuw?Emn6NkurI+Ys8G8I|qNQ)_NZUFy`6YR8f5dlg|9drd$! zSL=LmJ)K*uYrapgWrplKE)mz;hKrN^86RMm`{L##fY58`foOs{^I-<@LnX^>x^%)QZuaV9>T&ffamvX^95)QbX6WPBuJKkB5Xy+N?4pH@R#aWmCSgQAYO>} ztvODz-Ye4BgCF}U_=3gG>3Grm>_p#H6aFYr+r!~7?@Afe@%8v~U)YLlH_1^|1-#rH zEPCIoPf^Sck|{EjgwL4XE{!+jRw|GN$U)7;8WOlT`coMkIlP{Vmnuwx!{BvvIma#E zg8f_Ksh9puzocvQ$+fWZbFt~U&;Twn4Slzh8+D#%)wqnt$*^>{&3M8fd+qosI^%H> zpV1NJRLvTCUxo@5-I$iAsm_!yC<5i#QEOu}=E0G!GzcVgWq6pTPNPFP9Bz-PFkWP= zG?^^?koth#0iCwPz4`r&6E^T7J{434_7dqq1X&+hUaVW(Pf(-pSAb|X5oz4mUjqnI`?f2p4yTR)Ha{!LD0@ltO!VU zIXhbXpZ|UQeG7M0gU8{&F{$xQ&;Nuse9WUyV1Gw8*SQ;5<9=T>ZVA3b*16{{4ek2> z7iM7nrh6;&eOb)@e`eDC4qW}8QSyZw;RjfY@n8oVll3t)zy!H2J5LYj+?FYa1zG|b zV$&g=5;c`mWtrYm`weX#RYJwcXG^=SDXt|JcmX4B2ixQ0^33%=zVGTE-4c=LPGI_J&Fa|b7m1hHi{RB zD(0L{jTA+vYqG;s(HyDN&+*1ABD06UUt>J)X}W3k(&I+kc}`U`f2#0CT+p3NMKhyO ztp64%_60iA1Qs~oLy9-?d-OkJcS!5^e!hWv#Nye=Tj6h@|Ht=j(Er?y+`wHnMrKjT zLgk?J|^_1#dr|srsW=Da8&x=;eYJJIGz8dQsW#{?cI)j%xK|@Wvc5-gkzd2vkbo&xPiNn+fS=wZw6 z=Ez4T-^R0<`Vr#OgS?;_Ha-g2>z(?J8*_%wM|H<`W>QplJ~~#}bwX0ZmA>Tyz-FBkY!jb;4z zfi#y|nGwOBDV@nmBd_bIR@YDUBbT+S^4MW?7>j;q@5P73qY#z&6$r22u%y(t>+|uS;2)zE4oA zp5~MYW<)hLU(vyijYgy10d-hK&aOacr#<;ym(QsmOzuy_R7$R6mmU@#>#LY@PVo-l zc?|zjUJ^D0eM(xGiVMaYP8)W#3l~Gt?Z>|T zZRIiRfTL@B=Q2G+p40h%e4k^KMCt^7Z_yvV!}n>L z73Ht_{Nwv7SWex`<_-75!cCr%HsDfUXYw=L|M7iO-+Z6QKfW)3)3Di$H}GT_sqs#@ zX`O44sXNgEa_bam=z|0|wMRf_-Z~qY)#OO)h{lQ-Dm!g>K(o#;1e@0rg6WS5H#wv} z-Z?ngj-5o@yr{ipPF_a+W;218jk}I}H1)@N*WfPoU9ZypB~<#44Y_s@uO45X8T33Q zG|d`)>QW&o^uHNRlHKUoG!Y6<_bLox2;t`0aVZTc3;~A@qxnMAzo+SK%MIjJ9of5) zq;A&0-t!s>YnYC14uhm^c_(xv_^AQr7=NJ3y4Gq>3dI*bSqBgw9iyH*>B0zhqdF(X z4@@^H_Pgs={itu4-NH0?C`k5MYN(HiuB)v7Ea3X_G3t6+0JZ8s_WN8;kVmRVBUCS| zH(6r{t2{eOHvBvZ-g5*WE$2`GDeqHTnzWkjKqHebmmrrIqx@gKugU$+aF39YaO^fN zr1P>wXXVUxdvnfBC9#C{@-E|HQQ!8kvRMvW+?=?3t_+Nj|@od||;+hyS=Q74z2 z&DlJ?;`UHxhPkR-xq0R%mHc~n*J5h;|KfcQ|KWW~yBf8Tl2&ZcQ^{5&SfwbMP`M9y z^}Q?~`=I=1*l-pTd9l{by{BC1l%q2%HG}j-|L{ID(296eBR##WP9#Xxbw0KV3lAX! zuXNSa@zJIC6h8>mQY+K4(QYMdRn9K_m}HGd(zjgo_2Rq%WP<4s=SX!CoWHk zM-uBe6Ue}wzpR;^WMHEXVpfb3(IE6MfvJViK#PzbAFL!M`(TYp)D>5U57P( zQ;TLdJg1L=ThG1R6P$x5D5FcJYoltWY1N1S>7B|uRFB4sFp1@B@jw)qJwdpRKG^1q ztN-f<8L(;@IpOpM56#n=6Jec_F&Nuc=yfOrjN1rpJ~x!>j>SPgh3vgju0{R7qgXT4Oi zp8XN*rv1tAePgKAE_(H%WZ~cf6w=MktdYT@j1c@)%>_sx1`=cMH7wt9)5Zd%4t&f` zAiMH(`6>;J0P)u9apkB1Gj$`7m+_@NB;f8g^YQoVH(oK-o7|=Tv-a=>24Tk57c7Jq zxPP_o;s;w_^V2^UmZh_27gPZ5XABqA>9M}HIUR%xlW>+9#*=|8$*E<3eoL% zi6Ju1a6Fsm%d!g6)Vn9}FJ8zopSsp(`XUoz4E?=LXNF51+H>;0l~n$^pg%9;+DS+E zOh*xACJKPoQPxWL3F1`)D~b&`-Sb=x!w+PqhFgkizdbd zA++A|5TRT@KyHQ+mn!EO|a{orhwnhysa2*vuxfpY4j#)oN7se9Q^n>sH3+* z0SGImWj4L022;1Uk;yo5>FQhh`mw^852u6aNP0WIkJ5s9nQQv`iT+jl*9S+W2by`B z%Ejw;OHXJYPu+yRK1@(sMLg{$tagYam;5G}T(PzTRH@v7)MQo`%Jsx?3(PpQhh*aH zEEdNv{%1v$tjQXwsMS7CB@#+aL6qv(?yHgEMNf$o_kgtOSD0MPea5HwaCR5LQer8n zk)6m_rPRASaxLwlQIjC@mpRcfzkn(wlh~97^_t3>+wql(>2ono&f2^!=C&cA?WE%L z$%y^%6OIRxbLiR=hyr>Art=F#)3lz7WM^nL_f~3n#mBi8oWN8Y;AnbNty?H0>T79u znm;Z)JZMOF8mC!19dZFsKaPag zE$R~FcHkB|Uycr($qD}5jAWw1EXKTp$c^I7+`|)d;RE~g&QzchO2@NiFMDzf)o1q)n%e=+7v>9J?QLNmJKTG6wvovKV#MI5zfnl8~Ant`hAFRziy ztmbrmygAFxE6hb)PC;-4FFm3%-WMH8P zKb!j$f|jWBIj1qcxzP^lL#NMW6w9AvTf%^P2?>mM#iKGeA~Rg|_o|T~uoG7r{D}na zPF|K4@>cUPjBb{CslF%$MCyyk;^>Upa2RV*0V+Jy7!Eo$*jwMvr>}AR+5E4&ua~Va zeX1Vrjn=(8zmvK&fvwO;Ya)t}}{60*sF?F#&LrxGE8(7Zzv@W z6sw;&mMUV7k|dKP?5&#INKW`>`u3SHLU9>IZfe`>b3tbt(asEA9%X?dud6{d9%G5c zmR;hMyAd)HUJ))UzApQRN3V4pwva(1D+NrjPgBJ=3OI6atGM1Ns8_3#nHc4xndmJZ zf45pvzsr{VT{39aSkPp0+3$XOMQTLjB&U*9k{z2B;5RGd3n~qofM<8F3CI<+zmc)< zJH$1K8a!MLJjAzZsSwXAk!oO4MEINNygLMB($cQvV$&M=DdMw}g$HDCnih-K96h2y#m3^RtYJZSIUHg0d9R_X=a~KZBD5?E{$)9--<*;#n(;siT ztQ^rGfR*-DcUpWXE5W8Y$78O+fyUk%eOkfRbbs!@$|ij`phn!NDcNzwpH#YDl8;;_#_%FH3RL+gLgFT$mO4Smt}>2L|rXF%7vwVl1b%-Mo`uSBU9?W7&x ziix-}Mws5&5^hod25iJYaQlunMTmi@c>$;W3TWp#hb#Lr7{zpdjFl%97FwV;7P(jM ziF03>m`4>pqy1|OCk;M3$fJ)$iugKh9UX=XYe;9n-o~f63Qld|DCsNI5suIRK#Q7A z>|a0D?#b$p&c!Qa?phj`11UuqFTx|hPD1jaQ3!X41h-WKGpnISZWhIaniFfDRR4@E z=b?1St0B#FHHpw%cY?-8G;NVReHtd6N&DeUQpj2Wiy?2XerD_rn`!iefG7w2$=Ymb z*4SNq5wP3{nt?HrthaG*z5up**m5xifXho(8Im>b32Yi@&NEJf4|lEyC}L#EN>|;p zT)l#23v%#2*%`BNLM;fzBQ1zv*>XNIf;q|uSCxQvS-9DlUXV~thRq47K@Un@U>-Xv zwOPe%v1Pbf$JUxLgBph!k`kSS#!irb&cru(iIsL7XeqT)TQ31qX#m%cir{v>6d5=M zpMKC*TPEZE2I)%<$4ZL2uwe%@6-rEU#=#8kJ1btN{_yy-CP<>i%bbAW0{p^ga1#=c zjPk~$;CBxu&`W)_C{+pFnv4CFq{*DSA|&x?jVpjxF0ubuDnRwsF$dp~M}zyfu(Auk zoLsXUjvSIEf>Z_oPGc}lD1CVmdJ_rY+<4rsuH7p&jiF`!l-?OkOM&@bLn#+wQUq`_ z1|33en5v=*p?0DT=1)?oh9#=j^mm3hA_ldo@N20o@F$x}gm7Y#oS2Gfq!6csz@FVI z6$fKbE%4+^)~6$@d$XtT6vYdJ3ukPDE7|r-iHNyR%;{JpYaRsddAHr_2%KPSs!A{{ zhq+SDI5gTjkT2wH7d}o2=7;ZB1qQg1sPk7QWf`oq>IgX`Q~ps*JwC}EUHDD~v+F~h zl5V)z9%Ho`QBI{?mz(XUnux|%`p6?>xkEi4dc3gxv_w;4FPWl!1Lr8s8^9iN|F9Sd zwknxvqSN^TL#1vz$FR1pe_}S(%y4 zjy2hd?1S0AJU&K}#PoJl7$4Luo=uNFddn`X-Dq)*n}U_*l7`Qhb$b-J)hXR zl54qUnF{!q2$H3~jV;)ymKQSsSzBF7p0T*;WxczJZ!Z8ab{5Hi(XATT;}J>t+?|9_ z;`4cKd~v0KXI{TzGaaGv{A4>%_#1|#Ycdx79Y?g(f?IHcl93%ad;FGMsCkJHb9dRE zyWk3ZT!+=B$$x~gd|1Dp(|W0qk5%e-#s3VTcw}*Zv|&%Jg%nY3;;HnPm%5`rE=wKO zbr;Lw_zTeS4#3f+bOAmb*k~P6;;}Kq-l#|`1$!e0oyuGnShZATIcR$b)Q|P(Xk}X< zp|X=EZy(i))DvM0HAkZF7T^_&BgM5lV3UNf{?d9d${3tja_0mBM z(=Vb&kj@7Iv!x3-*F@1kGOD$XpmiTWFVU2EvVg?sTl|P1JO{4qW$+QGmct65L;17d80=4Ak_a`YkohaGuf@zpoE+D7+uqVnwY0Ps=p@)w^ zNDgO^uOu~JOkhQ^)G8*krRR$3QOq;lvKQEBT#CR0PaR^1VJrY*`QHu@1u{X|W7D`* z1{A0X0dNC!mbw9-fs~}T+(uK1f_zP8jM>ML%lgxwP35uq7i_#Phx>!bfXSvXV=8sq zvhr(^yYPl-MCm<1b&B-J1-jJBDq_z&S)UY~R z!P6Ib6d9KnI5SI86gVqg*(S<~ofMWu&5crKegF0%=UrSFK)h^i^oNBCb`*7iqA6?n zcf!{UcQ9Ge2753WSUAdPoDv}L-`EmWo7VSvHN-jzTc>%!E(88aW1blfPO>tBFkF+| zh7OV6I2eA%=9sI1s$W;<47p`4hb7N91ZeN)x9xq~gqZ@yr$v1uEnT+r$k+AZN<+rs zE?yFFKP()cg?Md_E(Wx64M9O+sOEbU+KKgqQoVJ(*s!PGU$OG|zE`pw8ZzIEsNP~Z ze=juH;_uSebA@)GUb=PZ0OkN;TO*1;jr3bPE=^1v`YxkUEjj_HPxG zRbNP@+c%WSBr2Lu751{8oYyNMRw2@WJgkS`z|JUGotm@`Vi*!s(9)=?7n{hJ9STQR zVVg92)}sm0CVt5czc#wm_scX6xjbwn{o=xhQ#dT=H-M%{*GWsU{kuTbzf1XXh=aYq zHYF5;o2?JJJ_JhEY$Gg}$xOkyh-(b*gl?m~3RKQe&cn#MxMlO8+v&SVd%TPA%jJ2uxxYV0Pv+|}rkh8f_pAQ>De&oP`R!@$&F%C<`=$Gv zPUic%yIx!JCpRoQGP+@t2kf@JU!4Wxk~MUg_fdz8=Z^XEGZ@Y~e1&PyYL$~|P5PaH zbl4>W+He`mITyyE4I2g{@p@>@!Zh$?79UnHiS2|O9bjvP3^=9z9GAYRQmP%X7WNO1 zv&RZVXrnuVw&*kgRB4!!M%FPjC1cSWI=G%(w@2M5qNw5iZ6%EQr-ui(KiartRc$E@ zY+LA62@&JZ04j6QhMlId%22%NR#Fe;=LzK~hAlARO00(^rR6f9JBqZ_J?PNV80_(} zdtjtE@N75~fG)rB-+rZ=%p-|dz*NP|;J75xm`aKo|EG61x0s&9mw zM1VaXoJALlyH42G)G&q{Ur6;(eI7i6Gl9zhs?>aC`L)=6p&!~g@% zDhPHPu!PPS#x)-qQ>|5Tw?i#ua`!{XN+t`H!_n-hXiGmdUW4(pj*DX7m!_1qdojM{ zLLlmxXnK*aug9h$Tq6tWQ$;rb4ZB~>w2cvJK$AUp9eKt})XuJKH!f{!G6+i2E=cpa zLJWI805&-0VCyq+G389#}^;K@hoRM*7a}Z#a4g zZPNW(CVR4{EuEezhKfcp#^OF0Bc2*~j^EgLGIsq(W2)N+MyVfSnewFv1_zpmrmvI4 zhO*K;-tumK=Y!x9>@8L{j}OWR7xxAs;h8`Fh!CBg}`SfqWFa)I8?totBPtACts{1V@DmU zq6a#W7gze@s!}=G60)@xh)DgE#eZ1ZmSe!_6N^_2 zZeIwZ{8dlq>d^Dn?_9FmLxH9_l7c9IsW>$3H|s62YLfk0g<%m0F6(E5P?p7^K61Sz z*9pe8C$4G?3F<@XKx<3HpV+$-chLgw&xHqJU{oi~50~{Q)+lZXN$<_d;(r@cSTnCq z<#;%)SW~j`acXFJq!A-a(8b~~*z+W++J|>N@a=N^!B*?>fu{h3sl2!NI6S(qQU*!H zeRYSl-S+FpraN_@Z1ONOqujCsLE6RX`R{#Ou}!moUC29;M}`p7idzLF(f3h&geDh! zIB^f5mEtB*wjztX7cn7~Z)AwE_SJ*BPLjaP+ZevLB*8QH4A&UjQ3IJfEB^HJT5oEE zwnI%Rfrp$0Rb?g6JJ?|;Vh1V>;=Cl78m~BX;MPW?=LxRZ!*0IGs z3(5zN34k6qFI_Exh1{?bL32Htr%cu44FD*A>bY^qFKwI9H*mWz#3nuR(<)!YF7a${ z3WPC{HjFxByi>%$MXkr3kL~8YNn}lzm#1v5Pt0u}o`n?P)F4_-EL=7`gvaKB$jHGn z(q*};&mErkN@8L}+Wg&E(rwyb$qJYfsw(hzt$&E*1vDcYR~TfRrX_@Gp;=432JUM$Ajmys8B)dm z+1C^vL=n9{?-|LdgIrXo-q>11c%2(m2(f#9(0W1j75Amm=q2x>2$7p|tQ9fS;`XtX7+WsIaKg-lD6x@c4Z5 z2Qr*v?#RjspEGJ)#uy=T#V=q5&`C#m3};VpTJ7UTc@=nFc<6b6P35qqj?@q7?sFc2 za5DdN6lMwS`nph{DCiX}YoX1G!=MiN3+NTWKq0a!Xp)wdTgVQjB1m2@viK^M#`QJ@VRH%H%jgPzzb-F)AEE1BCZs#4qo9$Wd3YyBV`j9J!QqoUPO@3wQ#+{-|$3q z|64)7icNQ~pk750@$F)rHw#r|>2%B9RXK~Y@%P19h;EL4l`gs05}~wy&@-|Kp5mIk zU#4CCmY441uEnL_Zkz7)U&DJ`^@>bS#}HN_~Qc&}O@Z&}Or{kSm(v2qcE` z2)hH9hz^nP588m{$)!hx1f3CqlVG@51BqNT;Sfn?6AH@^FmC7ynB{ec+e+%b0=R{NlT$4#(#>=lojz-W^08^~n(ZQT%s zU{e5!i~VC+3=(j0qAEq;+mpx^cvoWCVUmj=vGDMcBpo}yHz(rx!K&x_W*NH} zK>onamf-n9d|Y+dXMASwGMwDn%m>f)?q{8JdtQcs1Y6BJ3;cU^&qwT&5;7ElTUV4? zx8le46CfMO69QOB2c}4uZ;9xAj*!0=-y00Us(&5$CSm+8Y9#C1;bRi!NX8g@dCGLT z(I@2L)G~A2jZrdpX7G%5 zLuK4?fn~q8Fyy|L%s#aCyYU9_@wt%Kd=G6T4v4|^sGso78fJWl3Kwd|~oVCkj7QeUmzO)1CG;wI8vR$jar{yjYS+XIRE^i~6 z!{%loh?0&}mvQMXev^eT3wj0!dw(FC__HWRO{ zbskZzoD+&Cwz}inkLGuzW^zme%3I2T@(KeuxE^&=1HfYj*d*4no?h+3+ZRH0fflnS zxN463-oopbhrNX2kKL)7N`?W?x#sA7ctI*fZcq;Z>~0-YRYET`{5Ez&`eP$g#fgR4 z4J7U)Z4I+3XcmKU9)l15S$){N$s7bE8O2 zKkxrCW6VE=LiFGGBK>>}KDI&6X5o1^L$mN)rJRXGnasR2 zkRD^Y6c`W;fJHlX1G~`gKNkJziR{`m8&O*nr58j{g=wfkI31hOrVKPK*URnmi{OKa z;Nu4WqYnS$7rx*U5v_pvOz$~LYJ;-E)YYj$ABcT6@iDo9XJ<=3lygl7z@IgFovXQW z>=$fm{FG*+Tq7)%+$0?C?<*aRb{f{U;tO8)AJJzzaW zcFP?=4VT53C?D-1I^Viy9}_LmVI33I!#&84QKP@D-63Sl@K^!j`q`lT#~Q9UJ+^TM zJV-?lnrHB;od~D8FNz~hO-oqF5L$0F;pYyE%)h1I1dz`j_+hw+N*&cS+Bh1AMX~t0 z`(qMO$Mi%>h?;VKI1i>$16KR_%X{NMlRgu5+Ie5g+jcn}OD&5y*hc1MAmr=$ovueN zPR-IJEKz$SDn(*wJ}R~iBSfwG{(v_J$ocA z@AD9$duSQ=vTS)(+m&w>PUDxZ&iWJ%MCf|NG*IVpXA+i=@)dx5Y&*}VCN)#3=$Y8K z&MU{^O^~A%0Z0dE5*KXZxf<0Hf;(y@5iW2=-8yXB(77Q66^bN-7n)Rp@**f|9aBS~ zs0fEq;7P4b)FX(-aoioyvrR$LsOB7e0f%XQeJMPGz%}Z-p}bRKOL*S1*uc*n?Aeuc zaz^WV3$)&%_j!q>;p;d?7IahvHF;N9cql7AKOONVzLcaD98{uCB~=-Zic3zXeoQbsgnV!Bu!RiI9WYB*UKVAiSfKs)7=x`%v)Fk{udMmkab>X-9}quYq6)meb4d%0Th(s6&&{HG$rf9v z=HU|WuO;=!Bnf6i6|;s!aV1KorSCkBIBf>TDO4ljclC*R*bZ4V28eHZ`Li8eym<`s zCYN?M8^@Q`<4eT{P>Yi-NkC^_8J{=YqM2G^i3q? z{SZF8tHY5@>IXuT7W`^Rx{VeDZqrg1>`|Y;8Jj+=3egZ_vjUtrl%oW50-BWMZ+72- z7hHHjl^fzD_4xl5^mS1qZ6zPGu`b=LAaXEEyU`ctDlelkDmdrw;F};FajDxZ+(43` zB3;@TiYZ1I%G-MfxgJxcHh);N<0uVPMxM$%%h zdGKA6G9@I?qCe3N*~HxmVa~lLGnQ+yp>-NuUD&12$R8sF{z3e?VT2%abRO8>5&$B& zyQQ`^(|NLHhcbR_+t>ANc;SxTD5zI%^p1vd)wRl}eXfJm@q1LkdRFR9SpH<-`$>(A zK?*_NFt+>uuH>D#HeDasn;yke;2sMVvm$X++xj~;&Rhdt z{;lDqLb%H6z3%?Jd^^d0fB)4>pVe@4IZ~dV#ZR8(&8;UC`Qa2FNflC&!#kBa*(1ZF(*aP(ks($?H_z= zQHT`x0FDrfrCmU3I~8)aCDksm5T0s=i+OBvMqdSh%7N+54A_sg-Is06ioAwPcl$SM zhDHXWx*7)KL^&jtUy@~>s8keC0x6B-+7w^%f`!6x_E9XguVu8d@`yI^p@?YwAuW5i zB!1HP*G)@=j`!dp$Q3xgx8yd3nSv@QPR;H&=cX%~vd5jWn?3vkyAOY&$tmM>JIeaV zy_HSx{k_4}{rEOFBc4ESYE`JOc>j-j6{6Q{4tFT9NB-7dKFyk+g&G(cs7#Qs*elx2 zU`c7$YJj9auwuGY&FM(?{Rz zIE#L1O5X?^3jAiys$5lD>TD!B66Uj+@~Ed^IHd3FMdLzn1QWVQ119U*_bVzU8`e1mnWM) z$2X1exPN>+VVq)ZZ*fWJUT~eOsl%>hwly%|Msl-b?F+;;%riY%DC0WCxHivPH~gyo z?iPpE3yd#kqu9At?CD)ZmX^hwKNJhjW=FehM zXf=7;dL!)^3vee0M&Lsd*~eh1EuE@amqM^RB%kXLiNPOUHY+oHYX8=H3^lSvay#Xe z@>p~IIWA?E5|S?vZ{TrXxYF#G$(9?J39(Keowvx4qzpR5ZCZZvlGSQJd#w`ur#q^3 zZuAzC1MJXzZE^o84zhx0?(lBzfz;;1#)q|7?ca5RT4ToYYT3DGFE3OkW?b!TXye`( zm_1mT9bRvb52G$8mM=t>7pQf00tMa4#6DRYPE>@JOI04P=KT)V7$#nlBNySd zRw(<~QgZgF#Upu!a=u+H-cJO+IY0%T2cL|1f7iaPOYRUo{zrWHcy*md{a^91bNx?z z7~Nj-#nP*|#X23F8P~q%d43*Xii3KPKt>W_w#zPz3h}v_`Z~M3(>A`jN`Q4PJ)P7$cg~aa}-DJlP?ASK?`^se{0u}hj zA@BAAL47v9XRrY<>`>-C5l=uTx1L}@=W2UE772R_);1yXKmc6rKD_P^XiUoyJv{Oe z1&mlYB+(IrUqLoh@v&J0D7TxUsJC5%sPzS*LVUHULID4HqFos5Qv>7<+b)1x>b?+! z6oZK$m@r5Y7PCw|5w|1@>GDf}&4C|s$R@wu-_86w7zk1MhNjNN@JLe7H3??V?`EY{ zz3qd0B1+f^g+JzZ%@|fn&228I}94=yQixwvK%0AZ| z^0;%d_N_jM@&EJ(3QMvpB>MzKWmHy`yxh_k6M(BpMCZr&klui#K(SpJ*#P&)GN44A%I91% z@^Ez~<1>Wswow8)3hpm(SsP!sqhy7rPP#-*j+i+Ji;Yha0W{vg!^^@rfK>IN`E{&x zTYIC<^s-7m5P^SNtBA*|9CUvL6@R;gchh`7#?kM%_Kux0a*Dg>%GLwx9u6d^1x>1* zbxZiU=tK3M@Hm%!;s+9cE6-Nw`pf6-dZoj+i`e->(sE?=f06^XG90az%%`-gIbTtM zt-!LifR5olTgtt1toCP;9%O$>s66(b?Xde=^|!-$`( zVQ_0D!Fb`ZhU>QAXKKl_nrlVlGiDJ|Ry0}lHgf+I zl1diMS|W5%{d$U($VtqFXoVuRH@jM*u@F0vkcgEfAzZ|&*qDaR<;uql zsodo6$mV`th5&f73=o)W$MRK({(>jCV~vy!6^cYdcOkZotC8Lck;vm6CNEJv!H4Z- z5(zT?ckzk{GCADpclIyopyKp^3aPCEMu1@B^5HU*sHKKLGo7Nb6Gn}4xob*c=wYm$ zaf#z^WckHfWCz>VqV($2aocoB^+Z^e$bn3k1_&L1Z6!B0ZcLN4f2&)pBhOCjOjf=m`bif8@LIdY*k6$hmLBS(GWQCJ4AeAidy;Gta9h|NT;qv+s52_;b4FbCzyPI z^<4@;Hlj<8&n$$l$eA?eo9E-iA?K}KBnIgTv;4EG<;!L%tBpA;kqc;Nttr~KgG=Es z7%n%;Z!e|d^=n1XO77idDIGPdi2PB1CR+?y`Lx|GViL*7{hZ4=a_J^UegAnE?woPo zMs5NkG0BD;z_?cYS>+U)u}4tzn~#sv!^h>}&aLL_^KRuNs=}QGr?yQG4_-spmeruC zan|o)7N^#c>hK4d*XXO6{`OlDAfcER0?(GauY*JD`QVtlq7A$^#3TZrqHL9vVaFvW zzyMM}zz#KiLzWhWsoNFbh3ZhNQH*%hh|)Egk|gW4GQ}pSN`drT13`nh>nnR&kW)Uk zbF{0v-^I~>zWGV{ed_WDhacM4>BH#3nRU!{jEZmJE6D;u*(X8d>67b526Aom$W)CD z<(=nbarF9`AUZtv-L-8>;PfkrGrqIMXJ;Lyp*(H`O0=TVr-5;zN>!97^l*LQWkwVtmDA0@o%|;sqn$4w-=o;IIu0LvYJqk2s zds=~pNxij56IJ2>W@OutZTfh5lza9r)C|j!x8MADVGwo4R=aL{nFsG<+4Z1Yf7|8x z>(ArTzlPD9V)UlyYNIzrOB=l@K2mRr&^&xYZt70?_jby?*O#`fKV@5gy0-pQZT)H5 zLgPO7eK5P^)!Qkj-tX#Q!t&-lMb5l^L>Lx<*-@@-9z08KUG!j?x~EDI(Kh3NjCZ{Y zf`F_`me5<4p#Ci^n(P|FO%((#*PE5)XB^N3gghTecJcJQFj$B>foXNS6DY>QQf{V;K=CenVQXMV1 zVaj@XyZJuPnT)7nH*j7z=i;IK8%9zN^EM#fzxF3Hy*ZU4fBj2A6Fb0njFo@)4S*!K zXN1#|Y^v#U;nPHjpqgWkGhEbn>cyZ%>VDf(VH?SExS)iM>`+~t&fOV#pC z?^|%AQrb7yef$tUW+V#Bmec*d$sm$D} z08o1!@SZt}kp9Zs-L2gSlfY6D7fI2h-WY~0-(Z)ZdZKrw{BABnsqhemj2zhmQMj8z znfA_zy)@4g9swr{t^=ksL}^CUzp>Y-HAonn!QfOw&XT`=7O;tZxlIUCfB}1W$reRI zC1H=bWXdq(gf1x0lqL^LjyZ@4d(@Ifx>qtqRRUK?fx5$kg5koVvdq z#26Uu$R4=@RvKTKnXkA6{jdSDUL~HtabCWTGLb^;ZM|Wp>?JGVwjUt9t~Oz_`v7_~ zUz07As&G)CS>>u!9eaErVr39j@lvLAMTEh=R_RWTuTIX+ddEqa)=a92%|d158ATpg zl9>M%SeX&g=+f~{Nzs@=zjM&`;ZT_W5w#)_FM%#U&GA{Q|wm9@Mn zv}ra&3!1?!VmrKf_UxuPxpbv!s1#5?+bM5q9Xig^ezVnmd0XaDbiF_lF&ZsxhFsXu zJQ0Xjseb_Yd)i{T#Jpgx*Bg==jGreQb9LiW%-wk7I6o~kO}x~O7b0$Aaw5qLPt(1r zn?UUeN1tx$*1H5E$&gv=+u>6$^>+D9mCDYL4oDoR9ELimPQEE4cj=w5xxd}o#VDb? zjlBvZ-Y3ulD4wg#77F3SE^JcfUgsIHhmDW$<2I_QmsA7ggByFhLQAr@)|T(QY?U<0 zm(*TIR190(3u)-u5xHrnsH(oSb3INHVN-|Mte0d#J2I!$P4GNT3ot*;3<-#6hU}!x z3}$Xjxvmy&u#*v96Ro}7bxs3djL#ThnU*Va5Eml8GG|eHd#4QOeU1`CxIsYU;Ft!| zMhRI4uxiW5MLcVOslL?4;QAu~WlM&DRh|_j7%|6`(mS}MRF}Y9abew3OQv|t$p6pY zpMN)QWBa1`@87=y%l++TJ1xmIbl-DM-5!?Xs><<84Sr=OS?{I##V`p;Xp;n+0PRw4 z?)%%{!rlM~QXD{89+HT?R;Mgcn6c;m*|hIwdV>jr)B)V4KySCgsQ&Uk)aR#r5Dmuzfgx%P8C=1}rSFDbM?xR(wd8vGf!USh^ z-H4H)QFZqwmN1#R&ZZRuJL)<5op-}ZKf5FN6p!F1E1NbBp$)I;IfRy=cAdi0dDS|X zM5J6P18MK^Pe2$q4sOuP&7}Z?I0Zh&zGxMKE3f=g+$CE&P6H}_MtGVhU`2w%J+%TW zm|17l_#y;!WnUu3Vl#wa!R_k#vS5m3?V$z3C*!}xElETMI6?&j!)PN*H>QdXD77#C zyxh~Hq&znmTNe;oef>yZ-@rDA6VoAVZL-|&gK z&|;fzg5=PKKcRvxxKyl=SdMB*vpCUz%|*MeXZ5^NvU!=H^#$D*25Q_`Y`**S?h=c5 zQB&gzghdm8)OM_O_b^I{wK5HF!bXh4wWJAoQ}qDW9>tRcC@n-+w;9?X)Ex?J!GAoZ zAKU?il9&oNbFMxNm>UglXkV<}_lqe(0u# zIA{c@HEMBsl+}iRDicOxE}?SHYDSK2WVnq5!_HgUHr`Av-=Mt#`k9eql9fr)_`Q1@ zR1YZU(Y7_N9ndev8d9K-H_oROVp3`T1btC9g0C?L!$dWQ>SQ=@x4id&P9A@F-Nkyt zEebulKNaGJa-ezcKBAeP2oAvh1>WQMZcpG+Qx&a=G z-vHADXK8FJlu|uws@P&6{XJ#Hf@#qtTK4T_fUkd4`Sc+_c9(^uH+^K-KGdDrGIjg) zaQ35tDFGMi3tSnac@OSR*fsOUge)YbxxQlmOLGc1t^b?klo!D9wZNCK+IL0`@tW!E zC{>f>XWpXE3y&;pEY)4ye z2^uyQna0*sLVKG@xm^s`Lc8f?HJ^ zgueFtRweW?p=dQ1lnp)e4fMLbeZsN@&syRn`#Csd^4=xV%pYk^3z{_biH{(8^WuaZ)ZKF1hOJ9uOvAKM_g_<0@JIFz+qK-gtpvY0E6 zywIyba#)UTz7xPw=A!smD!O17B4Gv1qMk^!5vxnT;FR*9 zddu7&g$8SRr&)vK7r$l+?U9SeAEwHiZzq3Cxt2NRqF|;|5H9R7Q*C;heU9}j=+Ewn zf*YLe#t!Z>)3X>LgP-s%16JVGko7o#MXl(C49g1A1)~y!<4?}MBc+5Q z@$G${GggH-D4x$2BB9x0CW^&TETW@DG+mTDW`FqR<2NU*ZS+T66HG$TNAne#w&QB_ z2lezE4@8IPs1HB9=I7PVO_VcaYfcfB0;B4P$UL8Z6R!ePQphH_VkX(7U21^rUrbfw zna}TBw#tjypZ_v@21Gw&w;d7EuCzB2;6z-}#EsMD7o*eGOv0Ii^p9eZ?c4HxE0DxY z)QxEaBWBvnY;&>_CAp<2!?A2GAfDC*vf=NM$s~=wCm4U~{V?`ce!aW?{N}#Hg8iN( zRLViwsW-96Od!IRVB}wNfdNPG9e|&hrIls0B(#m5oQe3o$hg+UC*+(JH#}n12WN%2 zGMFdlIB*1v>5Z458TpER(M%Tto)R0+{uRVn>H8loX|@1}L<&+;BvL)vf+egS6aaGZ zt_nu4^?SFp#ed$ZIu40VR4E!Q-!nyHsyZu-1zW>vt@)I`Qlm&}zc!|08>GPEVaTE% zY!XoI1UupYNgcOYUDk$$SM<8a4wV-yVlm4ihSl4>9^i=88@y8(zlgUM#t(~Olb|3j z#-m%fv0&znSB>1#0M+%FAXs-0tlqPOV12R>tR6KSh3Ktc#%OaIgJTQUTT`kDNlR7IBv}#mB}z)kZ~9L( zhRS*a>BUS6hgH~;=;WI_>%0QGL7TG!K8mPhQ=UndNv_GvfIPJKHI+Qt)4$Aw(hFJU zxhRxNdFcOn6}rjGaDF zQ;lnaI)V&zwgYOu$ePkU&1|wT#WP{nr0dKMQ;IoF63ul`qB|>u5|Ic4O6^(W3yY@_ ziNqGG;aZAvlAkJzOp>dFX4ex^W;rb+GwGj&mzTpc6ems)#%Ow>5B)t!oNrr~qI-{e zLWW+>o^``h_Mt#dy_R4Eo$r0jS@xc(f=BX#eNno8|$30dGl<+r0PeE)+hg?^&-+Z zmg_n?PSopNI%otfgmoY93u{zZ?*J9xsfm1x`ugBmiv`KIFLj%fMh>h>rZDC@aMm_f zed2}d@r>+a9>2Bkx%?6E5AXLZ{Jntp;xhhJ$MEeEICq%IJIv(uXNQ^Gcy^e{WQUpD z+TIQ`dF{O&X7Ua*d54*d&ki$rhnc*?Ox|H8?=X{_&ki%0{Aw_h`~8@;efM3Cz6I$% z>rNHhv%lTR@`lqLj_at~+e#%;s(1trAh1FC7BB>pnzLIXl|IWwOultqEA-NKQ~ZQq zGjjRUPbpLMr^?y&lQVLegS-BQi8FyWd!)-A>t4-#c&~QD4uj!ZB-2A1;({zfI|JO# z0Jr|^3~-HSXMiI+16*r+I|JO>dpiT%&H%SFz~Qqq!0ilhI|JO#0Jk&1HJ_aUj{J%Y za4M0g+TS_M@!h$x5yW1c?!~)vBAHTPL@~jSHgN`3{+Y`U>ukCabc*fkU+@Al$4-tX z5Q5L=5X7qY>_`-d(WI7a1=3rO;=Z0o7Kx%@G8dTDT{AhMX{=}e--?1{;;Ojz~z_QAGkU^C)Pk zY<5z3_7NG8fkXnckVrr#5(&>nA{%EU5zz3Wq7BKk{xlRk$Uy2Ry-$s_ZX@H9Y?}2+ zcI0|TuFdoNB-d+MqCso5qt#=(KusiAH#nneY0)Q6j^RL)^@>KW5L3TGJDUCn9ml8> zL$75%Ckbbns_BYK5Ca#B>P{>)$BN*^>Glx`b_&f-q1kcB9fxc_JB4Pa(5yW>g=T%K zJ93TBj$A)!a=lY%+;hJQjd7@Kq|!u{IzZ+;Ve7ihkSvdS&(@V1o=Fy!1v|gy`S;*| z37+3;E+MGMfZO`24p8wyO(yI_8PC;SmL1XPpU|pbv(@>abTA+pw9PL>ISZJ>4)ksZ zde`^tK<_%99q8SY1-(n@m+uj)ds`rJwq!Wsh65|Scz13Q!3V;2dJErSK0)`7hjIg^ zdLYlcAfc)^y3*CEH`)Q={Wo6Tl^3Qw+xEuTQVLt&n3sR~9c>H-;d~h2gtd+NP9j&p zNFEGf7g9l7Vj;6rfTfPXWa?u{$wq90Blcj66YLTBhdhe=CwVt^mJ#esl zEf(*ikUiZ}@of{TRavM_BPyj5sRu}?nIN}O^QPBiMW`ajNxq~cVK*$dFaYB!L-ft|E0@+IuQp2DOhTFNUa$|Wf? zECtwlQW|A?+#v;MZrR%2jwwvM14>sPUsej=(^{1t48 zEgM&`RNPc}EgAcwNJ{@D3Ttp^Y2D1STN{~~+_Qp3B28Hqqh4LMCfMWQs7Q0|4qXzS zNyTWqQBcifia zLhu8VIX=f`ajJ<}bO`&OSR!cL1nxkA83fyciQHfX&3V#ZGs%!r{XKYimQ+@r{+z1i zgs|CSM)skFL@f3vO)cY0v|>NP5U>!s?Sb&joH5<}YhI8Wk(4RZ^5^Bz4K0omvG4%* zTJeld=Y*2ER`>Mq04N6)jMxsfrKKZp_$yJi(E?5Tak$hD%fdIhDl0KBK(;}tiz~-5 zZVRruP#Su@k$-9RM)tyy_7EC8K&P2v#Z6maf(v(f`D}g5hEJ<)*hk-yEGiYhvG@$_ zDt3jN_wt!skF=?fP7a>^a&YkDv*~~R^G}DX!+*Gc-+KR!y?-ygf2ZERrT@7+{Kw%s zSjyls+A>xfRk8NVc!3QhV+)};Rm_tg45G!UB8nx6G@)R!gO*m!RmJA6R{oLVTF8pA zOnPpDjv_`505AxmaFiekqf(i#3l<-Ck%cmoOx5ZQm(tWzC*B8!1Q-BPYdnJJ$5#RmUfGEFvk$|MnGt2SEI(Tr%83E+o| zf>8w~J6eN4=9Yt0bqZ^moRM3g;=8ddg5|2kB=yvI1{g>;;uUCHZP>uvhi3h>a8|`l zm>QP7LC`4XPONOXq-g5|83$~gCcwHO%C&9r8yYQL8E>fckG4!OI4Y{xyiCrS^6iUM zR&taccT6sEiKc%w|J9%Vy;a1!a6yqM1J{Op#8l)fp4ryJHU z?e1Gq;7r7gL5#H`(>y;eQc;{0V&0i65T-*nnzF{qWAm|z+;s?JS1YSQ;VPI*$6*D# zY&O2t-NkHI1W+=QAr5wZA!nHZ9=zpQEN(l5gJDZ;A|jeBg;c%E6uwk#ZF=>6LF$3e zw60k}e`g{#vzJRzCb6Ef7K{2UTt*~@)~w!?7tDi+tTisktthVh8hj5b8^pSSEgDCd zd4cz)yTL}xhVePv3NS$MImW(oN%r2^1={OwDKy@33;TuRa(jgI{hI5M&#Oajm)iQc z&>Y{pL)Jo#x1&=qwU1jCGW8BhUa;x9p`G>?FdCFHvd z&Q``^G9{U)md2~8dWQ||H-=83f$=6PLgwa=NiPyh;dk%})@!J>pTglXd$K(n<+L{s^Wb779R+2;@ z$~xb$nYr!54byaV*wNEV>?vnO$`PFTiW}+XmK9PN!XSt<-XVwP7rp z@1!EOA=}lOYl>EN3zWTR=K&hjNoSwWL}_p*$ZgvwV&7n&HGbV~CsAA}wX*n(r; zB9!BUOsO)KkiC!DCn3~(E`j&&K`VR5$t_*UJ#Y@{Q|gSi6Zaj2&-4f>_j2e5*ho=k z$9JdqnzU%jr-W`0QS>uata8E8lT+uXc_AX!T@33x$)x4Ej^lDedb)n}o~{T@q;RrS z*3?R7K)=j)S3)h<)E1g`rLwK77n90^R4;?xY*f)}COz2RE?UqC(rD8X@p+=O5l+$v z0e9mrXX(@lmM)~DIyoS>>mvs0eI~MLA%ucZuTC;DC#on}3(GPY=E$gdN*CY=vIkFz zTErUfiin8?g!s8(eRukrJR=8sT!%m!=9B}#xKy-g&WFzlSI|Vy@ZsDOQII)JB%5ej z2&AsckayyMtJ(0Yzb1XutUHwy4&ir_bwuNYQ?u{3M$KM(77GYTtSti`yOb#kC_PB! z>V}SyV5$kN{0)lI8SB?rcUJIA1-itC*A7QDCNcBmdF3E4$UT40o z_YO%J&HNgRplKwDQKLi#f1HWfjk#%ev!uT}#uF+ztl;Enl~bSNgcb`cc$>gvQ*|)q zU-T&Qg5U6jEm#b*Dl_kcGZ9N7m$a}^6kujILap#E?_k2{T7=rtfw3Cn(^C! zS%ao`ITcu{<%_yBQ3q&t>7BdtgqoF<)&xfjwl;iY+;kt;4sFj-V{w5|J0KSLKeFZX%u>tU|2)2{+)7RJwH$WOQ@)2Mj{7F*K zMo7V?uoVf^$1%4k>4ZP2A2L__%EEYnt_Y;qObcEob4IbEh!(TBBrKy>32TodCn)XI zlqXo}kQOJ60S>5Iye(=A)OSAnxZ{aJ*;7AK*u(d!xIydozN?p+6|4Y%q2YQ z`no-}U$3Z)6s?>P^$LB*vET|RXcmifZ4CP4G8!#A`l`gdv9fEIDXT-Gy@Tx9Wejde zw2v*j26*V$O<#qq+Ch5<-dXNRl<)!4iiVxO&mrWWojbXx3K8s5{3H@nNzD#k|M(Hd zKEl0rVLW@)*ukgvcw;X+Rpzy^Ywfx|cF<}cYwQEgEXkrsr1=({`sk>E)^-m3{x(}3 z_+CwViqY7oRVXXT7V|g?2pTD-0rjmXGj=WCU5LSJ&j`LANhGZ= z25G{YN59H%dGboUkcxw8oA~is#)u$J`dQ!%dm5fwZer(t&I>#m;D%p#0chT&z z?WD5gnV_#3nzF!TUS=-ssf&P^Rt~xx3x_1-i=}cN;e?i1cUJbpQ{k5wq|K>R8{HTis9308Tz7wu2A!~HtdYIo^a9A$$<0y{$nLJ zryxnU=XUr`FH%WQ3Oz8zX>y*kXd7DQH}B7n>#YK*0~C0@YWjOZV;c{7%dVC}T=z71 zU_sp%TrJD1StL>q-+e0iLLQkjJk?V=Bs@!8p?ENSXUa+-0|O_K8#%1CNk}qmVtr~r z=X#~iAbPUC6a7HUwcY3#l}TmslN|J$JqysBJKD_dG%;gp(lXvQ&enfd&H0KIpZkQs zQ^j5U*}ncIF+c6i@2Z~TBth13CgOeR+YCWC1D~C9i@5>}wK4V)di@-5=SBCbEI`YY zr2LES-*3+wgCAHGXK zN2*Pz!`>U)!X6RcpXUjWSZh*UJ=4YIhf^sbjz)jzH>ww4y_t5Tfhlo6?D-Ccw!u!D z)x2L+f9%S_k;;ca_CKhBejILy^xyn`2Q1n8?0_YAz>+&)$sMp{Z!bGwN&DRnSaJs} z`C9>&Y{j6zgF577#2pU*4u^k-!@n&Y{^sv?icIUXQ)G6E%ubQnDKa}n#ymSkW~a!k zJ-=Z^W>aU*MZ;}leID?cpH~keX|mGv#zP`KkcSo{b)i)ozy>pIbhsN#TmZr21M-@KlS7{!QI_IWx-YTWRYfJlv_hW=1n zA(Si`jT0tiZAoKapr2wREWQLS(bER(ykr~O5JjyKs#l`3srov#PV9#z%Sg=fM8NK* zWukbV1g(1qZ0^M9N)1gwnwtES#C#5*>Bh_9@+#Ygcg`5GF)Y=!m~n9wi%1?tB8ynA zTgLB{Zv?}Mh2Zdi1O7J(}&0oJbLG zgtzR$Uqc(lX=;#h4ODgP+@~VbGI*!1sHGkrQF&=kC`aOC%nZ=OrPT(MP&6T#8$d_x z48({tG^e$1xEz^Kb+WbQCk0L+GKMo9C?6*y3b-AyxXtX+IBda!!6yWQAB4q@E?7!= z*3Qo@27;XUl`>MAl{86K1T_5_InDGmAuzk6%eJGX2Vs26#sq@&PGpK_r47@jH5)$05?m~4CM1zOW)Urbq?(WP+gxvFD=HUD_4?ix zTrnIrC`A#=R6Ts3gPgB+a!LWC$FhoUGGCfhdh>y=G_!ovWIr+>j^g-b<5)+U~P z1(*5qr=MsXYgy)}pDxY$-9oLXXGm zy%1N-Z>6P~?<6Y_uE20u0PY~}Xv4zTNPM(zc>o~ovfAZOKdChTX-VbM4#%iEaJL)Q zRDNu>QdC~P=pd@?$thBaf-Z(c zwsU;T1*gMtGoP(j#~5oZGf*D@^Ko8Yol&(6FqqZYmc*ZtQtBbKm=`ITm#QqfB=UkK zjLJ5SL;_;qYwp-;4%{X|-&1*K$iAL8L;_V7V4P{U}SWQXx_Ds?)0%&=-O__*&&}-~8D3#i} zag5o?2Jakd`thEn0|UI~=f5{#H3~mM zZs>KPj~bY-Ii~Boqhu{cRTkKrdUdp+qon&IiR};~O~J4nq2!}A3E1&~^K$`qkuN+g zQ$spMR{wQ1xLX_J2fT`B@FP^4OnIug1;iKm9VT>eC#2p20u9I{e4sFZPc=9UdMW{P^wr zZ!XT>{F5L4@?%z}*Z9{j2S2hm{|s#8@bDk&m2d1*GXZg};1^T8IS7$9-r__mIO#j_ zOWVlZ875e@!LoS86t#A|j9mYxB+q9rp2GqC=2(C9eD?e=UCq1|1xds$bIwaSK@3_= zkwG@Z2A}^IaAlW_3dyBbsQiXytl&{&cD0<;E%Riz8&k)f7dVLN+E*L0>lVpk8@&4m zFEI>C5E$#1UiB=V(nKr5XWySVXE>xPRk-bgs3!uB0TK?R)UAh(OTyAC21Sy*S_D0< z130@ih@5?YG9i4%X7(@FNX!zZU~UV<9Dq~Q-!x>=u9;K)RxkgmCkADcrhoM+HvRn) z^SgQ)zihnk$J;xV`|?c0=Q)dJxJdGH(DMSh95Y1CY+x*VwZULJT&jl_{4+4o_9SWQ z$7JR}!-(kut8oCfzAsd(gcG8KAc@Ep?bQ+ObDUuyhQ6%0qOcuQ;R+ybHFno5XVKFt z%=4>EsIS~%_EMt3esCjrOiGEy0a9k@@$PHX?9X5@obpp&HUkOBcP3V=!I%vi*vq{Yew<`}fvQfih1$)0^v zx27>bQ}s`zXu-R5pHtPJ}H9MBX7G;OOTTYmz= zQ1A&1M)6-B5{&TKC@{r7no6RadLO%AwO*ke_#(M=wW6gvWEH=vNm)kD&S)-|TB-t4 zMGmC-U}m;?cKx4l2I{YO)#mE%4g|y2`y0~MsVhQ=ss{Loz&7_qtMwGE80Zm(g|c`+ zs$O)SDoW7)-yf}okMo6D?I&ZmPW;1CP+1#>LVJ%PR}p-Xx`pFxg-i6>I|f~N;oebk zBWbWwCA_yjv3bb!HJ7aYD6Dnl#kC*Ks(=k6#0RB&H+H|)NFDa1(O>2G>=@&4ui;z( zmMZ5xm8Y7|cw(TR`Qo^_b2M(Y2Qo83^LX!T5CmjhlKFnsuf9F+0#858i=d}_4qeq{|!JncQl zZ8w4e2=T^VCrB=Gz#;UdPB0zlmL`Zd<6@`-24I?is@Ndg&T1uUfI@iV@EWg34mrp= zQ9}I(2o<&lPP`7a!n`tqYx~v$k91mrfg^BdRgY4ZQN)7iU>SwGhjVeG`hZ}MQh|(^NB>7Q)M#3CMf0jB1yKd>hLh51ulOs z2j0@G31Wv%0JA_t-SJq>2mOk)R3fE{M_?u6bBJuiO-a$}uJ4w0A0l@Kslet%gkFnw zp>3n(@m9pFc75`8YMyKoJk|?zmqI*p!5HDGRv&1lTp()%m2ANqOZxUEOcVQI383Cp zJ7`(Na$D+FRPcaU5LV1>!sn#kT@X7p?P@ZrchIAN6MfrmS(51g_R+zCe51~J@kJ&I zhDC>r_02@$AH;>ob7M764>y??M3xjcCU@2)x@9o|KO4gKXM`1nD3B>NhcRsJ!e^Ae zGO)cEw9vkt_8s$W(Aao}J6i$I1pMsaYohUdA%UcFcf8_-sk($_;~gAQN(iPHxRKI z2<8lA@?DytB1O{O|iZrUHq94@*6ZdxKQ`|Fd0;F^j?6kAHP_=u(@aI zbWT1oNCCjje)A=#nN~;NQl99oUav#~7#($Qujedrch=AH4AQu%f;KSHp^RtbEve-i9br1~)O9|s0;-Qj@SQ+AGIAa!cUNY2W!j!k=5#bKjp53Dmu8%@ zWw^8HjY}d@t}GlHt(7oSHemol4b7znt2ahzLxnQ_lEaP$?~m>4}0YFYCck7Cw*#+@;I z22jqLPdMt?h(^g8LfQZdTJza}JBOj9HJ?on7`aarwdS*ZRJG=_(RvS~t~H;#toFU5 zvNfLvL}?4|daI~y%_k7Wt@(^1=w^PK9Jg^Hw$*c|U|aiy+uiW#Ly22|cK|i6`Ha-u z#xLBRmuwJquKCc6QQj0F`7=)3Z&Blvh+Woa}fXXK70RPL*Q z_VTjG1>l{~Z0+a<<~x`q6PwwExry#1>+^4u6DxpwU-a`)ATrTD{D6_z@U}+9d>jNO zgzm4E1=ON{tv;v{^$|jTDuPnTZp?zldGJcpIjY+pC^dW{TSb zq$7l;6>M&*ESMEYMa<_WD(T$wj7>1d+9XQri(w}gFo5tyyAw{yw4w`BAk!?!<`)#I z)lLPwUE<_G%;$PhEuPWv>_>Bq_aeSW7NJ{ruxT}DsVbU$V}9%kW54AIlPjq(ES9H8 zk8UkyB+sIxH11raPJmUp{k7bH-Bv%ea*K^Y_p|qdyx;324??Hifec*N;8_Prk;AIs z6n3NY>p&3j&KH8gSHh0CUzqaj`x94VxB=hbfe3pDJiWy#7?qq!MQ-WJf}&A-OVI4< zDrwgP!>joJE(wOqs>Oz>mnI@xNFIAgr4GBIahf_tKWuiTIsYCZfwlpAb9{DcTC3qP z8qgsY6B#X8N>TLZUg!&kJc&8js0Z^#&RLal}&G|(oE5YuYV7tob z9J1$nS9msO2B6MC``E&;hD~uT(97})T&33IKVZ8*ahKSjxeU~}KA|Z~PH0~R^LsxF z5c50Ln|Y_xFbrB!I}vXTrqp{2$LlO74xqPS3A;i3oSxO8nQQA48%pyIb0T@5DE<6? z6H8q%10E-o9eY47=ocsr=uWAHuWPol+9AzBGj&Kq{*|H@Ev{Z~RHKq{eS zgYm2i&Tbf?#T8ct1<*y@S+Iw#Os?3Fi3&W~0RE_3t%@<*#1kV4qEZ4XW>~UJ<5sn6 z5v63sbW!q{9eIc1?s5|`7(Bn4hZm&D^oVw$~O{&zyTf<*uPhlV4x%H0g%17epHfSi+12C8O|UW zw~c7TGY+&e1}mfr>bZMp@~|Gaxs)83fZt#h?Ax-81qgolLf;O z@K?;S!NjpjoTIs>+XdGebU=i5O@5xabc(#-DJ^)i0wE5{Wz0okW+pPiW0vMZfldZz z)(;vQ=+djtH}K{t34v^I_;{>&`<$~v{sDG0;2aK+i-5!0kD?WRNPPv&Vk|{VTF^+b zf=k6C1kJUolQ}o2ngMXG-u|WN&6VDsrN3zm1SPzC#RJ8UP)w_FcmE-rZg;nfRrP>4RolX-dU$-QhsCCPGPqPv0+Z^Y@u)^15(Z}_kGHzt zV>a@`XCmKI7V-$QepvSL$jsw0S*Rn%8kS2uGLQIP#u^qL7Lbw|kd7G~>auB=%LrVN zP5JdB;5|JQ*3))zo*ok8>0$7lMqoQVB(BqgVLII}p3}W!IXw)H(>5`j?hC)^;jo(? z61V9gFq<9{ujyg1nu2Bc2gGO^jnDK5*i26pmuaW@>@=U9<}+ffftX0+@4)?GA?o1^bfCK-1C2!m8i5EDjs`U5Sl}}r z31~F1!&n5MP4Q?R1o`KFQGZ6S?KrfbO;`3oQGOl?;pgGeeKtV$8Hwt%0iw@%G@m=e z(u_gz2}ST3h2FCPrpW_T6di@uv#Itp>V%9ZACH30^C-wXkB7>$ZJB)Y5T$V_JmXH& z!=UdxEb>m^<=YT(XWaTe8q&^Vq3k>^!p_q`*Le!aI**2`bB~BRPXkToQIT}Q7V4o9 zbe;lw&M2xsjGD6vnZGx*oclz|8MSUB*<%0m zs-r((M3KkS3l=ec!(~r=lGf}hyt7WeuaZhtDw{Iwy1Ed6<$DcV|Dr z$v(}_3b81dv9hNoy)88*#K^Mq!2=+?*kmhyzf zcNnYIq36(u?s9zsn$iy4J)&5V@{A^!9$<$0LBtFPX|$c~tSAhaXIw5>TwB*5IU987 zd07C#cE1*L99ku7XN<*z1`CtIor##O&AI&`>4^;~!Ft;IYH7yOeSFqByyHpGt=G?j z9fLuFvU@zFWx@#{7X{5E0Jy*hT9-B{ML59bxM!cUw}YMmLkVAL&7XbADe40hghkDe zQq7+o&7OkXJVX|KJcKGatBYLZH_;3^=d6Rn{F+Iy8avayw^>BG+l?+?!Qyq zfqU$5jS@UaUk|dD&2y}~YRN@~#1S^=`{b%&LNw$LT^RsGB=yzI&BXMn4-jK~A?{Cv87_v*l2nd3_Ai($HF0tb?ONxc+cXLJKQnx0i}{QD4XMf==r?_Pai zi-KllLi_eKhdFIxgUKRIuxl4RpOzkn4a_D~T#-bS-PP{XtdHwqi{2-=7%c zr#|l-f#tx41~+6=Q)yAmTl zXM+sFf#;!Q?#|f1OQGn*1Uu?M8rP@ZjL?f$U0=O|nrnftp*nV4+J!nD%3N=0)RVW` z8mEcK2DNYFH`g);%$P(piAs!EgkiO;??9Vg9v0$Ra)~)zkUZHs4K0#<&df_gLx%fo zkQOr0w(WJ8`)VCAx+}s1%FQsRl7+uJ;DO(*7qy(DwURHOLKH zTdUU4ooXD`S3T&wGk5`7_AC_|2w@3t0x-RTBY_ht)mb5~*aZ*4xM)nZ_G<^tq5pjg zIH*@a*bl@)l*U2$)dV!5BBkmT(F|s)I}G^EsE}tpGqf)2A#J=k^(Ja76k7Pxt&7$| zO=DVS)M|;yn9ZPvP-ozuPh$O2CM8{rUo`VOyHd+CrP;J#G=};M=G&lk<5>)t{Mn*$ zlk~oLYZ_l=$O|XMcS0ALyGpSF}(p z{^N`Pm`x}BQqaU^pUXeKcxK4+A74BJ0=?bc3{5hdhQ%tO#uF4x6`Yx~NmO1+^C?(o zdw&-&+OB}Vl;(X(1Pb@95!2hwP#Nm0sc`t2LG2;kHuMwhZ-eRoCV;Taz|@DI+voOHjpRXwM(2?>HC!7Em38XwGT9@;v~NrRfv>iXoT_>dUPqW+ zK%-Ne5Cd@ zOI8CWZ!%6)Q?yvHO=SwwBuoRX8G;qCIN|bykwB6VpaQG5Mk0%N@)*@G0_5F5K{j7f zIY#7z_nTbZif{O(n732mhe)F8eWB+|MHlOf(4B8pN=Ekg!EMY_x?ubJP|<q$?0l9iQ7Rt8x)`OmlaX9V0}j(S8}p3@;M6p@xjo6sg*qXsC>C@_cf0|*1z zUIdwK+33ihI6Y6J)%7zzoRzh|=TU<}9;PSi+{RkzRjIi=P4r95uWr zl(~S|{E??`Q}`yduI2P%OI?$0X7T6MaYVw*^`(qtN;r~VjSJMLYY=NclP8Q&OqQh0 z?>Ov`A<`@|y^9spWblw#r8wZ^`Bwg&X6^w_IKO1L>;{so7unr_#K zUpm~Fepl;>zo2C5*=>ZRONI;QZb(oNeZDp{T)~m< z#a|uG7(;`sC<-74tmDJ|&!-i3j51p-El~&?ISE*ArA@-<)qSQz&_%%k%3X{m66HR# zb14Ee>t^NC*%|ne9NtWy*JD%;^?56O$7;PeVwVO1VRbADXa%6kO{LIlv-GJG?tSV= zEkCpg6uLCFPNIo0)Zpu0!8(){zpeZ-z$;oa;5$_cDG`76^qAm2b`gR;J>WUxcyUE) zhboXZ6KXMJY-%I13%E978swn|kmsAXNYh=0R1FhKal-oG<@YK%rMP@)j5?!AI_~M9 zAsOZ`d|iP7U!oZ<{?|^sBGaB#@`3?nRC_14i!ZL{@2Ln(_fU2LrbT6Xg5aZyTJgDh#`5x|i#_cneb|Q2(qkJFSLzicn)Ytoolqe6Ukjj0GBDpQ3R1 z&2cL&h?+ zU8G7uk&by2)d$J2pe9lLiz9B+Ay_I}q;T+iS}6|$xD@$n+U+b$fy83zx_ky_aa3|{ z!1ez9x`T#==_7!DL>zT0REzFUbaX`TDP)%pg0w^`#@X8=Jmt?=X!S?#Q`(197S2>ufMh)bRnUB*UZUHXBKCdxI` zp!LZGg89s}7GrJV_OGx~Dt}qh0Ob7Qd$q>qJ>=)(0zwBz&MI;vWtqyz7rTPyEZ3XI zWuAeWW&_Aq*E3^ss}%@PH~);Y47Jh>*1~5+jmXbioWq*7h!sz+D8YMKRO*SvT{%C7 z#&x#IlTBw-i0TA78iICeGb$>^x~t+u;{r-KO;G}z({oSgH!JbBq(f;GcS4&)F2iYhO9a?QjUsB4Oca^3)L=YN;3CNg*L&08pdT;fLR#k_9> z=wlkouh%*j^u zgnN9I=jDwfyAzbdheGFz&)ba&{|lqzx@GjgKD%Y(2Jm8x)(p5k(dS&B%n5wDBX4KU z)9n~K+2Mm;b%nF`f(^X-$7^?T)$GT5`goL=XNu2=zrOUu|3h!!;2ou=TIde$ za&!IuTg*o6GJk^oTkP;wAwBqd;eY77;Y_Yba^3fPj%`mrw1hUn~-tLt@? zGm&4U(NlKp-+-M;GDa9x8bfQb28d6|TOt%x7oa8R&w7g>*SSTmSq}jFlA)2JR;N!b zrN@bSxUV%zS*D-cPc1xmWhVGK_gTSSC8~8AvQZl)K58LB~$Q=-n7sLtEKcWmDZsZh1Qbt_>q`*qMq&1hy#)tuR1j5EtURs z!mCGxREd10CcG$EP>dA;8zHBUEvA2u2K zx6f;Q{|oLlBY)2wnP#y z6oy&4A(-BEgLaVZvLRFgoYzbP;$Rcemlm-w&BDA45V|8(bSOf{8-}%jDMn8OzOy($ z|5j8c8m)3~L`g8N9&B?bcre}x8!EOL(1R~=MByY0+Nw1uN_o!!a^d0Jcp^AXC}e(C z@dyakvuVT8aY}8_pjRgyAL}wX)Li$ETg}knhDSPYh4u&827z=WqRP99xv05o^{KyiKIqjrahdUN3hKBS%$}~mYb7Q;l1wl6!lMHR z&jNj(E01Xt1{e_a57l_>F*@sgO2RgSi zbY^x_$Hv-EhS8kAG2>wLhSP|VOaF@S9#ikzYbH|x{DKOD+2u135C(SFIgS@cq{G1J z!kxNk8B^{%ZSr|Zalu%1-S*FN)jPqhotfsE^&0j7UktoL=1U@g$+*10IkcPSdH=NLAwoN&}5iEt}_rVw7-*#Gs3u^#f{DdQLmN$v4fqu)si1N zHg=dsc~hK#Jcp#pBnojrO;?R<$yZ1z56qu-kVW3JEc5(#9x zuTvHbUK26mR`-`4!TTq4A?Y!gc`D&cwTr|v(2AlJEO_(`=YsEi;Zm#TS&33{@1Y=gYFet$e|6T?bf*Wk$Z+ymMEyAv= z#UeFw^C6~tujfuOhTf;2a1mpIH`tFsv(Gt{LblVMk_RS&I_fSzN^o078OnpFzIG!G z43?xSd#5~C7;raAZ_5~){FVfj**2`;WjLx;J5P1({`nxT*iw4v&MM?@JUW`jNWXJ0 z8%EIGf{g&GWA$dZW9Im&DNJ(p=k;Fz=ipF;>N_S9a;C2`E`thav6cvg5fbYrd-J6L}R)qCvQ7gR_Na=3y1+tZvPJma3vMPsFs3Jj!jq@?5O!kD`4YXc z$uX((Qc6;KJeywd3Q`8M2cS&C`UKCkj$Ac&w&4~)tyZb455kEDnIsKS7NCA9um8r2 zK<8V3zJjw(W1rOW0WXwxo$cDV@>pmYFi;_^Vl`Z&YJQFHS@l}E>DJ%5d6(#}j4&40 zpi1exW9U@LZ&~c_44u142;A8sD(FJbCaUbATT|VazzcJ5hZPZL^(LJ&nexzPI+^CQ z(Zhrjw1bic9|GPqdK2)_66jQj;;-W!5*ZVgVZT4ly2zh(+y0WY3WAX-_QKFGWAx6w zh4lJE{0{keOEdHT&gsP$YaKPn@sc5F!n%{8<(=MfLKPpj!nsZ3NB8M3^k#IlnX#>w zrKZ&TL@w`w4#x*|-%#neKfX1Ru{yFg5j#3)+HISniB&Ob-Dvh`43c zqn4uJtLlkW73!vUm%lwSUSUFgo>cmvd5Cv5@{N}A^FEsGv0zM>gdM^_RE98%+F}zU z(A?(Bi{h^n z(I7&~=qu1RHZoqX4AFjSC zAo((*-4|FEbv$>#BbrF^ny|{|og_by(6m>7;=5PN>{qu`H}fs4!8J=}4<&u1bj$^!^RM|CNOkEi<_sM5Y8u0n-mFo%DV)N6_Io& zi_nYXlZe&5u#p~jc`7sv|HlU+0+K}V0RJsW4GQbB0zjLql%fngVfnm&`(reM+hx#US0F><3QT= zBjYd*%|SFGd~X&1>rNVOy=GyW)$X>D&c)PEGtTq08OPV4K>c0P>lVCTYd0)y8`Y{r z$YMPII+Ma9XG^u6Mo#;(T7IQT)|Aa4nZ16h!v(=Anzz=n>-wi_Zn~CJl49c!Ey=z3 zU84>Kl@d`qAc}%58o(A%g92EJ{KAQ)iwX&ld_lw75$!6TL9Mio9geJmC1R7T0_irL zxorOmm_@EI`D$3vh-xg`C1O!0a$fThNH%eb-=ddTJBv=U98Aer%a?Ott78kxm|~|z z?1v68DkKH~9)~)SEY>!~y}vEj6<*|RKIaeFF~w+wMOl}st^Q1kZ^;M>;TsGK_FRUn zXXbBVbSY$2X){;?EDTamB?>oqN2UL+oUYU`j{Qw`gS(H*yZdt~o9Ub<5AB?MCaC$oe2k--UVjO#7-*zVXaP*k8xRPT^XrepcC}P!TdN^gjTntrN6?QW;Cu%%Qm8lqHaQ$br+9%)p0_TGY6@ zI1U6Khq{P@&v@>mWGMR1F+QzV>Mt^D_Q?$|KuQtDG%V3*a|r4WC4%0J zs=pV4JKnT`viD7^1ijeJDmKxp9`Ic9 zOKf@fFj3jjxZ`=O3od1VnCYp4m!cyei;?51ce5hdiL8~UyI`YD3rkmG@JHbQT+>QC zpBov$Z|eSKV<7ktWo4GYdX77(oc*^nauUrI z0i|V(jd+ClGt)wid@BYwWB53&79kg>87FwPLyQU_T={}eVb^wLRZt2c@a z8N1Wii{Ws5Fhc%T{jFq^nxnRb;HMj%)1bPb(pFKnlTRzqB1&+N-PcTk%k;BcLX0Q> zo;2!nsIU&~_@T!tv8U(s_(oHI_H{=Gvx>8`%Ji8Ie2EfA5N8O>zcjS$`LYI8omiCw zAr^9MwJMzCIia>xq+u10A>Ko?O5x*vmn1#GH1s{l)Gb)g(tA&c zNk37tBt@fhu&w_Xd%y3izCn8M(v9~7Q?-IA{`Pd5Kr|Fo9;m0pJBw?KCo{g2*Q3~(jFNR67qtMYNVGp9fVBlt-+7k{5Ct`2h zW~@PX(Eo_)ChplsQ6!Qcark@0$*hooskM`uUr{WuX!va^42@*InGy zi*gx8=~bhD^v@+I5fd@F(2w%A$}J9x2fiS~|21e(MDIIk(2P*YQ#5%m7gCgAH)&u$ zVmG*lgS`&+v%CbWY9&WdzeXR&TQ1kJQekKyrBaVc^zAdASI8FqSu21*aJa14fv~q8 zJJzv|eL>Kshdwynp7o_9(bZdC*%VFk#{zp`%8)h%_Y@sk18xY1 z$UlpPt)gg@w(VO zd~#Rzhw^k#XAr*onSwfWGvc2COx%m@Ao2vwAms;1VK%L3Cjl%w&Gqq{q_O-bHm$E! zu=-HIz`UwQRm;d%Rdtx)g(g1&f{T~QSKhP8R+@ZzhKV({*O`aA{y5pEU1+_+Dg{3j z3T^DCqYG?PZtM^_C<9n1`zBE?-*nGjtawmbKsyBtbyq0{dyk3a;XGpeTA{9y&g8MK z+08XXLlRt5g;CUyZXCSgS+@8`RNIGKPz!#d#0Z<}WC$+gyP^^0GLG9(Z`T8CxU4Dt zPC(@_o|YC&j~(uqX4urQzZzuFdQ%W#)4s4DD2LZEZrJfa#Ob(Q#}M5KY}_^_>fKEu zo4%B#W_*30RJ)+6-b!{yJpOmr=8DA@oV3-5*+ko%&@lfSOk`)>!22RU17B~ZG}tb& zv@vkrAUw=Xb`nt>FjCf(?0uVmOBH%)3*2}ab8`4UquU7t#ecnLnS(55NQ!Ses5gZm z8}rPJhVcObV_SyjqPg)J;`?j+)&d1KwPkqxcL?Nn00?)SF(eJ{LBXy0U`~z$lKWT4`tAUCT&JQ6Vf))R+~Z z%31MIuN}Io?j*^hdO@d=t|x;Kq>{ZPARm>a!@De^#hbiedkzw~Y5SH1?7w>ih%F&0 z78Fq4Y<`V>cD17|cnHgoH}dEOcmPW6=N8nhzh`(x z>%0Z^Qz85%S4MmIltm}_&g7U(01N7f;67`A)L(K!wi{v^jm?_H^jxoU9XqK z`4S;&VEQ*;IB0Q~z17d>wfG&}w=bT!9hS=AoMqIGQvKV~+t*?sBL-Z2Io z&5OL}UV5Br?U|_I`FlU15;5d*_gu*S1*~4^7>7bwwQ z?%%^o!+~A&$;a}wl=x9A^S%a*awR11O3V6H6 zW_MUBi9kd6gWrhmclPTi7&mX+I^4svTsLn_iEaPPpNLdGgg-k`p?tqQEVqolm*+r0 z?tm+CkZ$NQ7uNp57dK}ZpKbp?#rLC+?u-PZMVZEUROa~-P>i)-)0rlJU5nmCS-G7v zH__hCkEo5#Vd3QAHU3JGx@>e_NPrfqjP+UrS6k5OZ?puslX(!K?{YM2viCL*1(-+1*e5& zrKE}-X5iHB0~<;)=d1{fn<_8wM8`Jd27SX5thY0A-}=Z%sCejh8-H_eu=h~hS6RqY1fA8h}u?5+~s z$M*#DivU;jSC3bPDO_8dFSP_RY>rhS7S2cocwM*}jHVVJO$za@Cxb;-a$#-dI2-d7 z>{S(Lc~|tj>$TJG{RKembp@yO-CYpWY#Z%2je-Iw>BO(is%syqiD^m(h9gU;9s|Ov z*)V_*iC?HQZJB;j#7zHEpQNK%In*N;>?sb_p!V6RbkTi=r3Cmw1|CW=&$(Er#5?Dy z=tfP`1KYWXt&HMp^{H@VIRS52^lT2IS%uHT4n@ehAh7T0x=qK)uIg03L&7flbhd5B z(fYKuefC8c`Cb29fKQs{6ub=B`-dg>Px1Eyt0f z3f*=kuiYusgyKRZj!`3X8hXt$avgI~H0AT77+`2_=zJ*7< z@{4fUeZ7p|%N6vlPym=oHJ4a&d-7U}iuFxwZs{_W@!3`66$!8*W=eXxlrT9H{p_U_ZB$^Msr{{cl~}R6=ci<>rT3{;!fIDw ztG^jHP~l+t-5+FEj^NW#o%Ri+3b3E6)E1DTF0pq%(? zvv9Jn(amVSS_y7 zu&E&23lOn>GugBIMs-h`Xxvw>;4@{j9%RDqf6Q+b>F?3;+9^;<@fLAeM|VEsiCq6; zO#9@^$dc;G*?5~e$+R^YRr z+aDuW9;^~a!rF+jK@=4M`oFZ=!0+^Fc+CFrTi-4DwR~I=Yg6%2XAh7tvKiu0?^>nA zo-;4+ntUw^tAjbNOCh9c%}o5%Ud`Z=LDww#m=YLW`e-sjy7#EV3y-7H`mJ-s5L_7` ztCpjq3;G)kphc1M00EPr_joE@zoJAij&d7~n~PnB>Q%W#7*?Nm56wuk4d4mW;a{(o z!}~hYb|z|qR1xTB>+lK(<452@(l<5Z{qcq4g4~V0M}V*;IfVH+TB$0@X}DlMUn=N= z!dw<8{f3<4`Fu{|ijq7^cbo&JJI-nvT5fgjEt40EhL;0wY(jb`;DyL}wrWLg;S9E< zWP38dI)$)LIDffTC%SzrLc`71Xnp?AGL>gQPNGr^*m2r-fBCPZWlXGgrH}7Fs+I;; zx=il?j2fNFZ}P0+piB5mqfa^c(G&lR8181*UqrN(@HoT95N*es6PG3YhBs@SvkK2RGjB8KB>8_F3zpl8vO$XYXl4 zV@EjSurDfyuFM4ezexs_)yZ@Jjl3DcMT&ZGnTjv|urbS!=abiD8WJuywLPO2*5_;! zr@Vha5fTcY$kzjQk>F;HGn+HgtDqr{QpIqlEE5eu#;r_yP{@!|Re(LS&Bh}vCpa9l zJGlM}H+Cv*(fIqFNOYc>D=kM0xWY3C@^)$tb;8{*!M~5OEm40a^$(L|?KDJ#1p9UW zzn0q<;!S>ZYzVg74%i@U8H*c{);2a&s_!NpLF*dMZL-Nd#tnqi13Rf|Nar$DQz#Cwh*c_Z51uaBo79~Fp1=;ub^ z@PDT;>6iffMka*>yP**!M23@3`!8@?ynH-8N^>sf@Nc?gDZ+&l@cpW~jcR+JO$}k8 z!0vRXtACKCp@!Y;f+AfW&!+A!UTjUwKSPUJvnUy8NdDb-PnP&oE)a9OTDGn;uT}0d z_hFp8ASZSR7^Cj>8QhjXTQ-8SP#B}s^mR%jZSr|5kaa6Ro%#J-&p<(#>`16A#$qWVR`$zN zs51;4=Zv1i**jufkSzl?cAc&J7(6r=vHa;Mg{8_{*6*lXTxefT>-;#4#Eu|E4roM* zX<$S%HfD-S4i!>!r}s*hnN!At)-*;5{R0BK2E!=4P;V^{x|PB!-GA~ETvQJl9X#mz zxW9PK6}=EM3H`y1sKHqo0uz=tKnXUpe@z3a!jPNX9-+_6WTS)5D^!&QT>i4*m+sLi zoty2C8^z?2CU32G*Q*;aC3Gmgka+6xD|{{nq@Q|7sy^&Vq_cklYL}NCNK%GxsWNdPL zZ{d%N<(QcEx4H_N%|dwpKoz{90T|mBtGu=fI4lpdAQIq~&vy8+7Y>|VX%ca@WgC=y zsjE{GVil*ouWxy!L=z8%+!V-W1hG~+oa)`X%cx`uRPuEgQWiNTQ6&DgrsZ+s6H^P5 z-a!UY(6FZ;0|nPcg^92I<{%=K;LMTCrNy6;v9thj7BX_YU zhL2C(k((XNO+tz4AdL*2r&vqa3CK6TX+EFQS+?_?0Q#Ghq8`~Dp!ZAP&$k(1+rUaX zfac)|iE(Qm8B&zIUfN2xh&D%!7|gKkkVpM)HA=-Vu zpYSvp@%|dj^a)!i`D5f0bB1stFe@;w^68|@inZ>m+BJcffi!5~XqH1K#h%Z071}vb zSph8qhp+ZQ1X#ab<+M%KJTkh$o?8U=OPq=w$%6S+hlga#`j%MB5YVG0zY%&8RE?zu zzxF#=y@ViOrx_Maj>)L)XH8M9BZ{*Jn!CZIHI0e10?t{^Sz`?H;I>;0Je0$`^uk}2 zWZz|k=BCd{R4iSel6f-_vcUwkzCs4dY!ccEwacR;*jviHNhRDVFXWN~{yOPtIhZt{ z9Z|y?FA}i4-ZbsD&X@ZR4U}C6izLSJI|jkO=42!@8s&tHB{yy@hlYvr@*}*kF+oOiG#|(a zz#D>jARy0@9_NhEe}QPHB50kikJa+oNrYpo{`T9kb><3%t+DU2#<1y%B!pth5|e?G z(W37R+hm(WpgLmJ3GI~j|F0m=2DtUDOD2RZS3(1oRV=oaE&|nqj?z`Fc5Ttd0N*?W0$0d7293>b{GFOpOq7O}Dfs&tu zDHuxft1s(8=z3`5WYdEuoxbY|ml`Oqqxy%mr_Q z>cl}=^qX(fh6S9Y(+4v@KkTGB0m^}2dWBsMLo0tO*)ev%dI%#O^UIJwSxGr9$b@@u zKdK43XfRO)3Fwc@nL!XM&q-~jEhH}E-wlomo2-5oc69v!hNpwTC)lID(X!$~-?&*F za<_2@)LMA zoTm>cQ~wzyGC*}w&WeV=gFt3F0wIsfx*hPAFhET9`?+pzghCLMTDm=c#Jl#p9N_IU ztPNG$G|6bh&2c^sTygBHc=6ub^pSo%d6Y~VHvxZs>HwkBHV*kL&Oip%o zy5RCXpUzqT{v`b>D>-ec(PZ=tYQvhhSlz0IBEWAb{*L2+vGY zb3p)h#LCl9zTev~z*y2EQGF(<-$U-!nDv+jkJNsX#f_=g0TdFIN>O+{(d=@=4J)vQ zPZgH3i6H32qEe`Wl(vws@?;YdH-5(4t08_~d=vm($$1LMoF2%Rl~x911Q;y#puFMQ zwARFh4YhDHR`zWyBN>T&pSobfS^ zy~@J8xoiJm*PHTc=zL<-WuQvL4&UL7i+*7bN=JLr%l=xk`ZM58Ns_PhaOR7YB0>nq zBjgbktb~uD?83OCpS^w;P{5HZ4?`Jn2m5e>xVRpG*S#fO2}$Uc+RO1h-jqnP{vH`yDr1BA=c7W$RvxODJY_})U@LBQ5%Mw8j}9fjg=;4@Hk z>b#*0Kc(^qc$yFp(*Opx;)m4jwu&XRjp93`_BP};qX4({6YX&W_cMh1-D}h-Hda;O z_94e7U1jM9?*ChJ^V}XVRYDqlCoLnwFjV9V+S?2my$ZU1*sa7}8er3c^vHwr#IRq3 zJF6J)BP5jI0}3b>NCXf&W9f4OW4iH|2UDbu86A{Hg_sqsW+?o%4VY(VgDD<>q9DD2P-rkT zY^~er#-OE7RNDzV(T90b{dkijcROpXd7NrN3& zz*LegEyLoyXpsm-{p)23z}7mQh`)hxX~#0ci_cnz(cxO9q8=)5W5X=J9%N}KsyFPw z0B#QUZ$NT2)@12K+FhX!w)GWMOPa9>;T7J;H@C!?g^;^N8qvC04_AZmhFlie`xEtf zUcjPgd)o&G$Upl%7~YU@(TY(3^E(Yx+)G+k(2F)g#V_AwdZR86RjZgj?pJKN3C|>Q zW_uE80ZL@YrzrY*a#Xf1Q0$(>;j?j12uhyHBM7O*IHq9(=^V-OIW*&CrsWDDO;TK1 zyW*v!@E!tq94~QxAL1kNz_V=IFkC*FKYieD9tey`=Jq}Zv zjfL`rEAI9U%WETwgoUb&<^m!LiJX56WC7x(P()~Bq~c>s3lCd2zx_^-D)DZMLJCN` ze9+PZo<_;Z43uw0Q7 zA{(eSrYAX~QY&a0M?-sfx?wdjfp=I)6_K+Y-o8da)mn3^B2Fyi|Gvh{u1+qL(v~3E z0?Bs3c%^aK)<#3mAhF97?y_(aG&gSRvoLKj&f+8JC94=YQx{`Az#X&^fVjc)+J~08 zy0m_L>JRFa8;o$b*|Y?o6+mgvdX$_$04m;!QA}CECKeWkYGCdlBYb%r;thHMsUN`8 zZ|@M+B_rY?^W8Dr>a(E5MLS^i-YeE+QqAN{8aFV+_XYaZWRnaUoHnO}BZ{I5wePe1Dx%r#|^ znC%Q^E5sjFF7bcue?t$Ol`rRfhr5RhKbfDQ@i6CnHN={Z`1my{-Sh;H*5eNq4TN3f z>Ws>52sN4Oyad!W6-P;#sD3B=6xsNvjziy4x-Gr+jV^~l%hcd1ya`tIRO1&ITOm$UQ^P2i`p{gAf*onJ5L8-`(*S|}P!s)R zqd)bu{L>6X{~ZuObWyebWuv6vhf{@t8*y$jSdpsV%`a}TlB6xHH0&p_!*v8Q4^xxO z=sZ4v!xuJ3vHqZk4Z#7aK9?a}b62kmPieiS2`%C$;a*^xo!S!UNIpSXdSeW>K+Rq` zn62tNI$Dk7K0BmTQ)3|cBVaUs`47!s(yU63O`bz44WUtkur_@KD`6YLWx)uaW1YiQ=K0fuq3SI3Dw8C7{@_cwARNKls*ZQwwaGyUU zOD%^a;Qv;A6fo{#@3=-RAOFecoDWVmz7kH1Fv=NISFp)m$sMib85Hm1Iu^iZ<)x-m=L2 z0`v`Zn~aOlO2EDr6!HRLagr|GK?2tM)M?L4Aqz=IOEa9)wMSm`AH}9i&Ss6Dr&Mfa z2*Kl8n``BbGN1?x5>ZMxR4qX>a7}lsa>5BU(1oI?KU8_%_@OvDT<>`xjct`nl@2aD zPzg$UjXJO=0E#)HmT*mHuEM^HqD=)};mFPgRuIgl@#&W_i|q~`SrTV`tIXEADyz2I z7`9mr*gX^go;h#nx?iI`o`3#w`Bf`Ga|?~1=er2hWbh)`6p1hyE$GpCufqnm0-U1f zTKm}AiV{L-WaQ#jc}?%~X^@)TeAJ|K`)S+J^^}paZ<$~N*ACdE{-82CmrV#<_0hOb z&8<;9Pxfrt?wQdg*Q(CAC;yeySdwbI#d-8t;%x9x`4i=1e}v8~WlNzi`52tpzIRm< z@e<`0VsasQOYYri;d~Z7Kgn7oLnG^y^nHo~!81U^D)b;yGBgd~It8>h0!Fs8PyiL%>+ifdnVPEgeh={;t{4e1ia{ygZ zB!gHxe43xM*hEh0Lm=qAJSN-U+P(7ES2AORv}+@|Z)%%vfRCtv5}{C6zNors3x$dO z22M(l_9ykV*++8g4j(m%ISFPEu*~0_Pzge=l&PcmJjIl+gzv}^ykJcgk%{395GV6-LOlDa+hz|&H>`#7OI9ky(xk#@|^HQEl7#we6Haqa=_I;tA zIP77CIy<^$WM}1_nET0wwgyy!W1*WbCzmo_(Cyr`vI5vFy-ov|jCDDTmtr#Hs4#<7 zjiB76tgTv#c~x7l1v%%B2_B}}-V0v3DJ{wVI^d|T>EU&+5 zc$-V|cz?9A_URvy86C-2NqxePnwS5;0?l`oOhy&?KWAzz4DEhYa~P`SD#Ks?p|&K_*D;F zB2^DM;1i2S^!nCB$h6*9lEo zu+3^c&zU_EhytI`ky)`-?~#P^rvFkm-$$U%tl-Xv7f5UL+DSM{iyh`3}9cuZ?FWz;jHktR0nK*89?YeD2EJ z+7{irpl!i9ymB17#}wmzY>2WHVKDC%)h=1C0INcu;-l~E3&%$-MxV%ZhpfVFu$v^d zc}Yd`a2F?5S4X``mlo89=9M|R&5=!cTX7^ zR%gPIk=xNe1Lay!L88l4b6Q9)jcN0mD|?sm#ED?A4y6ObNzrsJj48X5klq_0Ky$mm zqLJ(a@O@qB5#LR(IRNXXMBm^@euyrf(Xl;0Jjcy>fB1khf}boy2rzqM`P))llS_0f zehCK!C5th(mGu%eYiZTtmi4(@q=j}wc?&g{r4|cJGou%f3twyN3ci>0u9zk3gD{-a z?_L7tAe>Yul7TZx+--%tP4kzaz^L{bQcR^(7$`y{SBJ`vbyq5Gj^6 zx*N0M*{tYeYlHTE6PamlId=n+6Wcwx8Jo5HH35DjhIt~NnZFOF+DT)0fR>>2tpdJa zGug0_#rlLNyie)YdH&;m9+~o;eXFUMK22G9%!=s4Tw5~n4$fXE*o?xOw+^O|oP!l_ zM9;h*1+Z8?Y1XgW92Rs4v6*m7Ze%MyFkTaBJvb3ODxjlhn?q0HmwUY&P4+- zO43Q724vvirG+UR#O2GQl^IDg%4mWl>>696+u20p)?y!Xd7)+<4M*-~fvtE|K@0s- z*hIo|Ixz6P6?9mKq2qGc1YjNh*KIS1iTYYn63Y3k@m$VxH$<<{hLeOfr=1`#!ST7B zMdJhb3=kns+RSb1f}BzF&&UK~#kl1g#Y@LbIN`6+I5`f%&$znq^uVc0$>Sr9IK0Wk zG#JyojZS`!yxb(bV^hxZZlaRY7})^w3mLe2&0YT{#hLm>^Tpqy`wg@)UfjV?0c$c> zr`Vfyv?0>ltAI3QI3*bXk*2w=V|D18^w-&a#$K-(li~w&Tt0Nr=)l3)!As0gVN#j!5Z|V*RyT$o?%ZIO@RSl<#V#NU#OGMi z_0ItbV_^%Hs^qWCnRX8guOpUv6}T%WZGp!28H2R9_W8Uk@MSDJ*Xv-$75VFr6lfaeASelOjEXJeEsoN-6iMZQ=W&^ymaeqVv6^Cn!>7W}!oHe?jZYBb&?5HR$ozLX>N7?jv$94VzJB+l$xfxe^DndZ& zt5n$Nk5F>HMaU?@OjNb_mM;Q9YRdza)%|9K+LhF}nzF344V|YOZyD9_`re{s+5|K% z)>gXjw3Jmb3u>i{x}(r&lzh=;t%Us|Q7g3(f}ik+4oTvVl7ic|=RPjyRng7mKcY5qb9@%JjmmjZBo1zV>@oV`Mb8B(Q zZB9`?&LzMFz!RNuYSe*26;ay-b3!-l5C@lu;!b*e5YGt=Rw*@Cf=mbd50I;e3aE;| za{5MT>S(ZSs(^z$NqbT{-6S^-b4ry`;*IN3NrtZZSVBqech7)UZ}82yVRU6Q=E{ND zT@}`IDy3z$cS7A)-Rxa+HgetoVCdGMxaELpnK$dc8>Hd{p%filC=}k_0Kd7G*{?b| zf$X;X1>IZF8M9;>Pl~z@PU52ZXh8bgC8qoQ(%hw>V`4+j{#4E_siYpf%^0GmJ9yEiutj%9Dh76OV;Js=Xp=kBx~>U&m3zmH zy5M+m5nIQ-Q*9F`U|D~1(|!Yv*Bzi&;av5efD#RAmXO)*rP@sc=eAFTt7q(hylQvA zM%Iwgeq#2xnXUx{m%Aa9|Dr$VKdP1S-0fI7dv&;?>ZT8)O& zJNryacVqk9o|>}R%t6qC?BO_5twvs|)7XL4eQC9WpX<-^@@M{C;;1M*}CYBUr>Z63ITpu@|t+P)i8K6&l1w^ftpK$U!DJAyA2Y})Y z>Y+-x*%6&*3vqfc%rz>qs2jO;T{q2xY$aXcLaqWS6sL95WzB>~lZ|j?u_SRSGXKU- z2#)EC3*}B$FDZ&2aZBBL(MT*=cn6kbTeFqHm}IW=OW1u)DOl|LppYo}5plP%YCnAE zCnO*Gmz!ahAeJSF1qnv4udOD|*C9LgvJoF}E3i#2Z||GNlKHD%|J>SUVwNS@aYd<} zAf4{i=#|>G4J(CnmM~btqgfW8mx*;=N4YYj9J%Oleff{w)+`V zswF8UTFgB66th?EplDx>&a&xpSG)mBc5ufEl~|M~L&I5(gq>_0oTg34 ztQJgp3LT`ZGSMqd_@4q#SthM!9!mg??ip1kNCL(W30N*@Zh3e(r|hadtX!6RARmnG(XX@JAHH7Z z+Sl7olTvy@OV(;LuHwOT2Nh%L}24oxE6VV^pr)@Sx|HBfcs_-g}=6aB`tqE}s6Zsu<($eC|xvGg@ zKsT6FcJQQxMD<*mw*vw3?GHou9(DGI62lq+Is&_YGsCIb#yEja`(GRN;BQ%gm?CPY zXqPWV*-;Hb(6p(Qa6X4XmV7|$)IGFO35ZHq`HYmUFZ-y2j_>-AHUzOoa@MRG5+I7I zeTVL!zqlFq%Mos_TrOTu?ME)I%#Vi0R3uTpMSX_OUgKbAwwfi2fKH&=^Lmvj?%FW! z*j2(1Z2=lU#4WxNqPp~wYAAc;J1HdeN@VQtTlI@FI0@0jPezt3k&TH0kH6&O?U0+r%FYVQ8M~~@Ax7J702-%6h`!b~3Tn*-G`0qbnSJK2@V8FxqvobTsESr-~+T(ZnakCJ%M@P$4 zZ$D{c`*tzt7~ZrVA?Mw+W98Os*8| zkA(j0i;Xn8Qi@A#xDRs)b6-$poj!-NgZY~q>8w~l$I%Bn5rz>ZByC`(tiQiE&njEi zJ}TR&&|KdZEzQtr_sng1{3y~(qY}J1zQbH1n!xY(0wr2MvG4OT)&0>IX^GOO2XWVr zTjxc$hFG9HZh(H2NdwVeKwIlr*`Lr|YNGd-qXTK85MWA)e z?I-w+b-&k`lDl7j;v1`&5sAhwnEw;8vkGloAlnsX3(5Y zoH`TBL(Q`{QC+{tbg6Uh4 zcF#6~MYUF1+F0wrT80msDJ>)#y=U2FadHjdAJ4XawBR`y?>+zKUVPIXDcfz$Mn?Hi zM0dYECW2YjEH5&<7kfwtF5GT9&)L%(s1sOG#VxMyQgycI%C3Z*lXOaBmPoD~OPgVv(5A=uI}e|M3JRNUM+ z0KZ-Xw*ygEGB&8l)kPI(u$FNdm3XxWtrx{3>`crl0qq4~{+TX0xm+hDnW)mT%ub_D z(|1loPOsN1)a*{(|8*E2AW}*x?RNA%`gSF~UVk(DgI^qf2RSQXB@`2)K~)2}*~n4g zyB~em_cBTADSt@KqI|S)l;Q;xPL4FUF>~bsZ9sm%ZQ9{n0c0RBFi2wBhb^4)h|{Jy zhMbBDN{{!{WA~Ig8p3ymxu$h`AD6&F+3>qNrvMdMiBb9Ny`j)9ox^GK3N5l=c5n95 z=3L^U<(w+8AC5Et1@KSm5w7gNkYm;nmqF9ydhP1`MV{0XU?3%7W$ht|p=-0bjqewo zC@vxKQY`vmM`}Jv6%TNHNL69I22@*b%*0f3Yu+VIUo~*ouD3Bbe^y z#87h&Zar&I`=sSuh_&0K5Xdb~^$6Sg?)G{IFdi)`yD+T9Sp%N%$1_=783M!#x07~` zAJ^kw?(q?T>9+M?+e>?lkJ0(rv(@0NvjqLz2$fABU6HXI8cYvqjWpg&?e8oE-?V0E z7@va?F=nq>rd3HrPuI8lmH!ZxWC=)NGbV{vpYhZ~{7@$8$|@lkCj>c zbx3LKCTY7YxvxCrZ=MtDzI`HVc`2GLon&BxZ13QdT^M&3?~CXprfkDeCd$Z^(v`)D zCVm|@ohn-)F2s^J)YS^Mb1`+AlUOvB>5r2aa71{UQ1F@H66A!Z|I9^{nzRX})ebLK z5(sqju#oROSqCM8w*Zmur)3mPLnz%6+`Y6~pXQ3A4RFZx)8S&5|H`CJW9Ih?8AvPa zdA6kv=eeV=jn*ekb-5B*HFlQiG~@>fWcAkP00O~%hMdH-Rewnz2)nIjp>QL?oCA(0 zAR|wnVQ7MGTP32YGs9=(&Dym_tBR|)FH#$6#4LjSk->|+@$M#W^|HYh45_1sx}=($ zFg^T-m)UcGSFm%3Hzdth)4JoJlL=;LlweW5!JcR?x`_1a@1QKvz>@Dm=Dq3kU@j%b z+Ye!Mv9=JXM%bUsO%r^hPE$4LafP#)uFJ+WH$%Q-_(5j@ms26$;|xyigf56o5TxIK zoW={ZJu7ZN)}n2by?3YS*g4Q!IPaR1o^d#s&nVuwJ(4*=e0o22Pt@iV}O#_Da3 zdjcO;`?kd3z*upZ9=;8Xqb6Jrur$?qfB{eg%S4EnxyJ$-vbA~?lrvPKh{F}z_GLv_ zhpmzo+u>Qg;_nmNG8C$+eW2S~j}=x8@GD5sWD2INMisER0w;Hi88bABa}A9KD=@Iw z0mMd&UJxco+HcP(eSlwu4MdebJs)O)`n1U3_=1-wJm}X6eWxY9iKM}#(a9rRgA~n$>;*O1bG$f2JHo6&A!^X=F)AofGv#=2ZG5%{F0O5mox2p7u-8Xr&+P9iH2lr1Ede>lC>0<%PYMZggasW1*Utn zvLCwixU{`=Sz6s2htBb5K|H~(h4p=IHXLvY&TQO}5E7@rW^fS2lR8mG$UQjeK}Bg0 z@<$$uLey%V@i()!<@z`3zyyW%EG)A!6gr7X@DFe?SL<19C1(RkQzD?mz`b6iA7M*W z8dUt&bIIn?z{RIPk`ul40@$*BD`7`LfL8_zEbE?CGj?JVP!V;I25WS5nOePW=e{!_ zV@eP!VB;pLswz%6G7v+Ca_B8xrk2!bvXhxO4Q-?zZEBWorNh=)m0Bk1dGh6Rsv&1j zBeZ(4AeeAo=I6k)pjq4{K0sqLKur+K&aSM-^)g<8Kiy4{lI*{2cxF?ohbrFOBQnj2 zW8Dq{2{qerEU$p`CF$>5&;=z<|307ux_B6bEL(ZNj4WGob_`M$23^F-3~Ex1a|{91 zr~L|Ls!i?Z%a#wIUA1Wa=F684>TL|x{~=^ys#oQ;6^%d}d>3S=f(b(Lct@q~-4(AE zO=NA57fx%4lF0|nS}msW6KmD}-7_QLB*=!WwFfT3wo-*_r0|~l)L?7Le$!59Z^H{; zoAC)QI(=d16v_sb7`%5dRBGVSXh7NCG9y%O;8EK{p@BD#vN`NJ-|FW|F_G82&1oqj zN@@*ME51QcC3)jr8wsiyWdn1LZRF?ThHYWS(2vu=iedL_YztFnA;icacKQoDO^hn5 z-UHe&)7sHm=SzJY4d<{wV?6^}3w_)+FG(XM1hL@DMNp34m2OjkDfAWRU|L3UojuLk0o0k+;4xwy|8e)Jd5U zmG%j))>-rcm%1ZU&Go1fX)=q(aw~)~-R|T$o6=B=FlK;iv@GPb>#!AZ*86-pn@Z%@ zYZEitu^_x|Wi{u;6^0TlustV40Mm8a0AC9$r}W9K(+!@LHq$_OrE-mZ+4z;qnik#y zZ)=6lWl@^nS4&=TXMrB&M(F+qx*iHsDA-(>w?MvSWde4ys8&Sh@QgxJXLu0IglPGp zkWKMdD6oA#r8CF6d!UdnK<=r7*s;lkgW80<>I$!&^AALHJE~;LaA3Y z@G1n>fmr|ddUn^2It(o7K~BZi*}B5ghB=;sv&DI0_BDtarKQAM285Fj;U0+kH!|#8 zK$T6mR#cG&ZX0@USP%L%CXJw-Tvnx_XD*$;b$nr}{MMR_@zOf0UR)kz8`wy2Bf&uPNeoj-#*0in)WEv zXwIUVKC8>dYBV4yT?v;bH@1w|0lZcXQKxiCNbdtvyIbjRmznB!+Gjud&&$hCR?p}A zXmq}w?Dyl#ZvSh)^6TNQzTelq{yTra|J(iVqwn|qxpecJ?^*rti}D`Lt%INMrvvim z>zlmP9-p_TAE-+Ud9Qz-yp&atbZ6QF5MZk1<=)-S+jkFi>WTDrb<`D(yz_(GGLnCX zKTJ<0_E$Oki>R{#z71o_Ibiy$_TMtD; zc6LE>OC=ReUQ8dPc^U|))xcP@3bZwWePXkO6_~}QZIM68Zyqubjqs)76j$gsluRu4 zZd9*eU64q0I1C%G+478WXWgkVQNwl(9UgYm-lep5%ehdCT4<_)%KnqV@D*wm8=Y|v z?`M8)?mVE0p52kQkSw>1)LopNP5b`tr7Ed6Oc3m0b z?@Ow33>u%?{7XTAS8PL_T-0}jaVXpK7W5~&3`v=Ja@G2E#{KEO1^8x(#8_qN=!v>% z&r|v1{TcgwRb3w>2hV@hde{PBhkQ(>dGAJTRmn_B=1Lt6C$h5AlQIrT>S_Swz4~7M z#m6x|GBcO=Ra{wz{-PE+yu#|;@Z!7uoskB*M866_x1Cox;d&)633#Tes8I|Lg40_e zlTGKe8U__)!>_U`S$iL#5bwm!TM85JN$b2}4?h2RK|a1>Ehf5aW52|}_e;4Lhzu1~ zlSOl8x+c58`77|?%6wk9o_R?u>I0|wfsyIZoko8#T|5rfa8{RzF7rpK=IXNOl!*O}TB$tr5GV^RK9}#^xfu%_})@ zhg=k@ta09C+|g7vsExg^lVw`YgEf%88f6g!m?61p%!YRDOG@o6GFrId1#ailDW=z8 zg(?qG(ETXwXuQli=ek<#aLz&t@&R7>BZpBz{(*or+t29;0nucR4FMhu#{V2iHx(0k zc7;E9R37(a=$ea{*U!!Mc5By#L5wL+i)u(u$W=GeWHG@zDiMcg2}SSumew;Zs$6*! zo|RZ)M~*q<@Nbt-;C!go8CQLkt#4oS>@{fCtqrlDX$21m9NFIqoO|;T!H13hn%tGq z5+vK9-RvkMR=W)ZrNotQ>1v9wI(axG^+EV)IgU(md1W!<0_bw%wmZf9_dVbAI%+J# zX!=)H^@ogTqHxWv$`n@H{nr=)Zgd;Jy*U z6_TIK8p6VXS$Hr~43!avjR(<#G>R7E`qoo>H(83>Xl2pWgk>6FOUF_6(+SETzC4jk zyrqG`DzJ;?TLaoFzl2CwjLUazt%ntsAFnXb&&7!idx*K;^*3>)?ulBr$+N;>w&S)l z3cEYXH{tLX-OZr*l}CWf$?a$0`oJ-hv+SvTW-Vr}EBh}icUG05iOVgu z7ztVERX1n3;)LF%_{5D>wr!BVhcPI5OyKPmjh-#*mo{Gk(jr_Wr?z)v3+8n4KYHe+TXf`4$zbSC^K zM@PLo>g}9L`?Spg(R3Ue*j@qt&Rk7mHbue1k+(jZ=*@cit!yLQM1i^W67a~o(wP#^ zmU{t95ZZpRBiee+n6xKp7weZ)sCA#yUV`|Xv~sJi&gF#3I{&!rT1W~q2SBqT-^M^G zlH_zTHMQ_@g;+<3bdC0}HRa3A`^**X%ePxwDnv=3R8Idogs>>+G8dxw)wy zo@Z?8*3jK>oNPE-!=$FJ>`^SVp-aJwq@#D}3jqUTe@Q4k@bB0_)LCzr_ zVQ-$Hq4){BVB2d%${n~v2v1!FfQS6a{)gHG;r+j@s z9{lRgHqUXxh&VwCTRYS^GZHLYz?V|( zs4Fo*MhY@B;3S*h^CTw6wW3O0XV6NCg}i%~V$-|&@1?iHJI*uNp|j*kU_-Qb@m9=3 z=j0*pCWOF~p~Z9^SnZv@T!ahc${Y@g49(ND=#>lF(Nh&nmuQzmU0lC zjrp6=Yt*_y+%$C&vWlVWKedZr4I{GN^_w|+4@D0h&btKi9%X#Nn8uqdHa>#ICInlV z$yQcJwZ6u$g&90bLfLBmv%;P~y)8%=As=6A*7PHnmbCF};I{a>d(}7fdHA~n#_J6A zLV1S-B1{C4Ip=wMq5RBS_mCgUPb#LlzS1oSfwwO0-gM-&ERY?KRcJt|%TF8t1XH}K zs513xZ!Jd2CL0O<655hlj?x8n<0_a%U3=jAlO9bxypZ7yd+u4}QD}Wc{^Yv~`yCVS z0?u5*((BRD&GvjfDcPVkp5^4fg*j{>kO1C`YJM7<3J<6LT54MBvj`6gYn`Qder*<2}@17@_y`!$KU(jjS{TVfjHa< z;EZWaRT>Rm^H_qPw;w|LGJ8E)eb{A>I(pX_`0E`R{r0$HYp~}I+4g?()i_9Q zK;i1sz>`gYXaX{~+)ndV6Pl%xTzAP)D0M>*c{sN-`t)@3k`h$ihAh>I3R_(Vci^re ziz%D9o8G=2b65Za|H#3Am}s})cSM@Y+$;gTsB|? zXGZHD8;c_CEDEL=V^~a#v>WF^t4WV~=B(X~-DefQV`xcV%>^9^OQ9DR{ANc$S=o)Y z4NK32H-aM?V-<#`f_5d3su&BpScNsNm|N0Nxroit&}*!n=B}BD5FPc=-hf!0gqng% z&z{ydYUn9V(ER@P$z@U;m2*7i0V)(QRmnnraI>cenH&Lh$0Nj_4nE$z04zR$?eZ5F#Vq^xw8cb7j9P z(b`xRBM}c^F|b6RprIF;wYPh2ry3@1VjI67i>gRV3LDPiBE*k|=4{BV`D#x>zH(hI z4CSR~*P2yIBX*F@J1#n4PLIBKi{8av`&R!7Ij)0#gYHaYxX!(d?bp?Dk&FCT$MNs( z$iRq;-@Y!;Y@;u0naO(j=>DSd#uzen-}R7kTgen}C*^Ptw{M{}mf}NeJ(xa+M7IdO zuE8BBrr*`Z+=_Qjn|4c+6nU0NJ}!2d%#2n z4@s(;V5;0^F_pTQz13FtVKYvx#eCr{GEPNPX`07*8G%53(k4@O)SQ?1S)lpPZNtdW zw--%TZ8;kyM&)Z8O`M9G=-*VOu-ImxV*D58jDj{}B7YUC44ln8k9<@}&SZ7qcBwPb z1UhdTv4^ytrkM+lj`}P{_nr&8aq`jZ5s9}zrc};P&g$*U;RpAmc~+#si9G%4{%f?# z&m0kMdqa7MO1ePvXK|O5chJzcpcJg`4BKkmbseW4kiB;$!sfi3?R`jatgp*d+U8QK zjqK-xc5ZE%3T8@cl~Sl8yDM;_^-?*BHE6eTbBTIgy21tAi*i;Jz#BV}E!96PdS(+a;$%_hytIKk#GF*oJDWI~9O`iG5gR%_BEyv%g zGH~SHH^AI|gi$hO9K|+CY>Gd0sZOAK=Zu(5R`57^wTu62BK@-D@eE;_kED$>_o$2t zO}U5ragD~I8zR%sMYjD9))1I9Nq^$!H`>IFRuEr2=ljf}Ui^9MS`W1EflO#7o(hh~ zN?El+NUo~9PHsa55?(mL{&9{fI&A%w-+Nzkb^R$9HcXoU2n(PyrTJH!>M2shnfH-= zeYyRmbD)P2tL-WF%Slo1)>XSOb-Vl40`4(pM%qfhY;=ic!xn@eVYU*#Qo61pa<^vU zf)Cig&U-hv43+67I=BlN96z<4Su#n$#|@$~&M!US7*{s_Qj$ZOdVjf7V9U#Kacd}U zx53Z#zavs5`)q8P4-Q>$C@u%D6z8YCNUo1hNTDOCWkm@Pr01uK;_+Nw|E;r2D~{`( zKJ5AZ^pt=LpY>_$8hPJ;iC#M~F9jlur6|3WKG7IC}q`^j0Ty~T=U8JGJaNc{#RG|BY77lc|p z0c24&9$+M?hnw$hnwzQIlj`4N8tz2?bQ^UVSQM43OrBxG03T08>48R@tJnQ08$~trEm$B<$^DS+g>uDLjZVZU&Gx$^e~hU~Z>lb@8HFv#|6$fKD;{VfMQE z3x7U$BM|3uAa5lQb_HM_P^R|h3+mVK$hWM>cR11uzQoe5%pZRo#9e3hx5(#xBi?zS z7tA}vGhgQIZV}IJj2qG+d!j!2({lXVuF>C?Yy}9p!=f_iQ`iV;$`G4TGc+FfOJpOa zmv!=#zjOh>xHqqQmmL!qRTFAV5Cu-bCAywpfdHR62plJC#Z|qc&Ff<(>hKbVD?Dnj zeV0fE=T(Nf0a0yZa%sE-DhSVzIdp>WE*0Peds0djLoiSgB9=0bfjTlDwcBYKCkx@k z@FKDoW~RVv=wHD(w^5`@=~Q)wD@v*}0m$VjoK|Xv1XYrW=GHh}#oN^IT9dh}5C6Qf zP@sb=@T*ktp6+kCsO#X-RoI9neRS_G%IK&9?LfkV=Ez#4{`HtiZmV1-r1>PFyydEV zM(N0)pP3h#OoseB0~ueqnCL(dX>D_w9q_c>!|9xxGgVyt6Oh!Nn$#o#D)t}*nY8lX zF*>PbVm-ykCb9hBSfJM8j@2kWd)`USY}AR7LVK<7kWHuK5(=M@sRlAYQdx2xtPK`> zjkS#~&dQjtYnn70|enN4K>JyLkfu& zu)qIxw_>TYzq$-sW&O>PGvDSW(D#VV+ft4&mZ_^W36<46Qf}aMDh0wp@Dr{J)9P%Z zM7Lr#mA-$6rJ`zTR#)EAS&Xate0({3Z<(x`%!lI%9{{Dq0=S_NFY$uQvq1p&^0mKc zX0$_B5_Z4x$y?R;HQc6dS8_KocCiFBcVMpi9EV%lku?U^lZ~j)3 z*H2o{ex+;6_~#{azA4&k#Wum3j8b^?vQVx4rh+$bl4}sp$5udPAzrLV!WIM3lwzP+ z<&WLElL2u|3m+P>m*8}&yEGN(k*rANL)?KSX~;imp#^mLaAb@76xDU5Iu@og71>A( zM)|!u3Qf{EX6bSfP`w$AnT@H<9Q-S5VrCwib#?9(f(N4fr5deUoFg;@;;*B@z$yJD z=P~M}1?x1(rUKU@qJm&4brpJdO5t-UUJ{8ftL(_ai;cYi@Gvu(!43^G&PgM=YLv*W zgo(Bl)6R>@oT=Cei0KO}N_S{AX3`rArqzBUxA{UoWumOnAhp~t6~9^w!GM~}BvxLP z>_9~=kd&_qPK^~dcDc%I>iB<}xBF9o4^3RJ`^0YmyH5VVr&%B@_JR?p!97dkMW=CX;;TV{~^lwlRb4 zRGY%B&EWa4mp%J0@6j(FNK0!5pP>{LgQF>Qd!)9o8ZK_VHtU+tF$CbZ?{sgy=#p!3 z7#KQ!^Cm6u${EQJJWVp}GC+^H!wi&bE^J}&eHRn*DQFG%hXkMw`Su@^csz?2+j#>c zpLUPbJaqQ^N`U?Y7RCSQXI!l{mr$cavLfIUn(0$)pc4fn*+MNM+kMra#p5OVsaE0U zEMKsE`reDG7JXDJpO5-~PTYUcriIh##HK)o(a@JkDwP~F{#dF;3%_=oMKcvUd?}VD zUnf^h{?-ef5jD5noiA7acbEhH{P?{}_1FK|pI)v1zIsCUf4zUYp#QmD{*{{B)$RK} zKdb3~Vtc$IAT2~>tNp!OUA3!&KSERHHa_a2cI5A7s}XCI?l||~tqtN~zTIA|-pAD! z)x$55byG00y~M9;heZ<~x)P8+SSYE~Al9emgg4LKlP8bdTaMnPvgebU_lacGrVs@U#-$s!% zTxc1?5$Vr2eH^@g9+d_SLEIzHXsAB;Jinm7&p)B#?FntmhYL7g4C{>?2s|6o-k`ZGMoV7V32FW9@2V4P zq&g*H6FW6|06?w~prtb7{4v*VpGOz#@FI9u>zs{&@)T6J(wir(%&oQU7Eaaq4CheRv@NyqxYZ{C^H9ADy>!XhS>shxUQhA>2t_RHtsT5 zXVjIi=s0OjswN_HLhMnSK5D3@uP^pTiN?~@3L&(*i8v@*MrAz%t}>a|Y(xs|<5xWt zGdD=26V(iTO#NbzeQ5#@#`O6LAWA9|WYXVi%7nWiV23vGnoa}jwLQCUSmx2s%o0qO zPQSvnnB3;jYq2j?rB6;N^bLSyqQ91ORBqN`gbjTPm&9v@{yVitT})|gL3_5PegC7^ z^S&C5&flB$d3Mw9-|6$_`tj0x=Wg}M%l@s0;Sc@bes_P7{$s8D!K9}cD~lz27ng2k zj#uCYPg7bC`NF%CvmAOEbTl`LTTK87(rLz?|wv5oJ zD2TaluXq+~XPSU|@UwFpH-)DP2ubGU6ceP%ObLd3$??E6&>kskIyjfDO~hdhk}hVC zF+oGC4Q6W2>N;*tU)cPQWeU8W?5>YtzT75m=uCGZdoHg#2&Y5=!N-VwiW8H?b8{U1 zS91k*C2}lR#w*))}ic`^VE?9d1~dCY)`< zLcv2F>(j9i^mF=H$K%dt6O9y6I?xi~P6j0z1!eXH<&&~K{fBh=Q&+|1pRRJ%@B52b z${T(xHClfXY9IQplh@8bd4f4kT5`Sn|^!?0b zY3dTA+%zqpw&y$3Ob-3~SNTM!lCssBFO?U%FHiojT*YRuLkX9jO$f1VfghiOp#zAb zcAFCTIx9#?>C`aOK&pemjrN@-nVY;Un@a5mUc>3^<-kWYH+<09)gF_|fB5GUhi%f| zwB{3y@3XB!tGRS(>G-mxW|GdqNHVJDpXcx+(n5AtEkGY?gTDD1!PYT3S9uT#X7P#( z&WQZf_`S5IQujK*^zgzzN9#ekQ!=L>-$wIWa-}F|-Grjb=`u3c#@R;nnmUhzKSfe_ zdBz{F9MV?T47i%=LwJx!gvq&KK#O47FQTQqF!TQ!Z|>M>vG@2zlopZ-6K(>(8xHw* zeD0Pn>c4N7p?(V(`F)NGYP@lMnSHL?P)WXPe?+McP(>%YLUp4{B&9B!OF?UQB zOR7RVh`BD9u+ppAxmU=!qzN$>1zM^^0)*Rr6Acgo;rLksfCm@oq|hiuWbW;r#q{9mRD5=WN<+S#0B zIs9|<;(mWSBmeJMg_sQiU(IpzhGzA)PoS#nATWROQ4Eke{{aV_Qx84*yYcAcel4P< ztVIfPyRJQ@dTP6QgQ0s#VmL!LI7){?$tmiAGJ1H`$9Tx`XAWd!59hyB@U)S5_CH7U z!@wy@83Z)_hpLJ6B`JR5)N=LAWD`$H&KCWFrZH-rrY5#spTnAg{IVim+-EP=C8TNW z(T%Qo2pTyH<nQD`n72e&_7NS!x}y>hXn&$+>#D=e`T?WUC2O}HYSRIIES@a zZF~T^W2GCkhM7W9O82rtpqx}E;CefQGSbvnld^_2F+jmQw|F^0p93);&^NDEsmmn# z8*i`qRSwc4&Fnob*rtRIeW_2A1IPG(WGtRDXPoAEbpB<6Pjfe0u4Il+aUS;e`#j8C zlGC)h8(96wF!Onu>1dkq*e|qCFdRxJS+EL^A z6jKKUYty>XBErmv08Zl9dwK9_r{1{&ACe3RADvDrOWi9NO|Th>ONMs16G#g^zogdP zR*l-jPm)txvOkI|tu?6OgCL#z9x_yQh*+N5AlW1vL&oxA?9U64l~j zU!MvXVhx2|42R&rSkV6=&$#nI1Z~IJAGQ&~kmX4B!~lCB_+yGZc8?)5YJKy{knGEV zL{D}wETHpec#MN5LyTkCfU|dYO`nc_ZpTA$68}jA?Od6`w6`%ltzjn8arX>;(|dMF zwDazm4|7tMF#hcKYZ>sXKO38d8()n92kS?-jd0zK&++?WZL6f(xjwwjL^oHxwz#sy zP^-?N9^fV$H5MQbN@*#^NERI|%wrv7QOv~V`utSSzIwDHNsf?!Vbc$;}NkPS+^4@oUvyt81#XLR}EC!JgcXo-C>-MLj0D8&;&! zj|1~|F!M^T58g0rG;v#6f*mKaFRI6T+VYwR?<`!gN;P*g6JJ1Gr9~DgnSTP)s{cV* zIX7h8alxdOmv=MFm2goHN~swHENLmjLcE-EE{g_Y>`YPJT|nUXp5E|iS=)r_vb*9G zh$qc!Lqam4*TfD9p9!(CVJC#Q;wFT*j1GoX4SMipSxb zh&_*_bum{lYHKLqHVIAoNfUTuke`3O)^twLNzis}%ACdw70i`t8jZYbKxkKosaxOY z*PHi?Xs$6UPTJv~B7XyD=H*zVfm*`Y-`JO9xbdWdapU?Us(jR znq{dtQhsS{1emz~kJr2HJ5%rQ?~EQdc_W(JQ~PS8yV=-Cg1~5#JvOXBO`pQfRBgjt zl2FqG+s?t z_mKFH-@(v+dzTcp%oLj!JmTNvm)H3YE@Y37)@o$8w{Ig{Bf`0jube`+`m5AoWhgMok>jZynFKBgcpZb|ihxts2uLBtE;M*s0LhVY@qd`^V`}uRobtO^4_?of=*=Ng$ zE+HX6w4KE^Bqmw`XTrb@Xvlekh;lUHAr{Q0R5szBL39&hfG~Vd|E?0>5u@W?)Q>?b z_7<(g38n^-w0)XH)5jW}od>kHQ1bp;J1R%BQf*cAdHeZ!FLP>Z<8 zesu0gss*V?D#auF#D3V6@e_MR(kQA#%_1ojO)(S9G$c(imB^f9K^3CB|8$e?j^kr^ zhkoP|f?NkcMBo(f#!3o6*r&hFpR51UXtxo*Tjk)4Z&hV5I!o<5{+0g|`Kf(E0<=LK z5F-kp1zKY}QHOrFWZ*yWg5*8JKPB(8Kno#rS_Q1`^6@Wprr;uw9f@4@upPHV5VwNW zC2LZy*Z1r-oolb#ZTd(%Yv+5>@`*QY-FxdpOE~e?8JNR8Wxm(e6acyOd2}jfM!WS6 z%z;c46hJr$t#B1tMewAA0RLAY4xj)X417R-aXc}EJVbO5@FLwRIWR|{HAod-dBnYWW5 z)?&DqeGx;x2cA-fihKY7N?P5IJ106r!GUI(;9T{vt3p$}N|XGgF58xdr;7du^EU0a z=iBEJfj)t{msH>P?f67Lt~Vs*h8B~Un&XV8emw@Zn(iA<$Z$tcPUD2HC#Wdh`O&E@ z_4JrWsVMy+`N_$xc*9rz43Ec+?PXGeJzt?tYFf4-0Jk5{jDU&eMT?_RcEy$wHU|Ll%V*X!Fc z4rk~-&8aTL7^MXf7oTfQ%BVpDEvEFGKu?Bkv<#ls4v$W49>RR;nDKCKOfQyCe<C}%nbTHyvYehOl zJr#;M#gZmnkjvH)=M>R?z=mJkhHOkgQ*BLCM*YMgjs8r?{~06VKTD46K*f0I=Zx;|EIMjfA}zdZEnIdeH| zJXY)tr)5Yio{T!OFhISsF>Y9E8+Q6+=DqkB>j&?l(t0YYPv{rf^0T4xjyA~BLLzeTy4UE;-XSu+T^Lm= zd>|a}0YN4m5byUx#p81i&@k9hP_I6=NlCg!g}V(n=#aQV2Nf6_5Nojb?ejns)saLH zp2QOg#DXv&jYuNog9x;$q@#3L)<+@r=;0KyRdIse+%C?A2EB#tG<|>{A@dq$RSgYL zct2kQ;uy}eFPtwwcv-o)RtEjt!7h3XYIsphtLfUpi$2a6idm7Le#_NTe|*E3f0`xy z$H0Z1dV`?>K!3AbY*OOBlt+m*kr0}xd4*AtWYwUagfWJ@ySws@hfZrPN8#)-E3%^j zWDs;#Y2?#qJ$fee$!?($GvMCrnqZ6oZN96kp2~Q@-h0Rsp%q`GAR+bw$61DLZI08I}JMb?ghC1 zT+I!jz03Gfa$=AcQBD_CX;!^;R@+BW`3_r*QeoR}>{Qvb-WoxoA&A)yZcc#!s~8Fh zq}If*@Z{G<6>ac4=RkNs;PPf#xd(-Bx8b%SnB=?J(I}!s7D=Fp7EuWKB^O0(U&oO~ zXxvPL#gigkNYoHF#*JisfEhEay9%|IIwt zj|KX6uL-b+nt+|q9H*9~ZOT11#`UczaYj^@1fy5|yZsMd5~bR`Cbnx@Z|%AP@tsG7 z93_+_=+rmkIQo`~>_|>2sOhZ1NFIJ1%skHEzjQO+0~u-CapV6QvZ*PT6ez1{PDL7$ z)Kugk+yu6>=5?UQj~;&miieBI&XVzhd%OgejS2BM=#NcgjPzMBLz2z%k}DEYbf(HN zwi6HQCx<*tKD&wF}saAyWZLqjbmya)bW>>bSY)UqKq+;J_QepiU6I=!E_?lU(DXC{HwbcyEpnUU8||J zQR)57r#kB9>tfKC9Xg=W>#=5Q&!3zH<>ZZeVhfQDZP%n-_V8?IxEx-jV%iZ8ZEI37 z?2Z4wO%B7p_;+7yH$Ph2Xfz5;1>1fsoHbAfXyGF?(kt_rM5li{AlB{ftZ_E%O(uE%<-H(wzrr+=_$dZLrwSAewJI zUo}5O`+3r@=3~S?{QV@21REFGJWjHyoF|#2s-Kv&s$cOd_S{~@KOC#^xPc_F+y}ms zW>W2qX0p%oDsN;h;WLfIAu&%bPrB)5*%4PqeRjIF5_Zzt61R<(oD6amCmu>qG`r0!V(%t4+Xlh2T&u=y72J zx8h`R|4GazZdy(NWMwPZx_Lj>e}2+odHrri5QB*f2`EkjzX)7lNE!sPV-gw{_fFk% zLJk0#Lej<$u%F~23)TT*ZcnK8=s^K=TEp<;8 zFbf)TNlzjGOqiz?1F38>p|%C{0Je_+8<631;$xBYiWrUhrgjZJyS;EZN+d0ivXhjDONUgy6g@)yMFh#I=J&=pNe0~^ngwmo`ag`lV{oMJ*2WtJMGj_1x>af7i9vZ7koy3f_7u8Vi#56$-jvesZhUCb10M{njyt{W zE(M$!N#tJ|ixLy4u`tVX8)uwx83+k*yd|fOhv6pyR2BfIt0Fe>lYpar8DBJH0h`~q zIuL?17JLGg%ZQ(iHY(&*kds4?N2OSYQs8h0?!O6_tS9eOA{>FPfw7pCt9b3l4UlWjsQFbnloM~=CC1f}P+gtVO;oMD5w;HKE)$P zC90QwU+AXADn+4##l`;OM~(?;`kdDwDS@a-JOeG0t{d`ai&i6MEihd_AYV)F`|^6F zN3Z9z@!@UvmW}N@72Sn7xYhfn0}SjR4B~tzbz-NtzF)*+KZ9)Fig`_64>1Bun}}fY zKdt)0z>bfGTO23xc6vR-TAhZh>{w)?6-Ayu+qBvb7k8n>Bcd2T$AV#lYe6uf#cnd_ zxm>DLwAcAs-esd|_?|wCvI9}bC5pG!x_dt9YAtUkQMc_vC#vf)yo!DBNL+5t_0c4} zcRL9%Lu2!NLlfGsv=om*VawLh_lq|?Qvpd3s?c%iP?@V_H;^^s6#WE%4DGkX%n6y1 z7A{$LrTe+n9qc1FXXlgb6&>@zDmNss81U+H6oCXGLc8H}_rp#9(1;%`qoLXQVQsgN zEX|GfvD1;ePh`*4`e1`7tXnne0r*jK>P2Q&swH~a{E}&VXjSp#58%4HXNm6lg+~Up z6=M$4P!|SuoQ&ng1GS|~gVNr_KQB>JC*t^CG~xnb*JRQK{Gv}P&a-yNtBTmomSVvZ z!E^YE`aVSmP#sc!)B=@Z?H9HLE82K%0SiaGfzRf1z}uHQruAyy{H^sL<9c%EyCI zZ5~P@`C{l5)gtJp65*8d6p=#rchB%#$V2Asf@LI+ec%V zjf`tg*ER=TkCmEO0t6l2Pe&es+O&;eyu*_#vM}h^$4`7MDqDC!NBy?oa=Wr!48{UD z5-b%ruL`nW7<9T!!hCU2pn=hmAb*U={z7ya?rUQ^d#ZHzEn1CGnb2>Adq%K@Kp5pr z7^PSu5swQzf*lKjfW*}4eGJZr}#R#37$+oLnU7Fl|``+-3bL>+SP!E*7ny$X?RjNB_JuYf0G$w3+Vu=EGvt|$yVra3k_giZ^Act$R%Jd7 z7L4{rlIWxUYxWCefVnAL5YjJhOw#-SS$BGM`ro{9NIWAAc4gZmEYHRJ>hmzk1=`Wt z-pVQ`IAS!aE9P_bSUAJcY@8l$xEbF*Y@~e2?)f3V(gx1rb~Pcn;Yh9^v+ml_Ik)K^XBpR? z-gz3?p(R<*hvLoSuL_yHigD0Bi=q2Xk!+D{s{mWfptVLHuqkG}-$GbQfg;AOLL4=( zOH6O^vo1{fG#Q2@nsK%X)u8B1IC>vjnsiA%Lt7lnLhIp7)D)s(6&@w$5+sf^718>5u++lo!ihc1%>^All(?_+1A%A584t~ZvC7{W+c9zLvnj6X4 zElDi@9o9xV)rNr0 znoR3UCG4azZ7$2rSXZRHlRP&MN0Je<^f=W~nEwNNqH<5Aj8{*oU*R6wC$x6jSquwcld98&|ZS< zVERw-kEPP9;7IhWN3VS2VO&GCEJ25O; zt$A-hO#$Og1htG%OtRjxS^Wr@E!s!AH4a$Do9fqT242<`<*;MF8qXOLkh0(&(3`}& zN2?qj;Qtz`eP1Pac~u1{HZXJT3oL(vRn*3f<+lCm1gVbDKt_RfF%wNXm zjC%?mx(zE5h916MS&X^36lsnGot!hjIA6Z5N&TV2r<(coH1hJbt!}@w)cK1KbLQ*t zIUVDU+}>R1bN>^4|J+UR${O`DQqI_?iP08jrLT0JU1TD$>UoKwp-;wARVxlfSVvFR z9tUCENUU)#4SPA3tbu}d9q}+VBX)8<-f*Par{~RXsam4I`}-q9Dnpm;XD7#pTy)pb z;1>LzoxumauFt#Uo}>eJ)1QF~wpa|!l$F_QMa2|Pb!)sv{Yvv}Rf5EcH|fDS6|4)- zmy~|L%otQ~+d&*)d2$DzreWGPMflyKx*L4)qCnCzh&pngNWOH_+YFTEzfZ24mWQW^ z*JFwQ|04^%9$Rm?zsMq0pG5$SLv9?1EUwAH?5xSa?10E(lUHLqnqX33zsNTDY71`d zDj>LxXvdcGHxAroi2n~Dv3T>D?zIkF+k$KO{9B#0KlmA+*N!Zj`SFLgi(7tk3RaH# z9nYnr3+Oi1HYhDCPC)(RVCwksLa7dSpL( zbkx&|&W8lR`jiKADndq5)vo9$S~vPfp#jDab(BR`rQ<3MPhFddgLN1es`ZjHI*tNVyT3b%BZ0)aybuH=cp&MP>#d0*Uhb z8J@gG#RC<-TA8U=E-G+fK_#)exBl&{7$fLz#cZB)&gYI)4(oTN&YyvJNI%q3Aet)S zC4U^yXC+)Yy1P4k^nr456N&?0(EEK`Mbn=*hGq={np41dGEg4fp;c@Zre}^ldM>xq7C&j`UqWR zyGiE9n(!`S`wavs?)lKbh!hLuWn9DphM614nP@0KS#e%gey30BlzU9VY1vb6u(e36 za-7*H>Jaq}!u2zd4N536fnZs^=I^sbkvkg%&$<+F@B`8!ppz8s%BXK~`qY0r*X zL7_+Nh6+{C52Hf1P#c5W)in23snI6u6lsJB9E3fR?r{Ar5PSzj!zm>x%m!LxN4IVjgh1M+Hk`Y%O& zV$bI|)b6)3Rvk%UB}u#B(%HT3rYb9Y+wSELER% zR((ocV?QJwi1*-QRC^ac=uX^w`=3gx;T4u@78ZEQLfw+g7;_@R3(6C2@=#+cw{&B> zf@8omAi>#Y{S$6yCf8OHaThHg!CNoKcGs=*IHVG7_rflUMiaHWjk(kvY6%3o&liJN z3HmWS)=7Bk+^Pos9Gx%MEO}e zvd?jBA!{|MjbbU5U53-_4X zeVhA2v<}Ky#r;4h7IIED`Ss_Z z4v%bhKaeuG)e@^k*RpO)DHu`w`T%ooDbsGR-S7L4waN43iX*AZFVqL0kl8S*vk{B5 zfXFJ_WAhq{yxOU^gH zu}2v4yXb$znYSPyoS^{1nPEI2oY{YnipoXaqX5Dg0fYaBGXnX*3Xp4RY_jq%IHS{C z@IP=yF5Z0#`$}Vv@67HvC%G~I&lC{Oq)Hh`=7xR#WBo1F=NQn#JV%{ms%oaBwL&xn z?539AVc5ZUrrIy#>c(H;P z9;Jd8oWCv~(BdmY!K@+wGrk4eiQg%zOcZ?-^<8K|HrqoveDMEdFDr0Tu%E? z=pdJJTYNWKbI!YLHrsGs9HBR>W6#NRP_~iT>*QWN8nQoI>iVj+`%$73v$l(?m(yr) zRCtgd$ztd+XxufbAeil~khu680J|Qo8v+&sRML-HC}07lK3__xSxI_0u#$W~e*vw& zI6??tLzXD>d=A+qIOyLJEyRMJRN)5^C^o{)yrD!Ixp4EWX&A>-fHg$-HOZBHYGbT= zRr{|3gO$~FOHtynZd8qs29cDR21k!6t$oa#x861?H6*@z3w*v`gQyv1u_DRl#Uja+ zz`-|LP@{WyzkpgTd6*Vxs?n0vBS?qSl2nLH-V#zPs_P2Y->nCbn%lHHBGkCd@=WD9 zDFRRa^9%=RhS4WM>HZ38oq0#o#T#NAnAi#67p}LF6W)#Ik99AeCegL{6Q)MZx0@^% z3jwvgx&&sM_!wuM`5N~xxyC@eqHNp$f66svcNxg2dL;082SU#keTN*TYu=K6(NhW= zR=gqj;UO`-Sr+cw04G5E++kD8O%ZA2&Gp~(QNT&`IZBc>?9p3?NiVNS7V?m{`>;st z*71!M&CH%#5%8Ac?B-0&{WWKn&%M_AvZel)z5k*Kj9vh;JjPbAJ2yV{4=u>G9w(1t z>+^WSdv4f2oDNF;vds6oNC#^d!HF)WtKPFzjyf^q?<4AW#Q7%abckIjCVZjAi~bPJ z5qTE(ugl{{!WaBB9Jlw6VSs>^>pLhj+KDeq7{ z&QAi?`>)8CYsdq>;^Di#`xK@|@wtDb&_4^Gx>O6Ey8a6bpntB_tKA47oONksbpiMI zJFgsl4{dc?wmIkq94M|vG$^htO2p@fBfYk7KOc!GTxiDMRo#DJs;nW-xe7OKTw8On zuAOl{8Jq@wHN~NQSLJ;9>-rcRJo+a-9_IwAE)UN@ys%z(YaVf0e@WEUTc5LZa0nnz z2W=^5Fzux%c$AC`DInbgQ~HBb+hcic9A;9YO_~r`-8}(i>WUUR7istdq!HaC{aWI(%;A*=T1S)I0HJC6W@A`Lp38k=FDGPY<1xC8C@n3TQyDboTO@RVuc_s#Z5ClwBJG z_REcJNR~e+8N2Ki>s)@fx zwdz(XS;r|-cuPe0yt8q3f?10skQjw<(S3UMxbDbHU;caJr{{Bd(`Bq^tHshmX-X>| zsHUgZk(N5*w%xX73`9$jmviOv0mK>k?Fy|=eMlz3qnHJ=0&ZQlnft6w8f~b|{MpbK z#x|FHBv1!YxO*vyi*H&~`q~OdRE-y9vkWL_aM3BHx+oS**#0A-!7};;>iBzLE7caR zPFVm!7T201gf*V|aSeJZl#63g{M(>=|7^R`gcE5=}-!0V1HHu_QaPtK>l zD$dfyiJgNXNN+m&-}PO61Fs~BE`o`x2)^tZE&J`x{Py#;?d5S{U%o3>?&ITXEjWA_ z9;U6HF0@nWUR#nXTWaTrAVolOV?hFkA@uwJ*2G%Ud#Ty3A8u|=R$}{iF^}o7cY)3m z6InxDRt>n>mw&~Ac9Us?Hn#s23-TjK1B^b1S1!Byjo zF9=vK-Jkda_=I!IDj=BSWdP}+`9>nzNlj{1LF5@msMf)APzlZjt5$9EVp%DzgMndZ zHVCVezrm@f(syY=Z(Sip8yU@ux&MdsWeG9)SkH`M#=z)j-SN*Enwc*8m!)dpXTSby z+4xgyHRjW2g%#iER;8|AEXa{t#_~gy^oK#jI&36i`|C1-WkQ(; zGj#Hu5QBPxJ;obgPnibGu-H)lnUo#DH&zK1UvViF-@<>&H4@uy0DDl@EuZlTp_a)h z;lGgyvs>I>Wb%!7_#b4l!n+7WCWWCuWMWM~%DV@BgXA2CUaZ5e`HjJ6nxMM1bx=G_ zy%%!8&IQBUvbyjQnJCZ^e$^t2~RGqADEve7A~>?mv7f$%N;PF1rs=UYJ54V3^UA$++qEb zbBfa(UwN1KK9M~mW)E`TsF3008=gl`3$+Q8&)u#xYEeIY4VTjJ04X25sv2((DIc^u zffE4ZTU)RB2NfEOVe${fP{_ugYZ(z*paf;(qF@`*v&6o-iCi54traXgI%f7 zzITUP&zrw~^c~U5M{7!1_0r!qs!~>DWSZz=>=!}bSD&{_74UCyOs;B|2rjKin5;S) zkt=0t2vnjq;}FCVFn>@B@HwAmF_t`puoxuWB9yJ0t*XxAt~I85p*Cpli1g)&yqIf= zb}&T2I8|~3uU!-QJ0tg%IpXo^h!y}(klWoxK5?6B(79*n3ftzy6040Z0J_Q)xriK> zIq_uy!}3FBN(Uww~Niliz67HH|&BYyC|N+gThSY!)3#tpJ)CeM>s0g3z~-O<3g@?U2J)f@HK=b2HnMS0RSjef&yb|Am&|@Gi!v8~xtU)HQ7U@($Eg z9~RFS!(#*{NB&^{y(Tv=giNX^Y=*$Wp)?0@tO>DkQge_DSj30dUv^Wub|?^en#n{L zQxjSf7RBlmz3ekflA21U#-*JkFO`;Js!nYMQqCM8ZnbxSuVZtzn~w`z7!-GY>o?%_q+N$Af=LXyc<+0+ZF@(_ zKLxl2Iuv9W3w8xI-Be-&MO#<}^(rOfndv4A7ZOY>$~G#QycMEX1+0H%N3{+3uUTI} z^08Ye!gL7TtOSt4@g|Xv6(vR5C@0cTtJ6D!YP=yookl2^+a!9nd^>oK_{OGo{gB-H z9$u};evqHz-X^~^bwx@swlimQzjx*6x>P!x%so;mluNP9tFK)@q5Nzkp6HWY&c58J zkC`FwL_)eT1j(NG+I`!gNw^1&e>=d}eK{S3g{s-5v9Hl;lTl7a_43V^-njxEn?iOHWg9# zR86$aV(#OcjbcL|nDH`JHWsL^a~(zEDT*-ZIa zuDtfSCSPGajbK%dDb2+{f6v#ZL7nX&+(_9tINv00T`URE141GTBXj%HArc}+$c5Sz z*8q$YhdSFyd`HPK7YmP?BwOt*d#ZG}3|FhdJ!3rW?PnD2?Q6{yUsJe;4no38(@ZQ_@mFUSJ=QD*}P5L zvF~p3UbfD8M$wWeVpVg1_oOPHve}~dUC*rbR>n(ZA675p?rev9Jzl&Kj3Lg6j3JHW zQA94&dyzx~Uc4I=uEZDchkGadb!hN+Tt|D~G6cm7=40vmle3Y8uSMKz-(RZpfImkrmwMaj^il6MTHjj_P=zK` zo0B}sx_MY9bZ4;Su^DYrfmY>eF}?V^A8}g>Y@}XF@YjKVi&YVzmuKhSlko+zofC5U z&NeTrn6cIMWJnW9e2RDoK@oUt?>L(gG4rpO9tp|JIsAqyPzr#Dc+RH>*oVQC zHjwVI?uB#4Avqnwr;}a5-ox%yR7m*%GO z*06w#&W)t-ALtFi><8HUq_UhfBWOH(ENr)f@?A(>B9_|SCm{DN9x93yhKZp>6Jz5S zhv_WA7P|7soH85SGn2 z`uouc%VeDxBAAe}NEin0U*}`A)9JT#(-VpeE5K*V%hxe zDD|*_LYuaao5LYehFeug9||t-DYPq0pR=3+j2l89>!iUoP=LEg>rXS?RMfDEBBFi2 zTl#MPQScmj$dJ+HP2d3dhQM`zHZSR~*rcRyslgMEjibZ^35IFmW?9xf|2My0<4K)e zj#yr9h}T@b2^X}a4Ql6Xn}q4QVQ$oZ8vI~>ztHp|X(H@4K(*K`g{NSL(-8`HLiNMT zJ&Wa)4szZPMDEV#Ezj+uPL(?I1J? zRw#g^Rrn7~+_lm_tPJ{t9MPIgA4~}F9fnbqa2eO%pBy%dS$exi7R}xK4ni!0@;ZD1 z9SfLZ8pnV^{F`Db`Nc8r=>Po;5{wq>y3vquJi%Xa5y2f=uR9MYz8^Z90J5J$9%V+64}%5kQ0^!GF`GOz(pFk z_IwT@N68S86-tB=g^ECc&maDtI4t?a5H%P>+OHZ@#xJkwhB|Bdq{!_C;;4Yor&1cL zI|S6)57Zi~n_XM?8NUss zbO_zauMQG#yN)(buMRq`Y+LxdTE|m7f&x4|v`VdZmP;JZ75!vCOs&N?y7hr3W8*B9 z4r>F4F;bqw71GE2?Y|9%ft)W{q3^Gv*)$K^VDyHzHSP0_K&!)+9U{Gu9Ww z0WXMMzAW7M87r~pT~->ZHa3?2MSc2tp19*wk=$?DOj3qiWfcmEw0E?QE>luJmf5m6^ zYRY&67!aw1om0>&vezvjW)oeMM*&>T@Ilx9tSe0C>hD{v;F`Y9C@M!T zO+_Jrx@HAGAoUl-4*<5+a2BO`#_Jumh08le#79JBa~;3yYlq8xMn@+uHDIy zQsd^vN%jx~%Q=4f;bX;Mrz`)$R*Fd%Y}3oF2-m7-}KC;XXYv=m9hxd2u$BJJk(o$C5m1S#{_tpQAsg{m= zU7hF~?o)e@r&D|c&goPIpj{D1U;P~y)p={!HmSE7Gs-K7K!52z<%;h&)=cdmQ`o>qote@9QW1*4v*o-*@+iHDA1Uche};dsKViLz%qi z5@fduwxyL(zb&K*ID~4S4~yG4&6Y*RUJE;BlY^z&v5gmrBqwQ=o>j?8(hmI;lS%`W z)bS?d>Y@MC;fN1h&9QVu^N6hN!t*st)b-{0xSWHp6(h*xk+l-nY*N8!`f&B4f7Kp{ z!f}n5{hgqtq@>|V6Z7o=7gYzaecE|@M|m`ounxcZl}^G{IC}a^xVpMdvE;n9a;p%; zURQyIp`($tTF9n|EQ)28-)0kFsFvT$ckC`Rsn;Q+)-Vh!+Cr6_^dj}EBV+}Orm)$* z^Jw#C`}5k0+g0r3)RbIo>}F2q^U3?ofE&fu`=5tD$LIB!6FWK85`WIO#a!aRgqc!3aZn@3IK45tQgbYzXI;7l{sQbi5eji@S z{HA_dRFeQy9KOGdJYK9UL|@gbo)VfKhzydTI6# z#aH(Xpr?)4)-$20$JH+eW1ltv?nUMX%EM$C5Lv?1m6TGD_c-XU8WOy!@XA^Tg3jc0 zM;2-)lb=quXdD#IZlk&_R5bah2K!JC#tZ?cBn8=%DAj2)6C%0cDCvNdnYct^j!@g@ znk3^BE@cjQDQ4Pau5vppx!QaGi-WmW%iC%n6()kDVeS~K!;)0fi5>rHnJ9ROHT8ts zWX?$jna!+XN2bmIJKavNn_1qAQ=&vYN!ixvZd-)zuQn3ydkLD>r`lRXr4(qFk$3=E zU-9Y2gmvu-u(B3`@71In-Ic#AizPRY%QY)j58RB{shu=pDT&D@#&d!%tPAw+#*fF& z5oCF_w^W+{NRNEKyu&a~8vLnUY@$?TI;O))N>Sp|SZpZ|z1@I={WAXeLEhTVhhr=_ zrpGesbrE;Pfqzve`iCTU6MyBnvh^Dzc@bhqvUxB5SkY;RVXpX5snS{NaP6(qTk42h zyykpKOy_P!=7Qn*18}~~GOO;X=O7}yX&^8mLsAU#u404oIGAoXE}TGA~}()EB(z3C~0e7Kx;(of{_U-VcKi3 z6QI@7j-p4)J)l%7wC@4!<2y!5h(+^m=1@}J$BKv|0{itbGZ1jS&pMM;M?}VB6O~X$ z(b^I^$p$1MO`ap^#n>+3^N0!@-#0+;i*0}ICbh`9AUD)tBN#3&NDo)V10}C&(Dko9;G!y zRxCY4S13kstae0N6rkT8T1`4O&H171ieNw9wtrp(aWtG7CBWXbz>Q7M&}d6^GHWOi z;vUYH_%LvDW3n*XZ4i!&d#ttZ=*-@McEOW8SKE|JZLU2hUk@(3cMzBL zd5|QEr$C4#iYD+4W2kH>@Nz2~uE8K`+q7_v=CZcTU=KDaY+gt~{42Zl{zrCms^$x& zGPVZIkiCUz_bQ~aa8X1ppS=Vp!$N$Td_jf0_;9rpuQ(ONsFK*-1nO-=wg1xFlQ%o+ zh@ljm?(<*HQ9@4Idyy}{g;=!rZMO-((^&N88SPe;!J+{cAXt47gZ^smzoL8X5k+ek z6^8c!P31C3ae>F+--3Gr?XTdj@a+9ZaKq*P72LPLwt;Fe${;mR$SdOjMcrkW!swd{ z%+Q`OCW%i1>cCn(*P& zj`*q75Gd+r97N+}zh37Wy=xXvh^{ zLVi?WJ%=y|tdjak8em^+GrEN{DHvx({N=4ny5qdD4Qsxe`vpHXvUPMAq`*UHG9c^s z_?2RS8>Apa)th$nJb^($>Oa*zZkSv^#U?+hTDv!g{HO*I4IxJVCMOg>a|`sPaYo_g zJ$Bxy)bNzCG{@#`>Vg)zAz8!OVPuJu>?pT9kLSiXSi`4DEm1Q>D47+E)q$crLqyIK zIgzrenZ~-KlLn$XS}l7?j-tb=gBug_MoXs`gdIU296`Siqd7cNmRe|dsZVu#;C^O8OoZe*A%yJdF%|AI~mC(02{!f{$6EY028eRnzm&BKE zl)+LO{I<&pDFlVm753DGLhOSW6tpwZG!X0F7Ckd1QP2t96D)ip<-ctGul6o{(VHte z^~It!Y>R{GYIzJ0LI@Q6-M7BZ3`>&4C^RC5m2XTKrLejJLne?WG%Se+DUSsyYcJZ= zMzXpwbABn|>W1F722#q;iC8c3$CH>;s46bdY^*dg z*{Q7rqw$O4^2}J3&wnL#OpB_AiDTx&7_xL0V}7{Mi^#VLZzfw!K@?hZG_#R@o=%BM zO@#8wn*bb`A(0j;Yw_(MqsW;_4q6PNIS}FvPGHssQ@#kbQ;}kUc2Y-VC9|r^a_b6| zx6E2eVVSURvg(FHmq8w>-*3At#PR;NZn25Z3#IsDt}b*P&pcww?oxgVZu)gQ-?8xz zRkepXn{m{tBJ$*wqbZ-4pb2y(RG{UhDgzhVdmeE>1PnECSy*?Wiim0!^HMpI;UXYV zaJ*bwj+I1>3Il4`iQ%r)e@U%YYVY9L9^%b~9%%tG8Vxv( zSB)a3@=f|aCGM+AvZdg!@{gz8J@LJ)`qRq3wkyii%P~-bR+$$OvRUx4LirTOp5AcB ze59ufmod+d884Xyr=TO~(A-=6yeZ19Srtvh=|L5N`)&mH+ydKzcn+`@ z3GT}f5IGLYVMT1bG9e7uq7a)QbIlQnOge`~oNJ=gpJkgag=LjnXl{FvWMBVNi3l|Q z4S+aHHbgO*TjOSeft6@j;k9fMmgGU?(7v4lX0ejeBLDR~jK=Pig z2w8n+-bC*(C$>6cm!;6ZZ&T&wsendNtAQwwt%lDp$K66A|CVS|9t0`T#arreNoGBk zv60XKKl^Dz_Jy$h9MoMnt+4&)nHbIEu5`f94G3|AYXMdympp?yOXUlawS{?w7B(Nq6>(&&_W5L->hR6a_%f;KW1S2vE zh}#akMCJn{ZC8o&%WR*X@$ZrZ*Md#+BPw3>HtgQ^W6vAwX{0AA2`I7&Y?6v%7pA`qgX(b`!^ z1dVPc3lxYBi4=MP3Z!hQq4W=31{$yJu3sbL^rWm{%B=fg# z6aWS-^>yZvNpn|adR>1T4tJUG$c3p>Ywj56BwQALm5H()(4&ecBS5b`^(06i)iqVv zFVXhuXkP!Uw?qB}j zz9q2BOuI32O~v(oiLl&*l-u z?~~^qtU1?6#fWztDmWZ!Zwy}Xi3F@r2aGMGdG7#XwdDz4BAaGO?7hR8y zXm*3NYzu7M0A0P@wszBR1{SNxvM-uxO!0pT3yyu&;P)`81VoeC#UHcU4G+G3xxd_% z0jMa<2t?zkxspR|+_{};r}q&h@{R$GN=N2<^MGm#UK>7b z@f4JAucWL2a~uL4ElEG9!zue=V}s@|(4eca3Ua&+qkm ziNzxBL*iaV5Q7wRYSoP+K3j?!7kMKxBIh%PUgW2gl$3P&t?rG1q$Y{xCTHksVe3cd z@$9k|TU5v7fMVroU5tT^{IX96&H-Ea&G*{hY0_MFg#{h|U;)G)K`ezYamKe*($zJD z@qMNV!8%D7#kJ^}+s#MwG;Z^^a`i zp&~Un{Z~6P_sHaYNKsNF(priwYOip456>*$D14i3Ba`mE(2vHKQ_c4xX82aPi~0ZT zO9GX~);zLU9!Y>kfUT#5_o8t`vc%1hSpBdi|G^|Mk$>c{A_WZ1t{9uKx1-5%L)P%~ zbV^bP4??KR|B?k>g6g<4&w{iu=44f+R%hUga~H^qbE5xVfPd!HB;pt4)Xl?m(7!A9n!U$C>M=T0)*nS!c?0WNESY0mm9-1j~ zAXJ8^^~ywcta?K&=#7KKO~k?&Bo_}Js`v8=S2ifvF9+4R-xX*6PDhKY(BbH?D0tc4 z#)(FfBnj9EKQ;L`tjCwE?6#BAuJTben{(jJ+fTd6w-iJC0&GDVp5S1pPUf6SpEY#B zo`Vb~qtiewS1Bpcan5caqtX*hNM?``H!C;pp?Nwy7{g?c{X*q)2PYG%fyg!@7Tm!fV5EL4?TtxUtJd$h~kiiF5@QN2x_2Pwl3@+!1HV)h>= zdU*NXE>7lhznJ+xAISfB{IRw8*=hC0WBc}F=IOEi#%}YCXY19~?z*4TpUwt2P`=4< zbA%cC3TWq+8Rw|Nj50ojZ|0~v9KiGScx55=dS$r_PQPL4A~(X^IT-R!BJFqsXZ8JO zPyg7$CYu>M2MU}Y*9Q}-k@s>%sPd_p!zvJRTO?ZcQTVb&r1JS+dli*Ws|=O*FM)X0 zn2y^VkGcwh28`ftSn0s!TpMZdU>Ro55h2Kdiw7rl4;mbXtGuxHQ#|;itzd8iW$)75 z!L8^wkJLIaEgSp@O*fwQ^Fxv7y{j_#27WD<*x1*r+#H7|0{}|cC1q3d7;c(>k^^0( z#~}{#LDO}bEBAP*i}}3h+4H9Nynw6ZD5^}DMZxi{`pmoR>ESn$ZC7h;Qu5}+rz-Gg zRn4_45iwW$7&Do$))*eH)d|2tCv3+5pvO>7DJ_riJzEkCR+1deviN+dR?qp!RT$3jwa5YU+NCfWMuz})kp z07JxJC5M2LPEK7Hoz61GJX0l+SD39`W1f2w8Zb!KpHvkXbK zLocaJ^eix4fPU6iG?ukN(4C)?NvoE7wn6IZe}BZ^x!f)5b=PF@^|cPk3e?x5ASazY!K;?_er&_9T_C+Tc3OT`jI*9I-O|c zGo5kqM5OAVPp)g&;-v^scI?!oCZACKM*2`uv^67@?Nro8 zXmp=#505-}p;Jm7H={3H*Iw>=@>NO>w@&Kyz3A0!-?uDK6&D)0h*$as5)bOSPLHNX zV)u)rsPN|&okL}q%goA8|Bh2@9?;?+D#5InJ-Xy_NEo zc-15WPjKEeKIw233di7@+Vd_`6|9l8l02sY%UNumld`q=Wh6hW*uaFyR&Lt@jD#g6 zYDxh_amLR>jD^D63LM`h%98*+nPbM1{`P5lC^;g#g?HXPKaX0lChnfgC>{QZHwlBp zKyexsV@k_55q7}!XQ;SvA2a|s!^F(?Q&xOfVYy9as3PT7pz@Vn&9dun^XV+GC=eSp zGAl=?a9On}VMD|0xuu!qSaQO^Pp;v7ZZwCB8TvD45kb8GFp++P6_P_|6l`jqbPHBE zcGy>MU}eR}>NlUQmJ;~d29q3wddkC}DYx}}czJ|bTLE(Ux*U?mm zb-Y*&#(l*&?yZ;m1FFlEli*%ZxX#f+_#U;iUI&@+O9HiQjIA=z5E+Uc2%($X`-?>=GMA1k7T9Ma^Oh~B8(+`oS(30I$N*;bB@iEcGSuC|t*%stWC zbXn?uVH!!klK4hfG_;UjB|3A`WLkY|N!B&yQ=yqH+}l85@^~xg6L|ZeMmWNI1drcd zax<7NkEVMnJQaO{4VvM!)8SmIkyK-Nk)vTZNjleqzdMDmg=*Y7gtbh)2WXUbX{jv{ zc*r`b)^0Lxk(p&%9AjR(7(ZaEo5o2o9<&g|qOz!3($pi5t5QuiX+&DPMR$LT(v0#{BR z*?L19rnwod;1LLVk2}5+Eo1jA;tBn9`LCLwf0j`)(KKIn{nMmRhz;A>qR<+u4OC$T z4fhOf+Z%CnY5V_S?yaKg+P1A-2tk7ecXxMpcXtc!5(sXAAi>=&xI^&Z?(V_eA-LN= zNVcrA?>_%sPq$o3nX}CC%EM@_*IK{Yy+()|D?q<-5j~|b7`m_qp+j8f(klqJVdorBI#s6{TSBy`Fku#a{wSV5Ng z4IvdjO(!oz-OJA!ELsW+x_VKZj=Cdniwa0g#x}TT@oITFm3b?v2I?qw*On=DnOo=h z{Nx}s3#NeLG4NH*J-CbG?nA2I=AzSvCi;$+aWEX{at6%%8MD565Y_%90uqjFZjnd; z{zm-+f3Mk1wyV7%BTxbN2T^|OH-dy=9@9=y{T6SD#W#pe{zGo?o6MgwzJw1f-8#PG zAn#5rtlT}iXwac*^a$GhK;@|+I%zO5Oh!JtoPxu`w4WNCGz~4l;l0+uoLa-(Xn}^n zic&D8`4i=A18p$uap)Q6oe#?8e%cH*dkKq%(6oc#=I?C~0VQ`;q4jFKAkhvuTT4!p zummd@f9wB_7y`=@oOVe-rl^6$^wXV?2}%pQ!p}He&K;f9kq%~~zR~|RL;>+TPtmm< zuRpIev7G<%t777T3)IJ}`Z z_o#|rf?P@y{;t|!ge%TwXLY}BEmxJfK%I>_Y>lh7y#8=SX zt6r<`(8-J$@VZ0ppt?OcIEjXob8@eiq0rs5hK9r}6jS1Z6%5%3XAY%YOeKj@k5tZ? z%g-(<;AMKFN19VQ+-%i!4lA%TIYw+Tws%(P!+TU`PWZQb2NMs+^z(Pf(uRg=i4GFk z=Bs*Z#hTR6)AK;f`p!%Eu@i^0KGnZldEPadVb$ejTOX0txOw=gQm7i8IZ8Xj-86}q zZ;i()RYJ8K%}%DJ%B$AcxFi{#-E6WVQC=DYIph~vg<5{eM+-}wcf%=b>~4Pnv!kjw z2$uEnY3z`vjmY}f`RHv@>dJjG%^J@PO^N%@F4G3qf+|8flQ>IeZre_`-6FXUJ#V3Q*XNWdCyWL3Lj=Y;l zC|B*6=bl0oPtmyqDgyL$ht02V0n%ImcU`-iY*pI=HSCN z2|SHBypjH{1fF5nq`?PB;GL&%T_+8j)yquKUpyFp%!y$vSrNegTAp9icS@5ijs3MCZYgS=2lb#HxKHRsWzRfpd3O_62gDjetCOz_< zh#|dHgXk9tL%HHA&Q{(CC)X)1ppnm#kQ94Rzm1vHB16BrD>ga*msSw|={42i_yTAJ z#L8Qx((yL&r#CQOT$Zg_NI3DUnElVEa# z$fHw6R6k9l(aNWRN5z`o3*#AEYIs>K4`U?* zLG@X9ckAJW`I^xUrwtR-y}}g{JQnDSrbhLZ8KdJI9(hSIRO^qLrBWAiFN|X`Oo^K6 z5ghWiDz;IFX=NX0!$aSEG_^35!CqhTe$}m?o&n!rR}aj_m_xB*&=YqoXcsnGb7h50 zI;G-qvH~hvkxUw9t1(w*^RcH_znnZ`8rh65(_d0;kU~Fc%C^)o^lzTJ>@#8xbr_ak z+JV-S*{>5BQ-ABMm5PK8Hh1y+ZNKj+s z&BPWy_5Q0|2muOl4?GaUoTI+*VuZd}Xko^8qR)2ZvX!l_z^bvjc1lQqTMM8*kV+I) z!*}akzkC}_?B(B&#BD&~aMH(s(jfX3M{r9b2$6I0-xd_HLvFr>?`Am9>2JYBa1LV7 z^gA|4JZ}f15%&tlS~%zm22VCN7)UX)U zi<}=7J45j#oD8iMxss7E)vCZ6(XkvjPLjKm4&ZV;ZsE001-aQe`hWa#h2T_1^KNl&Wjgm2&buZeh~8@ikl z#+LaVuQf0bemNsh8x|*6=^8+CT9}?H%{`hOMtqp6OW<6J&h@9(T2V|9j4mkR5CHB} zA+<@vpVM%rCoa)~Ypc@xI83n{-#adg`sm*kDNdevdbTy`yL_s!1YG@*t+HTc;r9*W zATudplKdnem6i#XGJAK5O4Lh{D2Z!IFo_G<>kbG>(zl5MKb6g#p(^zLBCj;Nmsu=K zC&N#76LgDk5WV@kb5Q6*(;f&g2Zg|4h2Q=lZUwC1t^fv|elZL>V**(8g?W3zwy#f7 zv0PM2J}Pmo)a{G7OULj>&X7(`V2v#iU-U_U2AHtmc6?N?7XbEYgLw zs-evaiSx?am<=%PPwXyX-=qPz!~{!-ZCVYv?1quQ~B$h}ms8I16Dph}J6SNOh zNm#7e4K8`^KG11ZGxOjaOnd8)sIY%YYyc?Mdl$5NBS@~qD z;;egwkLp`911)6|8x9@gaa5h2*Y>Vuk1$`7@5?_|}yrhJC!U2?+LV5CVWV~%AhceW;*{;s8HF*3pr#jB|@G;6-Yz$gWAv=@8 z6fK((MODG%93LGvh;V(TtJ->_4<7BwycKm8rBZ7;11Trww`nk{+LL4Xx1CJr@y{) z*p*a{U|0vwsL3DDZ~)Lf!_$;9D)blAeJoBna3f^a+g+ZwH_sgD z_=2G5VEF~J5D)~Y5xLXWdkeao+@+{Qvv13*X6H;`=DoAwodm&+ov{!CW&ev)jn_o4_paeGz*Sj-;rCvEj8x zaHA!|S50+#LI6JqAJ#%*vV!DgGd;FWG2Nod>$G+KWfFj+j=3{i5`8F^dv)gNI*FXp zBbwp56Tzu>#-u-cvPayo!IHuB(&I$O(f;aJNA!kq1sf%47?LptI{v}3Q+S%V%4$LaTUMlx_JDVl~?i%})QksG_?1JGn0C~n=5?LTMp zQCnka_qw<5o-y)Dl6nt1m3JB?fulJGZzB8H@A*7x_Bx;QB7WSGBq!5o%VW-KU!W8^ zv_S?T>%r9Mg6I5#_=MMAMwtd=umYIPp2nrrb!zGIO8L(HyY`_Cg&&|Qvz&##E1vWr zT2B*o2NJQ>2!Dk;{Nb6^_qgl z0Nc9})4+tI{hzk?0u2>+{j2RA&jZ-rGJ1cpy^}xy+xxNo)%Nybkl95Jv~OdO*~I>B zdlx~x+TJ}_Nrjeh|7mnkZTz;qnc%~UBf$P)ds}k;w!K*)|JdHDe)!_BTI(9G(`9E^f7g;4Z52?{1HJ-`}gHJ`?zuVgyR zK>B5|`YoYJo5K+b#F~ErOzykD^Rghm7Ej?=DA{Z>!22cw6AcUij_Q&CP0ASDX-U>G zdq^e-6t>RDAAFi@3XE}7L~NTOeT`nRwZEpYu<0ruEm=A~$MO}cA%~UCy~WG(Z7<}2UtEx?=h%HRq0!+zq(8rAg!UI@sy;TU{;OB|f&Qe=wx3%a#mzL=rOCBQVq0 zMJXf@;UpfM7yIhKhM1k^g0_7WVR?fVu_%57D}E@G!1!@UG+Ahz^EKL4nD!^yC6U%a zfkQn>hG??6^)*b7c@VuoQ*yp6nXnGRF>56nCfQZ;GI;_M`92pzMb&LmF{P3-sUWD0 z*X#ab{fNHp(c;AWWbuC0CETYEFwL=E^w^$9QhjzkR)2*jC1J1Lo7g!iid_xHxw&g* zOalDfh8C?wd**g@spH{D5ycU?}{nRp~)-6wWDZep-e+pvoFZ{Q`-iw%>k}nH-Ebsy+^c+C^pz!2^ zSo}gEpMo#!Hc13{IZr3R^Ive{;ulug;^!d3<+@OZi&PK#Pm2u3soW0pw6P2z$Y2aM z{-8+^ogl;MaP61E836!@@wHmfoEcqV08YsPEN*Fygq>jkFmMP5{m@KdW2{j^j$CRP zyd^3r6%6r~9Zz8n$96Q1SO(6M^fD;=q$01Uu#Pn!_PM^tPa}OhfaZ*q6d{yzB{7!8 zN45qZz8sD~3f^>NTHsy2O?bci$72`%!17C~ERO0&Zi;JX2_xV{tavZCeNBv;HLNd; zRG@X9^Knmzi8(*l1O%Cvt30jP*Pxg8-d(P=zKv?>%{x4s)-2)uC#eIE9@>A-#WE&> zBC6?>X?d9UoHah0+0vRwRQEL#m~LYAK5f3HZ&IMm$$)c~e>yAjmaz7uusoJPBAa@A zCTCQboXwTLun0#wDP{qte7EnXy(0Z)GM?a8L_1SA=(o4U6b@>W8m#-SPq{l%6_f^X z^R82_PBP}bLI^K^&ZTdDfR-y&NEMD>tlQ@u>e%PJo*!}4E97w0q2C--lblJR(#icZ zQHAm+QB}CR-$aYw7_lqD$^&-jA{Q80offQ<=GxX`t69OW1yblIeEPUHF8>akgDiRN zow^EmL#)!il8^~SEGc-W!OCRlZVro9x`&~5siPjNIelG5^)mxTB7#n$T`_eIj*2vLvv_y{fs&IkG_{Uv&;h!edyN3I6YaickrZnuo;!$Px$T;8pV? zgH`1%gTpW)Xq)I06^_1y7*;B z)&2vutK9w)&<-fVdKwt<*l7Pygc}SA0Y#YHjOLFbJcz#tD8e{ZfFgW8B;*>Qc?w?` z@t=dI$xEHL`Y(eA903?Srf9Fx-&9Y9G}hz+VKc%wGP#u$`3A=$!&Nt(y7wX;jPTq)C<66)|35)liO@_GrO@AHE#LiwFyGlN#Dm>4uh@_Q-Kp45Av+%D}5c(Mkt*B?M8YJdei2>Yp_=% zd7UG9pbGg>H)J<@PVkSIegTYYgS*(uIJ z)CNezOcZMkeFE3LS>(STK(!{}%lID<$oPk_Gmk{BkH~~FAW@MC9V6=Hy8I=A6|FZ_ z6Rd!XktBGVXz%&%Z$_{fn){q9@w^>R0?sf3Pwe|n8cg0p2pcfOg)?9b3Shw2R(B|P z--ZHbL>L!F7{_&(IhUY=rmo9n!uwyRoy)ChSc@7784+ofDTjdf6$ z@~3VRsX{%2$49eDI#1=i)bu_WUAS$B7ae2(eT0$;qEehX6IP@#wiGAogyD)OeB5m_ zV5AwG-8Yz;WJnC|eeaVy)k{#$HP>oXtg>f~@Fk=)2W~w0zY)NE#zR2oqP1(?s0k1i&kNO0?WJdX-ZLJ8v1$N==~g!A{RSqZIs2_r!~CRdG-J) z^=>ng|EG7DrtR}t_w}aVX%7=SP~t}Jd6u*7(lC_R{pibl)*hJvY5Z;$w4barC(1^n zK)%i(y{l%Sc!w=bzO?w*&T}LE0-6z)>blm6+SANSNT#4A{GLTqG)Z)j_QEy3JdEuJ z{qCJ2EAbbGfuM!&D2r8f-502#R2>91EZQK?*apGSNQoj!4KXgc*_b^f{#TrHsS6q; zZJ@>vJ64Bp=LyVXtlUS&z*{u){6U{I7zP`{gbd6)y{&b5KaK@bcUg+!=5YaOT9Dz%+4-AB7VDMeucAqkN?@OT78JYZg}Vcp?jQ98^@oqAFs zI_#|sxnf7v|5O+DEy0pnWjX(#L}gjNW3|-ukZC|}8+sq~(+?RfZ@IyML`Le&QcJgl zPzXNV;Wpc25V?wY@p`)uY;v0();%e0Wi0{TJV$vm&lz;(mI%)#RKLcSGt)|q!M zk|~|20i-7EgC?CopGx|+WPYXYQ10Bm-3`t)SK-lMg6zmb(incMjO@O?&%6(@Zb~C+G%RV~Gzqk>+ob>^rRPU1KO?eLwpo-_Q zE7Hfq<9V5WV8xE#tYjPVO23WwDcSob)Qs4}W7WAwe&{&Ec$>zIxmK^@n{kP(Zo5X{ zTuTyyx`WGMfOE^xp)D$(mC@I`nC?XK1@?W7@Jua)xo?_pEIOq>rfq>uGNy^3Z1{`c z(VBR1i4CdGye16YE&Z>myC%lY@4 zKvFc^aj>`o{>1zElG$m=jV0`co)@hCbUdgjbYgSiIy{W%!~;__mXy7gMuQForftel zvx19y2iwAwA4or}MkXacy|zyf$#T;A#z_?*W>?2Gh;t5W!{7ccpLhYvC&IG4^)ejO zJAAAf^?~+@n;}gfEL8MBCAnXY%ZIP&2nGZhd;>fTZUaN#l}O+V4R{y^n<4~0|MotN z@REQN7ubB^eeLgj#FmB{+m~gK!XxO2tK#v3Fg}w@N`9hDrfE{aSNZ_vvjI5xzvzSF z6fEJc{+NVD3N%U>RW#|p$S`h9KwbX-5|0>>eYHMn*$uMqQ~%TYC^?3HwLY*i8Hz{A z|6zR`cniH+A5ZfCus+_^0M^HqKv`Ga3{1eOd)8Wd6#ah&PGJZdiEyp7^WX>S!&ig@ zF5`Ilct$m|-@lR9s1M2Gvtk-j%)K?r$v63*`~h+`V0}0-{;@t5lK%f=eOUT-j=O(* zwLbJH{-*VDrD$--szeCz2bOux0DnL~^WUtGD-DBJ{vZ*xch(drJmu95~CsJy0(Xcy|LjZL^REAX{`S+lu}yLI6v zPVO@8WhJ0_%@bGGVD=@c1|KWRh z-E>RV9)uefGUXZR5aUqQT%!i~F_b%t8OQTXwtW^b@ZpcEeyhn!svtRO3o|*$R&&tWo;7 zt({3#%lYN6@6x8!0=WCJf71(AId(W(pk*=iVS`+jJ%g}a1ADcV2Z*g0m@+uP{)`jC zjtT6~vSOhOA1TP-f&H21ulw_v4zNE9<0eH5x<=dcK>gkQ*|XcZ66tk+4#o%!vhQnp z-Jhimz61NS2CzTV0Q<9&w`;)b{#?KSld}e6=Mq%c)U~ioc>K%W`E`F5e%+sMzbO9v z@_T=Nm*0-|dw;e*GB<@k`(9@WU(XW%Y%?OO>R3n5Zj%Apl6QpX+ASe?$kURJcAS#j z0#mVylu~+LZa1P^f4;v?kH1CfVkgVr^Royo^321d7{eBPR^1CuSud!t93k%qU(^DZ zjKvcRRmraHxw86~rx`rH0K}7^%<_X-m1Fnf!~`x8aVNK|f>VC^f$?7LJ1}cc}d zfGBefieb&+=;hjbP^r8G>qNj@d*Xsl?8L0d4aUkWPreCjlEPQ3A^hQCRP@5QQh8Q~ zRZZJzxV*Nrc=rchP4NNAmC6^YB3oSCgP;1X4HQCkHN*%#*VPK&Doya-V`-aPXI0h; zX7(d(4^pqYz|?0b8=8v+2OH0z#k0Q1y!Tdaqt+xLOL4pCsM?K8BJvPX_yq+SR6PTU ztAjc1K)kDrJY7uEfDEO<8BE;rc~vhncV)L-DicpVF(C|Gd7JulNNuek&0Q!yAB4)S zXYxUO(xYc05}X3O8|y)|DX6;s!G8BR<~x^Zv#nm~)zs^#h7PE+GTS zOS^O1cV`!cCKri^@z2iqdlM?{IYA#17JYHx-r^8Gh+aQn{5(PYFp;y{f;X~w0mUPM z2C6coyD3n+Btn7CwpTd-t}>)ZD_-k)p=sRK?>*vgc{f_JO?dlkll|bevj8^F4_%H= z`~>IUL9W}m77K51IzZ-?y@rgR*7_oe<2!-xJ6_+_u1jE#{&oo*#HFK+x2_R^jQ;~t z;O3e5w=@0+(bJAqJAAJb%qat&yK63QVd`7W%~smlhqOGF(k@nJN$GGtaVI`$UB02= z9dOhQ&UQjs329$6o`Cv+SmoD2lLG!F@*y> zIYbNEq$EMbq!Y%qG54|^i1%40SSYC8o3#b11gBgS`DbZV;*iRe#{aSV};wYqGI|LY)l9$*O3`k`ydu zh{|dP4)brj%u>p$k}+7kJVn?$)m zPtP5ZrXvaBjI0#O=zVJlUb{(a9ARF)q)f7ArJDFHpMEeJk(dcX>WTViq?Ys^YSX3! zpoOdYXH9IKqD+yC@3Es+V{Q<`8b0T$nAJSU6sEzX*86}n2r5F-Y%eMQ0 z^WJweS;YeRN=JoI_7sj&c-5F8%pCfckLbXzx^&gpNj9(qSrpn0^QH1V31UJVNJqka`UJ}?n-yLNd9n`56Z~eUEo&%Vd z3HMB%MD5cP`tGDVP@G*%{k*&d*_*qN8L2DeYU_~mQe!t5@PWeVeJW!4T7hf|{Q*zn z02R9K6sT&pNK&bJ>R+&|?biwlU?OneGZny=+%>P3a6Vxhst)m>`SnoLug4_N1phE) zEr|b?_*0{(Yv2>+tEvBBnW~LWIN&N7Jlv)j+=me(gTEiAGoey5rdBjD+B!NP6IbDn zchmVP_PYwYM#WlcBE5by3pLUK;gnZk%BL*)6^w6w3wOIkuzbE32X4xWS2h%EjmnD- zd8%G&?rV3AXMt^{eB&*h4||W(N;ECoC|2BUKlrY4ujVZgEF=|f#?IipjMu5?(IHRu zZE6jKJB6bQBuP~20R)gRpVVZCgxPUV)SH~E>kzQZ4?l@ke|0~AU(~oIM7^Y+<{qSK zR9&GHGn0||p0qs3Ppi9Tn|JP5!nrz8KdVlRe%>QFM=k#(XWnFVo=wmO;np7KHX&uL zLRmNMN_14`k=LL>W8Me0x{59oyVd~xf%i+mA<|7aRl@wq3thsz3*zj24KkYT;S&a$ ztrgPjd^cArZYNjjUz~;6`BLbiBlgD7R}7FsULnI8a320!5!Cl#zJ&QcrU$Z4riZJb z-%qOqG}SLn#XAuu*G=+A-JPDJCf9;*NZ+@8y>m&ck~||uH8-*@UE^Ms<3Dm>##1Xtq6_ld>u3b%ay@h&%_ zUMy)ax>?w8>Rf;wZwH_tSF~~LBK-;;6i}E#{R;eq#^#GrSrX;94bKKiTy^aln|kQuCe-9YrCX2L85E+*fue57eOe*FAoH!(q9 zp6cOf5~A5Hslpn{D85*Z`C+g%E|fl8-kqQ)<7eGPTc-Z#NLpZrXAYR7hhKv)-Pbyk zJ@@V?C?(Sn9csFkw$zrlU|v|@2DxKqYufCqO7OFcIdw|kv6HD;LDV*fA{BYMR3JDiE{NRNuW$~eN=L|Y;QQQ( zS#HbMT(u7@0wFsBtW&M4x>EVtJvG!xrdN|iI)TLrD?E)iC^ofgFHwds+O+I#x&s?D zzfLk%bSVz_J790{VI2uyY|zhc=+^Ak1$qE`%CSHT&0oGMcwh8QQjJa$td5;mES<~iN)5x0q1lGkjbcn1YC<_)kA@$S zxnz?6XO3c$XRt>-6T6J4!Wz+u&%o;EMqs|xxK&A*q|z;VcT%u$vqx9`8uWBYd`a$|c^{|^~$Ri1xq(0g$KT|GUw)^3d;RG*=JKVa2j*6kN zKZj*U8_X^69Do%feB=9k55gnm)sBh?m-YXeq(Hw>MxEBF5G%)yp6$C>&$}si{Mbxq zp2kr566joTKBex$rMjU%)BMqUn;WRMd8_91;Z`DsMoOKLw*m~d7t1wV8f&?(PQ4fb zYSCI!`VEtCGkC_8vfiZnX}SgjsRa1YqsCU+xvArV&%%!|Hy0{;2NITj@pIod`kENY zpNdv?slQ$vNkYGK&<<`naID;OxCos)cWa3kX$u_lNf?sus;uS%n27+LX!8Qn5ymSG(}jE9s{)JprI7{suaK0 z=a}ijeRyzj$Smmq0sCP@T#c zSoQQBCR*_X&^cd)c?2O~B5zO4hc+%9spk%vmAE3Xm$#}&|Agh?VGA-@Hh@lBH~(?> zPcU+~Hm3}gqRshN0%ugVLLuy5*oj^ASE~%+wUzQ3vg;F{0o2XAE|%8UR!TmFLDm3# z#))3nnRmw%2PIZlvBh}D zA-H8W@dvLr>SYPJ58~nD?UtUv0Rc(vH#(WDnqu@ykClpu&HuwQqor5@JhSYLKc1Pv zSrnt7guRH%S3J=7dQ=kavU+=a?W?)IWp8B!3Spo?^P%3R5;KgG_$r!0^Zc-QgJ6@< zE`bcrSDE}q_}b!Y!<#Hnw3Vs4=pC~5ztc~7{MHDpMeQ?@Fj5FCc~-x<8*ud=+;%`g z^XYS3NfZ|>ZT>HScnvKB`+LNznhsu_-UmE@cr6+C1c=w3o&QF>st@D660f4i2G#~1 zr-fPYdQQ_FB?(-vGs=(^DF?5_Ysg9$K)fnH;`O4n2fY%nJ!b~lZ|?p(@!FhkQe%HF zrSebYHU0&FDwbH0f7@|kJyX-dGhtYG_T^I1sdjn`q}&eqH5$5$hX2TGv<6t97wL>v z5DW~W=jT+bRIQcdt~w6R z4WP6jd{nU*=3B=LnoS4hfUVkAVCU4ui&tF%pFM~j6D3p$)tvu?lP*fNKv7BF00J;I zl@g_1`v3gp6)fzPA)$v(#g7ClqY~xgluw#^dCE;+LPlHmPK6~c(HUB zbl&W>IGwwzxGPgrm|+lz<72vmYJ2vlljvhaqjkkRtTlwuUN2s#aH`b&BO z`xn4EDI9M+TKW|o1lyd?_RZip;imbz4H8HAVp4nf~S8FK*J5)&lj`s}3{gvaXT$`gJRh}{v9wrLQa4{zTvg1; zjkmyvGi(~5BspNJ558J|h08fU4EB%mj9IpeAtHIAD6?#kzui5EV`|#SY$~3LZ%15a z(m#m&0(O(@cy0H@HDZ{w`oEZ3n?09PP=rDiI5xmsR6mwK+ugzGF_z(F-G|E-j>>E3 zdET6$N;*yPD`>scmssRUU@r0%(f)YHnocG>N;YQ}QJd5euz7WB?T zriSX`>TNgoF0vtp%8}Kf+U@AQf0CRB_LT)zz8eV5Z*MPxP=E9y$5Jd1EEb`*Uf6nQ zftO@6ul7S!1Q@oluvm6%wnVJNpqAT5`V>VOA*hXpm1#$Wy-jv~ZSsBytvH=2X6HxK z`1cT(MjaIBz0kk=jr^NLvjwUI_!GiJ@_Lli<>LLR4| z)Sw)R^R@mxS<9TEu!c@pSx1HI@m_h<)<>gzf39!!o-Iw*i}@20E|AG&bD*f#H`4w4 zFGW?*HHVE^l@xsB;Sf$D30rs$9W%v-A>xUB1qBK8xhfdRo^4b=ejxaF;mRtXy_C@8 zhlz7m3!=@M9*h}ZA5I*#t-fTxd;~6gc+h_~FR$ISsY((|j#s^tk*R~>pn?)u+t>Q8T zr_|yKB`1DxpXz(a1W9Kqd5OrwuI9Bt25#vD$;fXO%tKePwUOVxS?ALpt2{@UxevXY z5!4Rg1uHrd(Y(0?KybHUl5~GBp{a7XpO+wb(Qzx$4@1buEB0^>7kBQ3xxJC9V**Oc z)t6xkM=8{udoc+l@$k(g*@)ykgLagQpY5+teHE{tcPQ9e^Lar2q^A(FYVe1mnB8bys-wfb&&@QlXA<1X-r)$__4cw^+%eWR%55Dv~n+J~1r`|m8`PxI(5@-~1A-6}+S^0j0&gsUF3SJ-$GO#Se^ z|5Sr?urN#U@!^ zxHd8ii_yNxgFE@FO{{(&1Q83axq}M%6NhWxcdP;J^ZN*^$H`Z)n#bHN6*?+U*cSc; zD-A9<0c~EYaY1yqyo!}4?Lw=ug7>uVcG4Lnlh{PLEhf#97$m=bnL=)ZRXniZ;4Si` zix_GEV*JDVTNAutah(#BVR3K5;;OvfIdU1ukq_@*nmcgGCZ`u(*Lg>68wxls9wUy&2_ezU;90^>ZZh~Dw2I|XM$j&*2P{CDh zHxwON1$nLIz;mmtOHQwSK>aDr`?09i+tTjqAa?mLzOdp40?S{Bs5i=m^?DwC;$`VV zc~?qiUMiX{jn>sL+`%gMFwuV*yTEv}$Z6m^2QE(Na7)4gmu`e_GR|Kp&l@!gD9-lCKK zFaCAryX^I`#6Y)wT|)qkPJ91rP=%nntx%#^f=92f)`{C@*~vRyGW!HsZ-+hXQnaBV zu?*B>Je{m~QSxnQu}MIfEJsw_t^hw;gN7`$=;+sRlex%ix)Rm=>nht+_ndo+h_lsx z>@L7CGc(K_m986D{NNtw!*DYHY7V+5; zpfQr1inBUQz@}Mna&$_z`sjfDF4H)wS|g8$vIZAb(Ut1s?BsU}M+wUHyyxVJANUN8 z?r>TMn>QqJ93A=F}$>8(aTRpR&eP7AL!@+Y~j6XEtrBT=!)EhMCmH6e#wfvxcE@KR< z&2I9_^!r57irIaB_pabPZlC%gp*xS6<|med)HFejzwe1i+E~!#S_dQ)@%xu zn_{L!SlgO3oD;Z`QW_>EF|#~{N_gL765@ng53X9FGV&iWkpO>|%fb$WG>>H@7@kfY zZq|;%1e!Qs?H;&At_P{|&IK^68~5t< z`uy`FSDZTk+e~i|JlxSt{0w%FBNTRdy#C1JhvlBoWzV0ZUq&A120VoC%HI{Oxx_$Z zBSUPwAND<|i*nKa-b6dRjJEdcXEt4p@9q}7Fa~TlnkQTAp%AP!I`xO+ux%A!E5QdC z%|YoZnp+b|r4&W8W+xw=lB}|nOjaOoObM7ON?f zHs)lwYlPnVE!$9i!2vZXrc)-ft-yn}$3Al{NVAb*ffmhf!)F>TM749X^How^G^S6| zkGnF7-P${vN;_frOR*-FPrd8FAG^K}?aRyQ>G!7>{inOb3O&y&e0{H{-9&w_tMjo{ z&x_p`4$tTFo}t7S(4ftr-F#Gf=!eLziPZ(1B{L!YSxZ!67f5!=1`XXZ4wFV_Th&WD z$H>d)@4{iK37Lsr05FzDzD~qwBE1pk% zUQT58s~~;UQQNTFI$s`q&Tp7r=&NMbLA<}v3>bEVwU&G5Xwp1GH?m+3O~qBs!;QdW z85mbZ&Oq5BAhh0BM|>$a-TsEl3fy+JbAhnH;yZ$Qklx1+6-d-eDP7g-_Z*}WtAzvA zbxCGc`;lBwC6$`oM{%n35bLo}D}g^3n%-yc?u=$aE|5rhxuQT0CRBuI346qJqwSnA(XGzM?qn5dhB}!__K%R<{ zo9buA!D{V6f1tmDUGv;(xlRXMGf5P}v;^@vEO#(F(ZrceOE2buD$pmMbwL>_dBpot z zzFJ?zO`#rcy5@QL=WV1T8PuWa9>(~@9KC?SOlP1oXpt2xiaHN14=Ku8D>JW@$5Ynn z@)IgLUAI&;x#s+*pJy{OOq6$xAXdqCY#usBENY@M?%DeC%p3r7jTc)E!*iw;th&xz z38hyu6ZbO}!G$J6YU_@!%%NXJhO!MUlDzn5Tk+2vxz<}nEsGH9vO_I>8+Xas;R4G!nWN4R+&AbvZ?WV16lvxq_NXif(ABF}{~lis(2tYVs~LW_A>`IDjiH_1}Y z2o4E-eAhJ-nrFa8LZ4q=j#@li7THobntjF!+9f^o7L_IC7WQ?{f7$9sZr1S0;#3?v zdtaC~GKvVj?j(g@)T0=RSbWc0P)YKB4sz_taJpZMsrW5pN;uJb zG0N-i>{i18IInt}w^d<+oVLB4h!I2?%qExa1ZxKq<*Wt9lC!jG6WK*8%3>l?r1s3C zn9uiNeIo9Iwc(&yq9zR6X9qFQI4Wdql#laspRiS%s8LtD_A)&~-iNanmp{im>p(_( z20EafspKe08irdikCOO;9(X;MfMz~{-VSMLu0rM=zua6zk|iA7oRIV5dKz^OUf;C6 z++J_i<5%!yc=GUnTgCCbnDZ7ih2OQy%lQb(*@_%zki~PTu_UsfR=)_Q}b zclq2Melg|!RcqyAvXNNa%y82QJpY9wpZS*~Wz)`NVw<H0X0j`^y9=22Tu-_V~L6 zxF0Xp%Q)fFQ1+q9hQ*x8?ZB-?ozQRbRp)7CAF6(rx*mNM!SD&9Ju3f(j<6=5D zgk9Q@wY&>~uXF@Qc^!!2k;j(%)1!*=dM!&KZRw-9etZp|YAH;YjMO}O;oDv_nPd_f zB`-p5hi2Y~l6>j0%hVLVbtQ=89UQv&2F=n-bw6+YS@h zde{Fb9KSn{i4bi-Y1d%hBI)({YQf1>7iniUIh@su`6gxuN2>|{M~H6;#_N|rn`Ajr zqR6Mjn_s@Axam0Jkd6KRI84i~d6QKU zM8Hw!MV!Z7K~@DDBc>NE69q;6zU{4`neM7ovdY`JEg35M7H~3YX*>ESB)Z|Uo1dZI zlIv3e?9-;Ej_(i~EL}*@J2b15ZszcD5w%!jAyu`ml>_XJDI*S*tD1bcqrGI%%jjJo z@6V5c<2&$;j|40Y?7Z-u@ykc5P;kG5eIBM(`m&lLg&ga%>NEXjAv)xs!o8sGu|%|m z_bkz6ZE^|_Vyt5r!mnGEsUDcViXG`Dt}xifD5pZ{e?(by9Xcs5A8k9TXkE0@bz2-A zHP8O~qd%F9^M=%Ujo%pfX`I4tP|7%;8;ZlI7oZ&|Z@rtNPe~tNHXjBzL#=OKx+p%x&alTB5^kZs z_u2Fxm8c1M?{J&^oJ9NGx>Evlx1Uw6nSc=$%WWyuM)R=ZbcBl7-}1f0NvXw38GYT_ zg1U=~#E+H5`Pw=YVb|f*SJ%oRO@?!xLISVep0H_bykH&tgkvlnj0+#c}w4r z5`M43C^I6nmg+dQ zoHofjJw$?4xkGM+na<}F4h_-FM5a2q<{_*O)z9Djh6iw^Dnrl?C-9w)?}KQFi8^C6 zP8Qf7XMG}M1QJcYSm`9Z{M5UEg>WTx{XaatV{|4>v@klc?L4tEn?Z9AFRwr$(C zZJQHgk}u~y_uL;{RlU`FRj=w*y=%kuZ!HeFtN$(3eQqZ>gTgT`F)G^&Oym0X#$Jt} zwfrsB-qOe!(OEe_upvgQ=hj!4IU6^&>%!MK;F#$6nrf8s9e#3nbEb4pw7AVmT;F`h zl^47lj0U*_MxF8zqwZ-=ukVZeM$`ET<5l~nMrYKC50tkwRr0YK`d4$J|LLPb@Z+hS z+oe;0(9%A?2~Hakk7@mLPb*u~j1u9PbOqXj5YlhGKh z70U~F>9gY$it{QZ{iksw~xJw3g z*DjiTUWXuXrqo3+Ok|AGfM%uP%b)1T0xhoFi;jA)0_Td9lLX9p4Kp4aj>xBOR=^^h zAqM{#aaOrDBFZRqag#RbL=hW6Xdd`QH32qgq)V=Z*x1kBi6Aqciz+!blJyypDsCEj&Sss~E-SiDh0JmdlEA^@ zl5k^Hn+c(H`=F$%V1TmD$@RPf%cz|q9bhhJNVGX_AVlF4sJ@o&E9F4tQb?gBLT%B7?6zxV zEaZMexCv@RmRj0|ZalOiC*>3|Q4@n=8TjRDB2)AFLYffF`a=u-yA7@suFfmp?d@6Z@La5h!VaXT)FzI2AwK7 zk?$<$I^sKcX;{W`1&eB(_N*{tce;%z`5rr5_ip?acf6GX1~X28%ky-sof#g~(?b4H z_NB=;8zUqjV=S9%&``W(BzT?@W}J>tA)NPMS%)%u*bvUqd>f`I2pbj3Mzg$JoQr+x zP~d;Z^8T|p&@Y)nT3nok{@RZvJi?-$i+C{2Hv{ZgHkY|k;LbdGR-3+=XP$$*ROYqd z+S_iBgE_4q9|hN-k+j;r(NlADzc@Sw^cM-ei?92CnrgUxYB(E6J&%HYYLT3BCmQ=s z>@K}(Z&cr_ZgByZ9)M=||9oW?O8kf;AWsK{)1(~D3b-{xU-u7W+}s65Ef{?1UUl5- zgjXwU{8mRY5bs%rjjZ;8$#pO5Bhg+3xljhq+i~&_7u7JvOc?R<(@Nh<{R4$N*e`=C z>eqFWju^wE1t=C9^R0OWN>B4b>D($$=Zc+z-b}P9%-YW8G+WJ#zAgW1>pc|)Lna%B zoC=@i=E(I}S25^gU;*dXtr^W=hA+9rnOe547WD#6=(paEUo4yyHD?LJiLr$Bw!j_S z5_}a1eBuu6UaKSk_xOEv$J?C!!a*zRF|l~vjQfZK5wqBj$S85 zQ@kZLKlrU_=FV0FOUbPzz|3@bRea#j?QZa}{xJy~o$t#J12%P#S#$^$rGaVd^V~BK z!=G85-uFKbw!hy#ATgJvUId)v&2FbkgXBCobuchi{sloI_-u8u)oORO*Az9gdvjhD zQ06azEwqzF$9t3=^cB><_i+DYirwEoie&3eCa{KeAsu+Iz0t|UsHk-50l!NOSGxM~ zRx?3!v(i$-?-K-H$U(#@MYgEY>+CR4v!h$3Q(6ZQGrb}Sys#kK{$bE<>dZEC(P z;U&OaP2=vcjm{UVUF+6@bD|iKsP+_80{;6zT(##JqPGgIU zn)$gRQmEZ`!99`0=>tO-2)5*im_()}9brKOHw}9UP=~oetD@LPIk-tFv4sno*}{ZD zd;n)!G9QnRHi+Ti@nu`!@#X|rAmip1Amf?|KhS6tnoMQUuN z<h)oZqt1N602VNTfr(>#iz}Y$xdMJwK8q&^#M3*b9;Sk9CbEw zwTj*^#7GUy(?;K!U+BB@EOIvUHUug^lRdu>wUVAtG%0r|;wCt9^BMY1P_v`mZ z6q#4LVKlj=qz8uU+t(~f=~V_&bOnTPR|$X1{HXPt|FF&p9aU6~vk%|e((4e*Sn;1j zxwc0Q@24U?Umd(RD7@vrEud*?3_CU=H{Uk*LNyNJ31d@BosjC~0*zX>*0!Vu_TcH| z15(SN5P#Zpy7aw-U1x6nGxb9uTQLCM8Fz9OYgDD4wPdN1L9DR64g4Q8NJf}C(9K4~ z5k2J~aiq=VoU<;M*c&~ym67!FKjEPbZ$oX9JTY)+FITF(op9&Nl$-MaYJ zIw_Qg(A;M{{Bb?CAU1b}8wSf(QeDD)CC|N)NF0fuAo9c0RD`AO{<;$=UJoUz z{s{H^dk&!#fkL)YOEE!g5`~ZahyeA@z8RP2R}BaCJ|CCY+tN!Y@IB%r6!`Vi$K~xd z{nz=4&+(C*{gBtT5(@CWgOQ%4&Ihspm^{lBWz2)%QkJm)Bj<+j@Q9q z&1(k@Cj6EPOEMpJs&pf$=D2(xgkUa2z^}m#5_OQsY$C3%(GXa)Xpx9Anp150S_^*U z>K{B)sxg;z_q9{0zXsn=Co*irGapJXB5RdU09}36pUR85kEsZt;(~*LL`4kvYJ3Z% zVW><=)1juhaFvUG~GFMaMR zmIwr$$5=Oz-ox+>|04%u<5vh5S-mrzVJ8w+#{}OW_fMK|V8M-iQ-hDEE_|)FX4b>o z28k{s0nEgK8ot35ZSPoGY$kK~7%U=^X)J}3&`>VJtXi^uzOm{+STG&iiIMH&9vPZ_ zHCI;cAhzOE+e$SS&onyEkgS@LqeZIMp!%u0iH+rHL_W5t5bjAF9Af;heo&Bc@y|HK zlLTOMXSS<-;a?*In0rbTT@B*vv_sH}1^vnSPkm8_v;12XCe`Hb74nxR%v9u|eMM_quR>IT6aEbz1_05oH|82)Ud2}p;} z!kGt>rH7}AUnqD(vnU+ep^wC9EzYLH-Glh$O1tbl70;-(oN<8QBBbi3^O_fIL}~pg zj|G3T`1K5a|4MgI-p;A4b$unoGZW6Hto623Gq`x=%!T1aqTHd@8N0V42udpb9`T$BxMVe)I;n4d8cil#nPd8>cmT>k zc!%$^qx`VoZ_?l_>0Ll7Ny3f6kXbbGnM}hvxHRJ$m@YCwzMF<1aYbJ#vgivq*n~HO zZ4{dA&em<6aFo`~uX(HvUHcJ{dOQjjuEB7UYYh<1y4BoFdI^l*7CbAat!G%W$kVgh z19(|5HSR-JVOB4Mdg(+?cRh=p^H>8jJjwuF&;UkR1GQlu%3KOtS zp4Nf_BWjgZzG7O>e=ElyI;yKinGP2=>p)oLx+WpLtoSb@wkWqh$ST&|rIiY0vQ+S9 zU0SeaTfUTi^k^}@a=kYYujhQyR&S22^h#U9+(KV*!}byr#88RsB`u(8ssU#%GQBIQ zOYZnV7j#EIw$yoL7f5+sW#s6CS) zVXeP+-rJg^VqhA|_;XTtqve=B6z{3CMB2j^u1!`zaxso-b3&%GC9q8H1)Ci@Fn;Ds zBUpwVmS46lRK-oQ8wX1v zDXB=Oit>n449c7bV9?fMc|JZu@T(X!x{j~2fj_QGVE3f!+~_g9w64=L5rZYSs1UQ% z{Kek<&F1}vxS5B=l4xyJ3P|8jErtUkyTNFr=Ch=Ez}z&PTc7b~V#*C65*k zh3CsM&Gh3jsi7T%rQ#uQoAHvt3&o)XG^I~uFJuQrMh|RWcv96{C$1?c^7de#P*lUH z7+j;WVT;{Uo0l3F@Y!60T60~-%G=I$P)<75AOdTkK2Q1(*;ahV#vay_3C#SPSa1=CoOgxr-7_E`CuA%gEJbGAqPta;W)*sFdTqLn zSj(vDa^Yjx)gZ}bg2Zb5prZ(JROA|YJ&h8FyiFFN&7h)bGW_w7H~!$nSu=6F1?MM- zf#olxJvGNyW+UXAaM_x4rYKl5!=@DJK=@JEmdTbS4I9*COqn2{lz_UTnYMqV9 z9G?MfjS)=@YCbCMO(X6#PeLhySz^i5n@6P~V_Y9bdBGoJ zt2Gb5@<#plwlFhrFw$qvW*4$Li#n-qY|Uj;mJ3x?N2mbb`s-ar2!cM!T^6|1`K(R+%4;w>N(c9~l{L1?A9hMaA>!CAOF zrNATj$~pGwK)Uk?5_vg%b_112t-9B+ftFNtL$V^WX^d!Dt!3QN39N@=*r^W@H@n+X zvSpqs>ksy3jHaojsxnRzne7VCgr&(5q=B=LD)C%~k*e{{90EH$6{K<6ACO)`YWH;$ zsGl?1A-#%0wTcE}Pi4&(6@Ji2-Msn0HBuqY0r*_h;oIw~6IUCx6AwRVG)@O0RWC9d zmLp5eIaqbNI^R2uQJ}PEV$3b=7jQwjb;xXo;_u(>g^KAU!?hgoX4?JiFFW|m%{tdH z#dg?j>HQvkT$!lat{7Pi7j6lX&K2zlolCA^_H39Ioo+RKQH}Kv#~W9>H+UGy)0>VI zT(Is{>3U_(Z$k&jktLw2#ycw7Vv$ptG12HYW>|64HEQ88HPSXRN#)CO<(*q1jWEk= zxoVY?Rnuk#Mh4xfpvq;mtVX#5nAxQ$uG5lEOe7@3={<(ug_L0Ym)`}jN`&NRkP;Io zQ01Sd&1S{6*bozab#Jv~?McB6!S%4K*`sYxE zp5{RLSD5%OnrvbXV-BC+*JrHXE6C@^=i9?XFa6i!^6IRf_nRI4*Ij9?Uf1ipoZshR z?$`BOs^9D3s@^xi^9vIYC-rBzm#6nd{W9|7Pt&Y-RzzQG;%}8m?+hs-YodFJp~XRL z%<_M>Z{B}TPZLi=SMuv_u;8>p%N@eArp-_4UlDQXPvNwhx`BT zK%>dE`YA}uznvmoArku8Xv*woCNv;#;$`V}=Z39!DI)lFmRj~jco}1K=UwDMOV@S9 zEXryI-kZkL6DXm5CehcbiTdIDFO_|11js~!&R#LQBOeupPI+9x2$pqFI#u&-9EFCe z_8&YUmV=D{Ojf7pC)W`$bzZ82NKp`M$0+x>(#hx=L*x1?s|ov}*zg46d+E^?PUWx^ z%RGRqUT#xwI{#Ds%{C~s9IH{E%#f&DA_k$E$9S;LiZ9cFzCzEI3AUOTCh$;YvkkgZ zTh{yLKJuM%&wZKc%hV6a?8N`*!|wUJ7Yg+J->6?+Hw>}^`h4(^7X;sW=xT@~0*jsV ztG$@523+CWZVZ?TwYCk8hO%$2! zauhf{I=gw)IdBlX!VwT-Bg2-n+>GRPpAU4N*o;?>)VpSq*8ghk?hpJTgNSi z(Y7Z%8OM=(h#bIN-eoAleV^DOkacPy$*-9*!Pz65CjVB8Op~-AUSxlE7wm4~@PZh@ zR@v%MbOz@!_nw3`k|IIh>}1X7`t0tw?J9$?v~Q$O!XaSSHRmXGIgW2Qsb19XG{~a} zaF@|X+9^=- z1Wc7us+3&d$4jnY7RUH7eQ`%RMA!LF%rVMJI7S_ZWZVSIO6Er3Tna&QRx{;xe%*x_ zF5O4ui&+Ww*`)AeX(U-M zOcUL?n#Q@M!OVZnBvtW~q>8^NNxu-3K}+C;ZfpKdaG3K#*|Ab_Ox1%QKToHza*84w z?%bX_2v^*^$U6Dvubk=3-nA*FjYJY|N6Gg31eKYebC7AVq71s2yU7gRsKW zB*SrMqoFBA)zcg@Cf#bpafB8eA(<&cNn7DYZv@2Or{S>58XGayN~gib-xcTydN7p; zdV0+iMX{#|bo%&qC7x2>nYBHFcZGfjG+%^Y}D^zC8A|53w6>^w8f!s;Smjk zf^MWBWuY&06tSxLfFAHs&4+lZT?}!T>@AH(QEs7D5!y-W+#~N8d{)$a1(0{gp_NpU zfKuqweU(-t&7;oTc)@+yUg$l}5c?Xb4N|(Uk3v+KKgyft6N?;ZC(@K2Q}S_FwjeSu z0_lHfrv=Si8&?%-2}l`s=q#OLZVaEzsw;tLxZkeRYGJ9UE+PSq$1>x$S>+-A+KuTl z?dbIJkjFUK5KUeNBB^lSQ^GFk1M&{%oRCs;zx^ZJTbzjSTbyDs7w1 z03@d2F1HIFZ5x4}p~4Dc#&=b$Id7D-Q7oI*$!+-2<(7YV_&iZCj?Fv;LXLZV(?Py4 z<>oTiV_3XvC^^w)}d@c z8iT-1&GcP?H~Ow#p8>|Mc*WL9^Ab;rvHzycAy%IZ`qJMNkxYiwPDL$7hDBzz0~)47 zx}l~{K)W$}-FGq|0V;*mJ(f~x(VPh_Nm}X|Z-SF+?`iAjY?)$X9-)1^-G&1Av);xQ z{;lN7)@X39c()yK$bU2oE)+!WrIik7gF}9)zu=n{MMT<@!A08CwJcW=Cu&A!W@*_h zjzCM~T%;?O;1JF)lG$EXhp(FDM@dfH6VE?PX=PC z%c{=4)<3bgiTmW*BzS9W68MWx@-6V!&Nk?XPyFk7Trd2HFYR~6X5W=_)6YcPfHb0T z4)t9<;<)R(f}4*1z&xN$W9FW$+Y@et@a(AgxST(6xfcBBIXkA^yHxt5Mh;WlF$$|< z2!4$h^OdD<1ZKogHM_V=i=LUyghA2Iy}~#j%0J8V_0S_=e-4GZrxWUeZy?eyato_< zO#w@RMAH$qQhJvJbF!Fv4a_rRQ_!CAJKF()n!40C+a|ttb(E-97z`PuamE-S3wa=e z*yBu>$;5VmAG=~`a>BzqmCH7#Hdk1yR_gzK%1f1H>&rb6g6Q_=-qcp9G3pOkh@1rb zuFVQV3w(FbMSnbJsmcXTCezm5O=hThaW(}mRnH+I{@F-&y={VTPPBdTls)up{IRjN zGLQWH?&o&%$@bqE>hJdf$L5o{q>R}TV*5gU0%zOwdD1Ya&PKneTovqhf$?++x2(i@ zRCLO>5m~TV(mB&52*qn48Zh1Ti4LA_Ii7h@3CQ=l{RmpsT(i!VW?bQXmAz!NZmD*b zHwW;bZs2{kEQ;lCpB2g5b)#MsXA1s%QY!0>fwpN5=UVHT;Y7)-mOBogZUKw3iLAh@ z))m>Fi&gG7Y~-<(iJWdpc4d3Lzg{jW14i0SRPnQNCb;UZjyh=5<8Y=;@dU5cu3Rr8 zjS4B?MOZP-L@v6617d~@1r=Z+BP&h+EsiOKpGSQVZ||FE29Kx-O>WILL6pM@p?k0-hg*=8_&7N!?VOvVJ z>egVB8VK&#O&lg2_qCBM1 zA*OmlmqZ>D0)YW{vynulJBRn-)Ec-$T}oSq@tlx+hh`yGKMu_MtqOWQNG-Z=?bgMb z9%;qXR-5y9=fLAu=1mgS&O7JN0*EI&wCu}_zAoRJhV$>izt}pn?aP_VVS0Xio8SxZ z-8}<}J}k-%q47Q;pee2OocjX+O6%+7P4%3Slt`8W!LDkwt%Jj!hN8_vN(@eRkMy+o zbw+Rfj##36CaTee*QWdkJ@J*KPd3kNHnW>Jj1q03RyloI`%rlEJ^PKP?6`s!1pge@ zkH@qo1nxDak3iYnkGHS|?j@d!0pTTX1-K$?f%_l)-_80^)Pqr>@e&h*xsKb6zmn?n zWso-y#oc?gqZrDQz$ed!mKs~zabI5I<!n^9c-o zT!MFs{i7PN-GJJv`wLng{1AAcYVg`UDg${uK5|Uy!VQq7ZW)V0x5u*mAd}O2xw%Q< z^i^nI4D7xN1+@g&i07#;dXmdir%O(zFKxJjJ67??ld%SWwGh|`fiXT$b1Se=6L}Z^ z4j(EbF=dmjieP@^wr?`WGQK`oukeh3ggWXUQVHnTHkNYgfJTWB#jnnprq+XMW3ZNL zsvUQ3XfWM}{#!NovQiUmYbSw|Yb6Ql39he)hr?0gneAb5{lXh1!{vHA8CS&!sP!%1g*oGnfCa@V5LHs4r$y_?O}_{?EA=30ToTGG%5iqh5MvYIS?6X&F!01y?5}Di zM3cq@AlpiA>_jc0*tQ5T=8ic(hEIv+E*LL?6yTF?%JV_o_0&CK<}<~f-2W>VGRE7U z{hJL}xcE4;N0it(MB zN8o&~`+=dU!8 zXi1@1A)BOV@OkiLW^Cvp)N3eIaSP7Oe8~xUQj@ZThGE5ddD7xSIE{YGjX1Qb;-5iC zmA;T_T^yS+*yi}2kSYUOx_k<4V}pgz|nCqTHd z=}pQ~7nXc8SwVg{d;eMj{cw}}zy91@UQ_P%{0OoG27&)SxdLLlE8w{Q{=e7Nv)UIF z!~2*mAjWrg27&A21aN*70sN=N#io)H&Ht*i%(f)8uG5{Ag6|+0>`CgrGIZsv*J?Cl z>YM|kh+YIYz<#Hw-KBmw6+x{U1Ssjq5A)L>vVXrYxd!@Xwht zh!urhp+;RwAFc0tCurz)x9EY{PiZ9^P(eEfGTi)aK? zI@Q@xVBb8}nuiQZ1IXB9o#<>Aht`~&G*sCG@dwQr^;{HL5qew9#BFsq=)eUqy$n_? z)+)F3@2tTq&ug|>b76FokfU;LhBBV9KWCF7^x+3wMBUBOqn`R5__)Nh&%K@c45Nl1W4gf zkzw;UdUk??PdxeOJ>u3N&MS4xzt}qiGdHrU0wAODYXHB>^l#YvOLUUA%Gh?wDhoA8 z@K=za3M5TUWMs%7yPG3uw)mF}$hS7xi~2t|`kTxPHdsvRxO#+Vb6n`l<1Kgx%TE#W zGY|}-u~!zRR}{ajMTtaGN$&e?TX0h01TqiKPS7LO1>eZ4&XUNKt23m`HP~iH27ecm zBtkRO3bhx=dyc~5M`n*tFm%whRMmS?XrdzJGnkA+Z$s})rSu#laK{XMko9n9qNxfY6=@Xmk>DVf9v7Nkl3iFUFyhMG zK$270AJKS*5e!Uk91^VlB9$1v?1s zTdi$h8_FOSPG%Gl<(7epgmXVls4`%t?jV>bBI2;!w_e>nn_aol4uDW@>nHMHI)Nq<{CVbfB+=h9YgwshL1} zek`s|`mQtiUXFp>dWjUVTBp=o5k~|@oT(t+N)p{&qMc!4E&~csp>ma!jq@HD>ivlz05M-C}Mr(r`cDJ*r1j5bj|dg>YWWJ^ll0(RNlJf{02k}X(d zIzU^JM9erF{d>uB6;jC%Y^_-X&hAYQVu&&)ktaN6w`ai&0V7p2q>t*Exj&V~cJb;v z3~YFD$cZzf^40r$v@jCEOw3LW{@3%kP6&|9X~P(&u~~g-fbEYPlqc)nVc`6N>jsDA zz8_84(YRux1gR@E(VtP*6zbFFL+yGeQ+Ww)fm-((^6$4(1_glwZp(6BtF3ZaSRY=; z5{w{&{9jE`_9rRoJ7DdG(7W9%>oPe$y6@*2Uf%paxpy5Ilrc}nnu_AMKmztO@di$9m9Y87_Tcf{hR*0 zjm>=bgdGeWf-(0)aUM>Xk~Re3`cLYIz8AzKHdaRV=Js;&bYe4%`3q3l^bri_`w_tk zuKn#QrHOSPzh4|(T|7RWkBfAwiRQ_Hn+JK)6fZ)RA^cRJ zsmOy$C(w+D8=t6jx&(5=HEiBnXfC(@LxLoQy^J5DUC8Z%T4EF?mdEFsrz4*q!)R%) z%t3o`=0z>JEF8}{Qn64O6RL*=#-u-DhC6xY^q>oq^W5e$GCDNcy%KPl6HR}isQ_i9 zbu%+sb#V)FpgI^78g+3%JJUm63Bz>hnqEbRO#{V-2#zYGO8$m!w%ud%PcSQRFw-)c zVCM=6{c~;+zdQ2`HPMRQ&6>AYhCv43Y0T5h{Nbn3cN#yj_n9KUympwTysRcyZpqYI z(JFl#-o5g)anQLmD%G&NcFlZ3$D2YyA6ulRI^}&L+bek*?Gh-<%pCZ_iQT3#xa8)bXsB0Sa^b^7Zc{vG@CQM{f0a*WVKB$?H78-(n(47-huB z5uDjSHszWt;(wwj{N&Y-9UJx(vvWRTv0_*Gz=XA*3wbyS`H%^<7Clq7j?1nxci{19 z#Uu7-SKpOq>MdtWwOFX;tMeoUB;hlw(`Q9v$}rK*--zmvjpVGEoD#PUVIHk)|E;hN zbP}?3{9A4w(7HSOM5Udc;q7z$$V=3?qvXX_bod>i#|Q1`P?+p(92NGm5S;uLHBOOF z*}OmL85*uk7;LxO#TMS+ZQPkwL~?9+%$Hy-ph&wEReS(EJ3fY>ultZY6`4$F-D6{H zUR4hP#NQL2^MLHpc`VG~eKXm#uLDsN7a;5m9U4`w^b`37?>%7AHYNkN9zuOB!Ut31S6OIEgf5g+FgM$=xM_Ybg4$}PM9Wiv($bWMH{9;v%1|ZH+k-#BSxY#dQ6wqqxu?-p1#dB-NynFq z#<_cff?(9ym0g~gytUT~-R+b-yAcmY6GeM5i2P(0+G6qtFA>gD7~S0K`E;?KmuD@< zKBY8Nh78V8i7`8*o@4(?hJm_)7LWkNROrTYH-bdnq`^WaJ&(1lHR7U%W#GWSEo`hI zB&7>8=!(SD>Q#zQ4Du|Nkm{0f=1&L#+rHy#g}I;`)$?~dQNS001j{7`?&jnr*(9cN z=h9!|=F<8~pb@f=Gk7PHur30W+u#n#35IiZFCng2PBT#2+wjNvyW;>zn_s&ikM?b3 zMf+JGY`&Fze{HA{Du+Z^JZTOPs2fkSPn~HJKYXTWAY$s_C~={LlpmJ~3X*#&;W&eW z%}T{76nl>fPd}LmYBFc=fYoC(6r8tnkc^Yh+(2R&ENf<_oeiKYdfRRw&prR~Z1S{l zY$Et`N~3+HN%TRNPzah;gv;FaMqyQ=o84_3Vm!^1on>3q_%Hbetaa^f_^r zU{p`UR+k!^2&On)N}-aert%RT{^s1c_zSHp+CVq1V2trLR(gNGN5e-Dhpy&t4Li7xgC`5Cxi$#NT9r>^F!bM2|DFbPR0w@K1 zB1jlD9qcL#|CT&HoV_55YMomyRXtc_+?|OPW>96Oh&XzILdb#EY_EMktoFZgydbeJ zN9YCHnmha=+P%YhH*-xRE?^l( zG1rzhSif3dgP9b!f$$5i)GSc#Quu@!(c-q8jtTxYp*ZZzRU* zP3w~3R_Ms+EHX%`(=K(bmC!+>YvPl}(zUYTrT~QF@yKhVH-oKl8$VA>y}9+-0uUAy zfH=c6M?SJi&!HWOLSkg043|9A_M8;M~uKLADm_v=?6s4jzr{A8vrC@@4$b#+; zUuuPjIgs(Ko-hd3AFhcRiaE0WYDUBXiq7;g83W__$b!IQ*zuq*s(aXNCqa!Xc)5Dl zSy}mD7fxk_39eUQCs&h2j;z?_6wk&pPp2>$I5{(HO+$fL>s>mmJT|ZI4hhaW=DyrK z{0@@0_yG0JHT!f_>RwT-nTeLCBd613=GkV3ZF9!_9Z=tz@T{6^{urAL{qsjlHo8)lp~)n5%U(l&QI^VG&fkxi#OUY^L zL7cCsB0_O@n#-oAreN|@p)1hQHxO7^gs9% zaqHC*sZwSaWhg~~?z!&o`^(zicg{L`9+_L!zPa=H_4&|A{8+*(mZC^6t|-Ai5k&Nj z6HK~%w^TTpN$!-%`h(8+TA^?c4X_gW@fbTXiWmS0&UJ)d3KXFRz3rP~uR?Vbdgo)l zuFr8m2LL!q6Xv8|YD6O;tg(&n!OddFX~5MX$R?D~@s}e208BK3iz~l||BVQ%XaGr% zQ*w3T3Z_amLFeJTsDud9wo=QoB_cZQ=HhJ&J|F7xd{Y4l1~g0dI8xrw(-^@|E4CX~ zmFa1vygwDKVns~B799PuGbV5;gSGvJA~|6+cdwCRA7T;6P{u7?(h6q4)?c_<`VrSBJ|w{TF--6bH^)Oy~nO=_e1abez<%*0=*bam0B|e=rj% zGu>DRT(R*>oh=3~*>mB8QZ3OT+GfZ-b+Sj3J+zEy5jUunL=F}$@Ls2OoU3;{l%S&e zLm4F8!Xnv}w}i4W%goG?(V|0}iCd^AS|%bC4F)JvRvgy_G*zxpJaa1-_Wmqb4CF*u zp7vr`R(aYk6AP)+MA7DUjlnijKys*LZm4Y_9aXrd^{eJkq?JwThK_5UI<`C}M+y%4 zcm;>`sZ~{m+J-N`DaNxCI7*B}pxOw)O%#hlB$zvGYxi@R6N*mqmNf^}SaM{(ATkQR zrD=t2Z2??sLto0uB8b+et{ASRsXs;4Hi)*mKBzzC2ibv#Z*7rm@uixi`5!_4|3dL` ztp9(8<{z?*&DzD3mA5cvv23fikDht0Q+>_6_-2cH4N{^>*d^p}mFC$rU?{eYFwMG$ zmIfVR=O;GXHb@DNG>3=YfhL6pi>3=EK}3sGMk5#@(KeT=>xN*(0RBS}J?}@TX!P6} z{rmDLGz60}cT{4Lyo5%Gf3RxZ*43_1f*&gidzOS@+IK}yF;DG!c9ew{IhOJ%@7VLj zZjy05hGG4^qCS=QMT`O5J!xd`j|7-50jcj1t7#bWa|DF#%+X7woBX56k#$u3kw4bexFK%h5$gzaJWduK= zOnSKJ#(FuL=8pz>O60jBZ3B=qE{f^VI+~VqvRL#CBXtNVh80rw3e*?7@HjX_H&TP$ zXN+Z+iE?F$a_}tWS-&&Mygkzl%fsfTB8IaL#bX86y%RXUl;XLm?b z?v|4+NawS3wJ|6_i8c`FIue861q*@LwyUq&37lmcmaX!v!k`rE(6t~4$u#KV5CxLFJ z5Z6{9K8{@^Cdvv~T|`j2Ine8lU@ce`tU|UpH`yJ_$gX8*#wY6< zgl8xeBJ(qUJPwb04i{fzc8PeEg7bYQw!(3e+P(xOkc*z??0Vd9INzH#5aw3J-zYpu zxl~&X$9Xw^(knZTQ)CUWO3_Dnx6$iM`|&VD#zzmmHGSY4Z`Uw6?Cjl5%0#eu#<;lTAd^+#5>W=sOdQye-Lm2Gc_}Q7#N2BgvXJ zP*{T%yftnS3j95saF?Lkp^~8lSbI7o5 z`(+L)p84mZ^pjx%Pt;wu3b1(xuk1b)l+GisPo)!76Yws8FvqgylJ2y566~Ei^X3bt z&=-=#haTWH8V2sx=|28C_d=hSCJHv6n+PG)X>?$N$oT>Tx)EbPtcve#20qC`oH~DBMfn{};)M z2b=Bju_;N6W8KyQWk#?I?K+M|2m*u7Ek0gmQ z74YN6--sFH*Q+uj`?|c&E?bVDxi(siG!`L$(c60XD+Z=S zjiTt|bBZo7$HGjlj_63kY8^Hw{BnLr7fEx$pbN^78$egn{B4#OlL+0VlfD-r)>XI> z=jPeLY5Sse=B9e;YQKglPv+@zflxam=E+j#?C7y&(@p7gK3fwrn|rPAB`DdcS|;C^ z_fT%x6(VhSl~3Tl_iR}gxR=Ho@zU!Q^+5a#10w!YQ71&onFk5oEX(r7Gz^ZSm5@z8 z3=Y!}WMcyn;2*N~Yd2)gpO7u@di+1cnzfL1A0mKZ2wZvdzs|Xdkgc!fhv5ADKLUy$ zwz;hzo@llq@U@={)GFnFC6xc8^2q-otbwZs`cKH-52^nDN_l;zj`QWDOd?45lAiGp zEL4dToBKm6OnzNS5#+}6u`@1YeSF}pkYT#Myq-GDoM>TW?Ip{cgyzc3u~|Q8{CjVp zR?)$a_-y208`&X+v}qCnDPJo09Q!87JG_7fKR>BR+nGZJv{HvZ%Mzl-=J{m6`3k-2 zZH-1sHRKM1k7`$9rx7|(TN`Hu-M{&-?Ntp0T@TIP0CH~z?ey%N$5 zy2I^ShEa}bI}sX-@$;NLg>s1Yb?5_36i4QKyGa0o%=Boz-oG|w`g(&Q#3~fhv=#vD z$5yG)8C-!MG&{Kc*xv^{4`M!64C@15Ci>P>ONdm4=>U*PMJH(k8Z04>arA3xjnwa* zO0+@BXq-nJQmEJ{0tJ)x4l`rZ{L++?_JPG<>ACWIoKx6~sX(lC%fajX*8Hen#P+m= zAt($pXTj$%{a6CQl=TatE;ENxKDx=JT;@V;ChSuco4W;C=3vqkBJ1rX4P8;AiP-MK z-slVwv>z4Y;7e7sxfSvGvQMD4`~(9PdF1Zl76q}~`f=0Z?Y70@vkCMhMPGv7LUlP3 zXs0FS{iFuJme)Ev+|{690_z3j3CV63v4|{6REdRCgsYZ-l{z;Z>?+PV6cwkrwvQ_nm6+y&=oKEUw_AQ@yVoZPEzIb3z8 zP6Na#`0+Qz0GmP>nFhsS`tnP)1?5d-XBlx>t<{qVHG^&DH&!p1`^})MY8{bDVhhYAmk~Qx#k5y(Q3++ z#L}QW`rBJZZ=_H_A?1)nBl!Z?VPy@gy%73XdR`cx0NFT)yp2X_1B)|Jms{XAEkz+B zH1i44D%+eU6;b2>sjJ8LLZ6{>3%mDEv{0Li7s%AmF9(Hox{}898{9VE5s?UXG26;N zrSnuA2T6zZgt*hpv>qbr+|=aSza^IfPai}aB)2z%ihv&yblaQ{W;TGNqWLw1Vd+kX zv_rMF7QRF1HeQ9&nC*A8^w~)q#*<^>xzIT7p*UG(p9?QClZ(?ulCNxLG&c=dv@e4_ zOPL{I*>Uw-9KTrfshN8$cB08G&^5VnY_mtj5-2c~t7CpE9o5{|gc!a|TDqZq-h>Ep zGuNkBQ6@+`EKmlF$@u)qs9!#pE_8HK{eP6bbBrxP+x9!Q?U_BcZQHhO+uCE>Gka{? zwr$(?oOzx%Z@%;Wb#ju*THRGw-<_;fvbw8&_jUWL2tc>+wlXbXRXp@KwhuxYls^u0 zU_edKZK?H?)pk;dvtgQX(~>{sZveeUY?ghTvIa_STHnd0596cQ34waNE7%Y+(kO zJ!&9sN*6e!;D#qfI`x?`Td0IR2P`((X5(Ft`s(arAGmdusnP8rLv8o8XS$~6?*kfo z%Ptqs!HL7WqvdO!1&grRln%nYxmhED)c+RcxQLjGdKj?#bEgdwmH>O z9lQbfaJpqkBgBTSgzlE|WM^2}Rg}AMZA1j=k6L_GU(U^A(w`F8n6J4cV{#lsZ`8+J z((yP~-R{Q7El;lG7S}cI$afWJI9zQyuvc15UICiD5fSG)wxC7kjneeEm}>*oNXOlg zhJ}!C(n%|rpSbYq4jea|KIS~eclY`G&%(p(Do)rN4Z7Ev1W&bw@xR@cBI33;d{BN8 zW*L-jYz4T#17IHlQ9MB-N#WoR2bzKLah{CQFBmNCmEn}YQukGIu4?NSLveT=+~#tJ zjyUuBSJ+K`5c1SdjctcSua6U^gGEu81$+TmEl*3SVR&}t*N z(0f!GdF5qqe)dQ=c*m7eNz1NQ5IZcgitk+5sC8n+) zO{X2)SBmT#S}-G_GoQMLX|9$_WkoxOe}>!BfSqZFg8awjOGeYg%qdI2idEog^E)pbwajh)+C4|7U)=q`b*_qL7 ziGCx^P^*Ewx^h&7+?X@;ko6-T0$7d#rfMW25-|e@+GSTKL;WgVZzc93ptV66E1-QB zO_$5E&cozdM@79Fr76`x)aG7=#ri@MK+Vl2Elh9r&Ekfi8+4fg>z+%b{f)u$)IjDJ z$n{}j1EQAjD}dq1j`U27Ud&^WV$zg}#$&GpQe|{aA`g!6duxZxc2|a0u~jf!+uqp( zSh#7VtH8=}+2DwvoQgu0w&~T7_ADCt#YRi2*b<^Y^G2L1P!ADKiL&IZPW)NmL+14F zQ?nF73`zEc5cIQA*C?>C#=eiC0K18#=8*I(q5Pp5;E4gWhX!59lu5?C&bzRis3NOe z1y{w0Cqvk~hbCf?kVpJKX`Stlk(WC54!KM{U z0-*E76Q7%LiD2Hq%UuXjSLRVnR!j9fdzE%6!m^&~yE&Y~VSxW)(WQt#g4c+1l91AAvB_oD2sR=W zZI6=|Wxi#V)Ns|Kl4OtdMB)%@?Zi2%^sJQ2;IcxNUJF$)8>OP=tEML}?Mbdbu=f{t z>htqv&vrAheH^_CgA5w_P&VZNnEe_8IL)D9fKv1wNxc>aiIe3grqt=0m_Lgc6p)=L zs^pos!7h@)Xh&EUAj2MeDB%o3LYPQ-8FUPqe)J&BP@6xLa>TAXO9~X#)HTxFpZoSB zxFO)b`vKaYBYLJH&t*V?r*6u3-~F#_b=5byb5@?awi@=oHxjzzU-^yQ{6A;i zUr>d)0B)6OtfZ!}Jbj_mgv(5gC;(hjW=w3C&G%h%AA^B+D;d z`C8cF(3tWzh?wKEV;w6~2nZR&g&TcH$B!{A*pwePPCE8~x30hk3xMk{Kv`8H`+|6eqiH6U_A9X=hvJlBiL9$vcQeXr>Qw0+{JB`I$@>Rhq&g$Fv zfO6fz9}POx_foz)rClY}V)`w!(g(;?zgR0qSWw1!?UCNxEk#oQnj#*4a@Z--g6CNW zwT6OnGvvUJc2lU>)NsD9ax9|6ls~M1 zcw}(4It-c1)`O{STCWsb6R??`MB{)NFdMjog=vmVEG2-2IdeaVlJ0&bMBpT`9ONr_ zxHb<9GF5Wr$>Y=QaO)b?ln51C#!#TZCb|l)oPh3&G%7&iw|w0$`JP}T8!(s z3{8KNr#=AkagZhZ7?WSfwOXaSfG{wPiHgBN)jBOL3J*8vRHz>JUstLZmw<#R8_3LU zXG5dhj*P}l2aZ>zhxY4M=_AtzN_gZXIP`WK(eUM|>pJQx@b>{)4FVdsS+;Lk9@HIW zX^T}N??Kcn;UX@NN@RS{emdi$;r+hHEDo)B60}6>VSh0cZJDI3*@?C!r%W%tq=U1e zBc7e?s?~+Tv3AlwLoU-gJA$T5)=I83`6fP?yPz&@B44wdSIo}3#NT2glO4gIEvne^ z#Ja__3{>7lA>NARQ0?&E7wZNtV0kansd!lYw99?=say?^2O2ck0KtOl$HfP9U(}S> zFRJ#o=iUC1%Q$6P0m#wVc$~1OQw3)G%8mpUN>f4cBtXv@>gPU4>yvL+_$AJduo^?Z6rJCOG_jc3#F{T~{PASaVl zop{&A-Xi61ahqT;P1!E>l0KLN(L1R?wpKqO;oQjwAD)hX%R;~umBC7!l-g4(_l%+& zyhqGv)o*(0EOrYi&j_62! z0g|%~v55JUjv_Mtx@u_kWsWg}Ps2OzdN4Il?+16 zVx{poYi=FscB{Y;Aw>F)5C1+*sF2sCwW78ZQ_pU9_bp%6eWHK9C(-8Q!tiTFuw~Ml zMKsP3)-n)9KbA9i==SLH+zCvKzZ_3q%oZ4x;nUrhP?Nz`kBP!=RV zn4OCPFOU;f=flx+4hd2sgI1J<@7OBPnJ)DQV;Q+sy$TPJX#3dD`K}8#O?&D_^yzzH zoqY@K_c&Yh-ijNE*!+TovaDjO^eFFuS|R~622x!J_JWoJ0svJ=B<98w`Vxt* zjEv`C2hYZyEY%|>c8e5uV46&wECSfC_PEPYoFwu(t1)v{Zco(yO57$9VI@QRJ!-5YI?oFW(QbA0Iclzm|6k=-?GWcAq;fMLh@e zJCXA{7H4)E-@16-PPZO4K6CTd()<6hCKKtpu<5;y7RewH&~tF6b^l$=IJ_s6+eBQ+ zuBwu=I5CpX16+gCuM&zCD@F;cIn(uPTXz~~C0rd>?F<6dX=O=OgQp12{bQ>ta*B}o<7fszT!(SB#iCjh-MmO6w zLReUmnt$w?7zD-P4|B!iz!3J?4lR$AnUxa2g?v>faZ1d32GpUZq1$_fF7>ju@f=BM zN%gNysqU4pua|?bb%%!$3qpvfvT6edl0viHD(a7#EJ#!HT{|u+@xEXK#=EKjh}6~- z_d!JGZ(9893!4U}tRTFv_hSaBad1qy{4w1Ww4a>nt|r_t`$6e}%|Dl|o}u&^mKHX= zi!SU;)MypLk)9o)5j$B#w1@5SNeJ-KZqIvXQ0?B&XUNm zk=fPYMM!9xw&F}p8F@;vmTgTjLN?U+=utxB;-5|WaM_(}ji0_f+g2>F9Zq|`XgX@oFfRSgFt2p`sHkoSj zoRJa5R6`o#NZb;Hb175B?OnIGiK6DbLv)ji|Jd?+40zk*zu?c~J9KTu#Yi6jdEid( zQX}xLvT5y!^n0$k?kh&3akoTYU5rSU*1hvXDZmk&u@VJ+R2{R;A7`P5>u>=I%@F#% zG6~+0Zmh@W5z2bNp1F?mPC~&)GWf`(=b8gcfHQe!;{#$oDbGfGP2sJde?Lwg_+x=H zyQEk*%4@tB*A@CY*SY^p;kXSLy7pNr*|#7Z-iMm<1y*zF*rxc$Ir%fuU92!yP-~4>SH-0+a|3yy>tpuC;#y8@*j69*~S@LR3 z+c{S%&DiN)4;3v;x-xXKVO-a-y;jrv*=JixTg{}JRbzbt*BV||KlOQrzZLD_W1DrP zdLkEt9IB7euK|x8?Ye(hlCO$R9l)W%&O7H~gVDSlB=vPWYtM4KKI3>bZ}q9?;LT=& zGx=ebn6wFFRx(^tWn3>LS;44z+CJ2b|&9w3>asedPdXImC_9(;U;+_Q!p+#;g7 z$eGthy%c40a1o&kXApmX%k=72X~s!A#k}-sD2-Aq5et!smE#)~L-3t{{Fh1b#F$02 zq=Bh=I@-d#!iY)Q0DZWcr-kUaO%WeK<>`t|F~Ql9D#_Q{X_uNp^NAGu4zYJJ%il$a z*r^;{#mh=ZWcPhwiUje%L)OS}=8@^ZzkA-B%lqF*(*m9o>+nH4h~EpLxSe}&;!`OA zv^5gq@WUI>Abh-`S_%0dsPoBuQ2N)^CkL{jLy}UxSUNK;@ABauc5^4qmr;_?w9dQO0f+(U{3ciSI()cZ80MM%rhxYfcOL@sU}FycAxm&og>>u3o~ za?yAMcns7sv=5&wv2t-5|6ue)vi>ebyHPIxg7Zq^O}2L6^xv2zS0MUCUt>AKBX)Yp z7l6qXFCFJHQ##+R8%e^a&S0KK3l;~Z@p4m!4P>j248BM)(FN2K$wMPWf*W%{4IJTQ zr>MU`8s85NDW!Opm<<-Ut}^r6CJA;!D`J7SNib8(;63dqs?zHmWfSI;Nf*Dgi0BsQNc_gRobT#d_@AviNrDZPxFj!e5 zU=YgR?{InugNYAA_|(67w9xq~TBXs0ma$p)U;km=fglaHe5;PzNNs*C!agaYD-`zb zsvWyuCV6yHjxUb+AnDtQ=sWTK*nM0aU0vSa9}f-5t}V0QQs3Y6pZeZ$bx@iAAPY~R zGHP%bSp)Cd7Ei#Brgb>>?LB2zE97uOEieoc&Ej*-(w54PV6ZS#W}&$}cA*wo7Kq~- zshp{d3@jy;b#!>tfZ9#k=xZ+h>m!!6FAm_e-)ayE>`+ziUrp(tvV^wcMN;;z@(ETA zrVCN=mQzJ9Y!H7BQG%XOCcY`Z*vXh0jANuP}sx;Ma(vIG{74k zdiatY$!v}usk4eb^0-_l@*qGTusI07Tras3cm0LjLp{hlmZ{>1>^qim+5)pubfBvY z3^ZGi8?3ITCzs~9vNCiwNN)#NS}nd9><}o)XB*mP(1?t=ea{w0kcxy2#0d-b?3KSD zid+A~xeJ~%zWLtl^zglX_+5WF>wLqOri@{$c@pSn$a7`irDgTO?EW+Ph$#p=kzT{k zBR?|kE8^sN!Dqs&@jEYFjs3L=&YDwwse4kLin82(obH+nEX4Tsu97QaVexEI&{&Kz zkw;QG7*QyC?r%7Xl+~SX%vm))ChZtP^IvGy=>Z(-Z)qD+vS@howm$u}X|eBw_Gnu9 ze%*NmmeH#HMjhJJ{o3`vZQ-~ZXwCG0r=|7+*gS>;j{ zxJ<5OL_2JHp(lv9;4j;*h^4Ca)UC}vsH;yS7l8+`_%R!wa_H~EblY9IIv%TPEA;m)2mV70lJaN=^YrBBJv_Lq$O;U>xwlVorX|B`pr|worMu z#8}aN)CHl{yaw~0;g>yG$Ug3#LZ;4w(dW4uNb{Dkt*q8sfT2686U5>~$|;E?oc>3t zJ!lv)t4SI`OKky+gvQ6Vw8>L{UU|0A+SVxwJEkwgpIpcyhdiTcHHy2%npzrb%aFoD zxQ;TFPqJ3oHl1E7#IDyHGd``>GuCM#uTiG%{~KwK!5&v@8#W7>Zh0FVSf#ZyJ2xg_ zd#w_@(LQQ$H3oz>ihQpX{#who(a0Y$4#JBEUC;S?bFP$wZzjt+Ix|Q-i%F*Agf(*L zU(3{2HP&J!wi>n7(@|Z!>O}bvG3rOjRuIoG?HGq(3P5Zv$|$nH%GbKr#AwczniXRI z!oaNMOX#dj6b6Uk&>wwz)*6U=HhfIJ$$`1|A{Z-mx(vmzS@2w;Xr9}6V&TxffXu)K zoTV|8!-RD2&ueX~Hy1d;(nhK$4nI;>h``JdqG9;Ts`xt@LT9qhzMe6`3&B9U3ge5y zEfE$+p3er-MX1rQR`!%1Jy+BpF?oMjPZDBuB6A+)$wu>t!A7{7Idh8(%xnWRBt}Z> ztqcil=i72QX2!|y9I9(Mrbbyv4>Frf>FA(vwko{6rPv1TaPd9+iW#*F+|m-ID?*;n zgj7{fd}z(nze1?gqK5h>1aI(2k}{!P@tvScG4ww!DM;i-fJ?rDqUClD%@EsH2)e`v ziaL~=Nd@gYx~Hz!oQwLXd;b@^ju>FCqOo@&l(SAvkTwK~`0EuiZ(zP9@BQncGR`k$ zFgce8IhR`y1`Y9{g5zDP4Pd=;wQz+S*FC>ht#vfVyf+su%%Q|wS0?=mOV15yK^=Us z{=Cxv!|{y3yi7DPFcXox8>uQm5M@Q;Mtr`HSI(Kph2(KaxVQQT2^0hrxh=%JC525M zam9|Il#98_K_}oi&8S0@@(O8k>p{6zrBK{evp{uLL3^lJX1njoi=SYeJ9oMsJ)|Boi8?8 z^R^4+6t(}UP(e~2Wq{!w-p$kIm?J(#f)|m3$Z$ZoMPjL8zt)x(4GOxSeAAc)HMRu< z-%3oGLc7kyv&j_A`iSWxW?%Vc?PCN9ce`~C znO(%-X}9A*iz+wQFI$JTWY+iRG65K2jh|3}(W%3xhpW2-8^K1^t|u3(UPD(s4{(`W zTDmr}3$@CHyP_(02mJg9GNAd{mVbHEl(kxPa>PJM;fwewLi0a5}&B7jg_^U?y7 z-v{+2tUtjJIQc~Eb(jW~P6|0U8|(8!!-O;xvJDuziZE(spq%_}fRgTUMsbLs#s5K%S@typX=AsZG5cbIp66OL_ml@-AQ=0TKI#AOQB8r0tAwAHa*(%Ky$ktdebHHIbs|ZMa_RjhSzs8~Z2~bAvd(0-L zEmZZC1($-NYDB1Y{zhM#3p&B3-4kjjtKr*~FZi?-$_QcBggY8a%X-m&uOB>f8Z}he*s)$lq&7w$`A>XDXVQM1!?<8|voSzi{jNz|VPsRxiOImyYM`$rnL&JE z*IKex4qepr$-n93|>}iAfC(3y=y)J}^Xp?K%Op?MgFKEig4JIsxv+m=<{hZx*rwUWBbKPZtCrQXty5@ zQgwnG`lNlwo7+$2p#8Q_FMw08O5OR%VYL{4Tt-NEsvS{Q%FKmp4rw^j|A~pn0~Rlq zOVTudLrByj&lG6@8VTx&@foe1ekrGt^(K6%8A17vM9OTr`a*p+J6H#&qHg{d37zVZ zH`>^va3baR4tM-RVp4hFk)}FBmJ`;QZmatA{HyyjAJ_*+1-jYeE%f6lO>J=5477p> z-fULRCISTr<2nL`r+grs;Xgp$t*XzqKi})KPWT04u_W7nA7-}4*s#4BVsFP{UPk)C z;Grcq-VA|7l0I(xY;XK97ZK{S%HsD~*LSc&(ZI+ME=insC(_>5JAH&|`_j>Sry zj*f1k$VQvrN3mJ|*x5he1LxCzARrE_;WQawE#&{L^HT|KYIyJ#Ui#7a6j%vBJ&~tM1{WHRf`!+_0!zYYZ2)Pd!Q$ zH}w$ALqC#HV!8BenGxY5RgWruikXofu{kO)LAhQV%QrVw&>Tz`bron#m|?D_eom7x zb6<+b#@?|SqbyMKJo_vKoiX;6TO$!wM!O7Fvbym-X6jMyH4xPtYl!Plydh*_!766Q zlzQPtG?J)D`kwkDY(t8P?a2I22ursr=%NQ>*?H{Kf}%;7JT+^22%B~tWaHWf-LqMK zV6s{U@x&2J>|DE53nbPnrK#^rN69U03N|(>yejXyxDshZ z4Y<<;mVg;%4%Olh6?48IHsxF$R%hTZL-1r$%_ZJY^Rbm1y6^9;Greu^m9Aqu^TvCn z8_@h-JO9|qQx>A6q`;pB=A34t71NnAI5xKrLfVjcvmB+UVjcHlclq{ z{hmkA{Z8Y9Z;A?2p!0x#{Ae<^E2*wKc#U|dMIGv-10Mr->ou2ZMU$d17oEyK1}s^R zwIyo2sW`Y=ggFZ}{Bh(}QU@d*HBhA({>+T#j?%m#pK|oKFxPyAMEvRE*)XIw2#fd>ycFHWE-i_{m4J3 z0@YRK$`zvN30miXlL;C`5@e!Bup0so^LSZgyPUvnY4X{auZ8fZwlxNT&m&2^gBkoA zkn=ct5b^LNfzE_tm8F6dCj0x89I@ALBL6_aHk7=~ieau_0wkxFG9f7Hn71AW?b+_V zgx^AMTQel_S2IJ_&i2d7-&wAD9Y~#lr`AlvyVi35DblfOk#8w@P-oE< z3T1OqM%Z-lV_D6bOXCxN?17DP;)#(07C&N%RFG_>VL&uXusSo%#op!n*!1_Y?d4_5 zyIDH{i}SJd_j+yv{O#;!d-?D8lvyrz?F{Vd3D{!pe}($HzrwWN-r1*TUN-$)Yo?T@PV8xv zpYZI7V6lt5u)Nq}gltAW63ox#@S7mULDfIg_+19?`P0?ZcyPsXwYVIU@(QalyI(QD zq+h|%Y!ia*$bD?2b|vBs)O$h>VZqw$g;wnF=Op3vj)ICQMnP`_L8D{uw-8$sX*r6yQI!i@uGiM5`f zO@!{eYE}Y^x$765GKd)kMG9!^VPhf0^8cn3n+TjhX2vr`;iLln67$$=>H|~7FLhA> zWcC*#FkJq9r_!gue?W<(QQkD|mfND}9(|X#@mjI_c{&Vqx9;$^#wq>FP<-uWY&_GW z%xE6P4+-BS$h^BZO{CPqj zwhIiGE(c{3p(;xQC@-d6914-dK#GbN2x;w{K?^R@sLMfcow|3a14^v^&AgsJjwob) zR`n4qT(SXf_g^qCEM=t7PLAHC^zQ3GJidmrcZsEhpg(NK%gsSx9fD@f#;NIt2 zm7;qV$FED;4h)r1(lE@v7#+2eP3pxc+e*#v&Ri4`l*``3@*@0JL8xonXB}O|h{(2^b3H<~(#1o+T`OEiFvPWIxY ztN7u^e=4y|g3A#*qA?<;_0R|6S_{K- zAFLKsI#M?lxE0&C<(XS|eUa`4+eCIn2HdG0PWmhyg;vVRNFJ&t`#g8d(?&NrHN4Z? zY&p)F1sZ82d15xjkN=K$ncHZY3aa!*ZXaJmYS$Lfdm0!;nzQ(sp;XEte^JD-RQ70# zcliQT)v4E(iX9HWzNIwN7v%326iU=TpW{l*tzmQ=fl`R{A$J83n@uq0cgtFcn(KJp zMR_A=ik0bJHxn^q&1usbfJTztJ{(sE4OF^XZX&t58k}6=&@&P5mpkfAqC;yu=X zM`SoWO4xH~&F8tYTPO$(@pm& zoc^3vKTidgSDc@lE=UhA$@mzi0`MBP4Cz>B+Dm1hd}feYk8PKRkrGf`j<0*H&+%Go z&>|PvvC?p!bzt~B>o004(gIMM_d1(msbXN{6}3hkdwN*|0NnSqC54ai$S$kwbne)K z{#F0hsm<)U$U)H{cGkF4SG5+t4<5pGriCItOnGOWv+jQnHWBCTE=5b|q>AoMDPsGn!mml^z_1?C7sO7pkxCkm2Tf+S7fr^U(kU z8OWjy9+BsHu0={!IO7pz0J6>9xkk}K=S)9z522bOrI93z;w~oRqtj)gT3P@x(!jYo z21mio7eW_|Ih>+e=R%0T>@A-?)Yz&r=azv$gj_dROqx^Z`1!$Ygf6NtV4k9GE)!t$ zdZKEZ`XjlvHE?P+WF8y!9C-eTxLjVks#ix|Kl^um;`NqXmKAx(AE#(>GCqw`O{_U5 z4hq6tktI33nMd=abt80TS(LI)wvOq{z(9`aALD zmKhJ6%n9ovXuqbfx29!m#K$D_Wj}HB?QdkmkCXJwVB8U{PB47JUa5rJVzDsM+w2f3MW4D6GduKdlntfm3Sr|tv6tk zO2xY3wZTo1WHsYIA3nMq{}>>CbI(=NCX*Fih73Om2rf57kOQ99s>h3TA+T{k&RL6# z1xDxMR^4tE88P(458w$k{F3V3FM3B^ML75{gd}vXK(4X{SCm!}*kkcfG)Em4BX6bH zqdh2Om)P2i5{pY69YuNgISw-mrd)S|F|lO>*T*cSrjb1S*0QR zzoj#`oW5W)1@)Q)atvxz{%`jwC`hY3Kdh+%bQQv3pqu7|dM>iG$;e-;7*w;|LozjL zwja^(4SfZnTPZO{bAhW6rsSH=J-iO&{IZ3z(`Ym zfc6UdN0RFs+At%+XGFv!a;=t&WktI)AVtC$UEZ^q&&mZ7=8mT#e!fuX9+Xyyfj`?K zAR8j9CDQ(=2=}wU@fuAaa0w z9vgXzTI^kxSJGKgfsJBoFfn7nyr!?n!9dvwXy}z6;N327&(Vv5~*qGV%P!ZyOb0GS7o94KMJsrCR0TU&)L> zZs5Z5gu_4m+ENa++=L6Xh_zD|eIUXCM$Jl6VlzlX>NF>hkoMI-vz1qiNY+PX!yv75 zIoqr^wA~Ni14a1Bl0#TQ@!*CmcOLC{yT{{K{eaxBnXW%KwiGOrWSfr=vDd|Cc-z)w z_9VGkv8(j`Uh-VNy(v|lIA=mC_I1kL=K_hut5`e5Ug{Cf9&VZSUbtGOrGEjt_RcQA z!qFmK9cpNlMD&h4OF>J+ua-ef=C%Zi{|Tcou)s0$An0r}%NT~9LBc3zn438>tLMN2;>~_O z+DorLS|pqf6_L6OI$@|i?ch+ekvf=LjNw~gbUq>`T>x4&%9K+SR?(&2YwJPZRg&=oj_zJOVw#;%*(J4bbyhQVA3QkV&3t}-oBkk;Ry$^!SB4PN+ zY`iPhw(QeJ_Z5;vSeA$yAlYJc|2vE3E_|~|)%@C}^5q=McH;b8MCm@mKWVBwc2W{1!1QspxLVFNlSNv-wUk$#SQJ{ zb?v*&MgkGnTb>rSuPAOcP7kR~IwU~V##~Z%{2Gx~l+{2o;w~D?(*aX^EiDi?tq{9V~QP!_ZwnRS3Txc$6D3^CGn1O1AUbsSoMC)D+g+!7S-v8^F|CNXT zcYtnkGATVHOdxa`DulthnrK6LGFidFQ?gP4`d=`%g&CNZ#SQ-DlJ}v@0g-!$df(my zFuQn4Gg(vEwWKv8O9NI3G^={8m5dj);k#-H5&Xik*;ohK4nxstLiWq*vJkv#QD)#? z*E$^kovft_*To;*Zt9GEe@?Hu`!$*A$iO~0U~2T&?Tql&r`x(|)+xeQn{#Y|L5xBc zGvgemW&&uqcmo7076EpY2++5r`S)%V)$^8x)9VLtrdUEc5n&!2NpYP6==xv`S|aS9 z?=`<~uJoFxWJpH6KhPPgvf}-NiZ$%DVb>1|Qn8NEkVB>R1v7fuQ{ZFp(+?7p)pDIS znWTwd=7H zgDFx6y-f}a+c2D5jsKczx7?$xmuU@JI_F714Lr4d1jZ^^@s1L2Bh7k#i11Jdo$g1> z5GKn>N8SB5&Z+2&B<9WX?j*i!=+1B8BsyA|P{AYPQd57Rp^s1^NFpJR4cV_Q5o}9^ z2HxKvj9kffbtVd>*Q{KpgeDG_eGO>HAl2gD8Rd+fMGPNEq>G%8RCtzgSFWDL)FbI7 zEK=II{j;`r?Y*A(&4ut0#a*{Gwrs6iZ@%r))t-ntE-^o`g~~I-#e`B!GA;Ix!_X6T ziP#svpiJ}D+}K@dg`9TVziYI zt_hj20f+K7pOWSX^)hrh9bGwLW&diCyF8M`Ty|*W$hEyX;#ngdIdB*G@ zpKAWvG@?1^e=(n*nbe}Lj)PZqv=^DZGFMwiTLpeQ2(5;kGNAxFQ0zn5mzKZ53i71` zbrLBB*DOaT0v}*PKYY7C6H!wUt$;+40uq6NeeC_bxVw`LL>F3y8`b8cY%34^ z1q1J~ulC3?t;}4EMURc#$`%EuF9R!kpw8ImXh{vZoNCF4QJO#)JPXFE@sPfE0qn;* zi@C`l#%PxXW^`fRAu$}&9p4cwd~}p@4q7QGI~u~p$<>CV%+X_~FgF@Z@Z6YL%vCgu z_%hH3$kFc#$FSzXmfEh7%hs|6aDCLu;^~yBQ0r|5->mLuK;=0_kef-yEJv`u3sfR@ zY$A}>dfbLmM#?mbJx2z4zR8HlAo6{6`mqp;aOG@mPcn%kX;OjraqyVYG2=t*3g;QQ z+g;~0ZzMedG=bl+K~BNavk9mYi~*K~^c>j$4HNBMsnOeu-g%r2PX2h>d0%P;jFOMu zQAonqSOb%dpJUAK)AEM9D@YHt+OKPSI_iJu^z(eh+kZ*iqAPeo%D{hX^M@!BT_o{A z*Gl9@Ih0~QS;xjia2+ZI+ESp3Y1}CiT#QytS^TL^n*V-y{-DrDy|WNV(86{I_r(r`+ob@*>N5p=DY6H;w7knzd!I~?7v z+tQ2#6oK@TCSqFIS%A0z5=8??bTvZnzXtzMs!WCxLQ-dmHhI+UISr`<>D=*@(IYJw z`t#gvH%AM?_};C3yOzkQ7P5veVpe1msq6v^EwpcCc&m8ZXK(uD?r%?wV4MEr6!*yD;x z5Uz=p62`w(JrS$q0iPf=HJ2wSCxGfg(B(}#46hVqm!RgkdY4+#;RI_aqJT`C1Ch;`(dnjPWS=yk_pn_w zVhWYR--!r7H@~}tOHC+t zA3=W92arG*?B_IhwHbWDB~vXMU~Y;l^cY@1$&iev_hrsHLzCGa3zWHqxz?gQuc%cD z<=`R!bjZvKjWQZAzIxFyjF^XJkLzry?IOtc>4q4dgDg(B4&rcP>1@q%i&_h6+W+!` z3u#9I`O}!9U6Z5f@}QtLDp*|5d6gY`=wZtuQapEuc<+@3em z9kG#r=3Vlekvv74T)U@u1E~_0iOUb{mT@CBu8zZ`am)1Od&5IMmI{A z%ob1q?MXC*lmYPW9m?fN58S}O+%qwA)%a=_K~0q1qhQbl(NIn-g^$`7)`fLnBU8rI zUFM$zEuUdDoIs@%+{ZBq0`=3}LESAA+6-)a*$^u9@I| zn~mMGP)7H!I5N4x{P|!`X3%?dBK5{1l57D|17<*T@aiz z8nGEUbCuQ&xr60LZ=pS`YC>pItYo?DvhgdKvg&m>*Pwe4YBQ$_S%E38oQKg=0CEw`L<+)VmS(a5;RBc1w_DPH-8V)r^7M$g3TNS5=xH6d+?NuS127JTjTggzlfdYX8?l54$G9+TM z)M5+-&{)9Q0dwD%8#W&)^5$GZ?SzCX)ip^Un$5gVBK-qGmEucL$#Um1-dy|M?yWea z#R~Q2HcHBv#cy+&z7Y$Vw`Gk6tm|N_Wa{z_s+YkRKgj$_5gSK?t+4pLeeXMP;SAI>c}K4pfimNeIiv^a8o*oKd}0tJs*<|kvuY(7 ztvl%h_!1I`*yaME-qM9p+8NUv!fETfV>SoXHM9*g2pmN)Qm0zDK?byGpeapkE6=Nq zvAfHc0;Q}KPgw8nlIE^rNx+2V1@@3?nJQ|%|Au0#?ZyQ;v3)z4BhJRWk$r8Q$y6h) z;6dTq+~>&peb9E)yHnb{Crrdp4oKAkcO-UQQQfX> zK#@!{DVQkKiC#M}0zsEkn(?;Y&Wg&lVJ?k9b&P?~iW+52;8@rk< z*W=z|-#Vqe#eQ$G|CLzm>nz~uaqPD)3d7@_6X%YPWSTlq11+$9@$R25m6+Dja{bNm z-po!(FF=`UyEu)3VQ3HDd)UQZ^bmIkyO74fzRSn}r;u+$As?MKj|W5<{%GuXhW1kc z7yt+$#FjY+i}z-8Cc@Ankb&pG7zES_Py;sje0L?Z+DvSLefKr zlGH{)q4lJ1*QSxlc-BHweb^nupyfe*K~rDY-z!88JS$x6BEbKc^XuZJdYgB($%4Q{ zgCoOPKiuq?1vV9TYDIgZl~hciV(YAqt^|l7qZpaSAcP}GR};dnS-vhXip?gcLIW<{ z$gQZC7}VQ1oE*bc%cO9^T|Qi4Dqy9DBJg`->jxw2hvMqTM%DL>W?V2mUL|+;iS!}^ zhamz7ApvK!C|E9DlK*}5`FB50kNupEN5A-=AQ#q8;feH6`3Qx2LYN%A2cBwsG57p=M8lPmu)8b+JK&CNR2>2rWbH zqC!aSHLY_+WXg-ectNONuap;Fti$ z0g*!sna_MEs>2t*UmdpXoy#Dv#KN2{%Y^27`*Q@%Bwx%CO4ZNm=k({*&+*SUKd+C! zkfW3*3Ae%f_P;3?WdXPvWv)m}*NWUQcBROg(bih_-pPOVvpulK>+0|x-+2Fyy??K~ zf2ZERmH)Xq{`2wX8SmjpxhxBIp0fqN9Z*>>^@8cQwf4W@w~Y*@C09`I8fq*dUO=nY zANC7098>JgsOO)~j0Mhwfk;6pQRRG^(YExFzA5kL`n*c}Ijf2v!TLGcJakL$xtT%sxSl-rFl^ACu zE@{mm(QUnL7%sF{e)|4(7gG<{ReQ9Q)1HyyjNCUEBZC~$;Kr*7q2!9KCng55@-*m| zd$g>?RL@5{eievw7tOfSchIsTx>pN@2lLk-IEXbjWtwFPA1F}RkGvM7b=pc1C`#+*OICC zvVc$SygoRzU9FA@`7*XEtt5JZVP+K&<-zluaYfDqk-3@bpxMK8g3bHY39Q#-vwgFA zGOsP(mR*@{@b-XjKzE1wz_At>04YY#nigz1P*X5v`4Zygqn7KXdID;T27)$(RZ85d zO5(8Pq0KpBzq9-GaF&UIDZwrD-O~!S^u~l&NQ$wS|F^y=fLi|_Oz@tOQ)`*`zca=# zubIw{GEhk>bQRPy7-|{1&*m*XAvY_j@Y-><$b&1kKA7}asr_Sma3&5MMtlA6xyuoZ zX9w`z!EE%!zO9xq&P}Ifzq^QhtuZI9;-Bt`FufWWSwK#WTe!_aR+mO#`_RTxh0~rA zQ6@>(tD+4Ns53NrFBY~wd$DjY7VgEuy;!&x3(d0^3-@B-#`9|w3l)n>$Wf4@V7Eii zJ*}I4QE!5*WD+X^MalpM$96$zQRI9MR$-<5C&TP!G(>#^=c`g^N>E>Ze(bAL^Fiy?KCU#KSaI+?&r$WN#u!3ED_Ps2a6;xc5 zMU|ne?{dhVf*=m5X2PT<-Ea}hn~v*!Sh`ANM3a?NMej0&FI8KcUb#l9hXkJ`lEzhb zHWUMb*;iSTLulBSSm+O0v$tcGGY^cZ*0=<~y1oYA)g2~ggtbbz*xg_wX2bXbPK5(! zUT3gn2jAHRYRzTFC*VSbS9Y*pI4-wG7>Ier^~e_$k=vzqm}?+H_wJCDD)DsCd;pu< zEen}?gp%cKx=Aek;_OGn6SSVP=^)%-z{V2tNdRpL7LzFvvRWEeB>~-GL;D37bhVGa zRtQ4T@!zZ3KiVb_4-?o58A`{E@bL3SM^McuMD>A z+j7nlObm!tP%au|>l@v$R&%8BYG3!2ctCrG{*hmp_GMQ<;&Z&$S(jJ4>wHHQ5&w9e!j+@GM1+tow;*v z1dtCO4^2LNelyK)rqk)PYp!ReBJ8BL+74wJ6Vn@Ot~pxOt-}1;wVB6*-fqLSYKLN2 z%+YuSwAEK(E$o=IH0Pq5=WIoJS?^soP-}KV;oGoO|$eihx*lh;29!*5$ zxr}FiXf13h+(Y`HuDe0EYX=c;0s~cUXGi8#cjShC)F6mXu;4R8Su1+2dAP}L(M+9X zE0(gHCiU)3;lYn)4M>H;9>vqR7{fudz}0YN%ZKCsV;4>Xq6X zcc>WkJIL`@(#cYysg)q6zxfVweVb}aH#GjHdNJ`(VclN0^tzE0(!~oJhSl!S<|oP< zfs)=!I2(7Nr86g3Ix}oVIUu)d5~Er-5K>HYDGSJF?umoL!WJ7>mdS_2iyH8r2`wDq z6_PLkdEwpYxx`1%HN*OJ_L@8+M}ULw>Q5q049%PK!RimXiJsvD-4mJHLLfpStMl?X zH(;!O@yDc(n|0TV0V4dQSce5YoSS{x88`C*Bs87YmjTJnq68T(R~2yig>T}omDefu z9T(;8uH?X$=A0a83-9`M8ZO?z`^IC%mDR1SHf783`Sm-`yEUq_!WI;&L@Z%|bgAY} zD9{+O&UTI^zid~I3pQR0m#U!X3)aduB9*JlbkLa%=Dh>ekkG9)XNj%mmn24wk^=tl zs}yz?|LNolTp5foqO{7X={TYJ(hA-RldVncX3B5%D6*Vi^Mox8h+ZkY4*;ZCt!QrX znj!Yl2(`v~f#Hx~!suFr+S1tyc1c25!k187$DcK5dS9kkrHSshZIeHoy-;n(l=*o2Q-xd%iGn{8@o1kT_}W=Pm7!}@|MqY zrjMgw2{g+uUR|73y9`e5Bq8319o?XlLBAL0{2D3(3Ryzhpj{AqV&-dW{zi6YxB_f0 zCK?zUKr85seqLRiy~bV~ejxb(Dd+wqP4R=AO<^k%s0rs4Ckr7mybHKXg+W~rSh1NF zR@wAZI>AFDOdX_dX{V+Y35_hnyGegNT@S=6bYG zpMfFrO=5~gn%{;b!ct({#@ke#OHiEacLmsP7>5o_vTEZBmwDU8Zdj?GOxtDptFeX} z2dI}ps(saR1N!yM0M89@yCN#ck`+W1Wpt%S>MG2mNVj z*hje6E{$ie8aw#Z9&hYrr^>uBcCB64#|~QUV~u^lnWb11$u!%6Qy(2Q(AwUC-`{4d z1K$HHp`er1-0hF;#@AOU%$Nzln#^dinwS{LYi6TOuF!mVsQeO6mME%7g^2d4Qe@NX z-{$GZciw-v^wCV9o)Lmbt+O8Y^HYfiXs*rOf&qHoZjS}n70rdk2Q;GtMs&~&71(TH zaK#=iUch(pgD2@uBJQb+oQG(Enr%z3`hw@Gur^n)&vJoitbR^=m*8lFAZ=^DRSiL# z*WkzkyS?#W9`Ob73ZQH0wChM|@qA-7j6u&Tl)lc|9cZ|@sJ0onCt_BxJOu-xhbpI- zv0}J+c855~+ya|fk32?aq%57IqgMIHXGC$#re-0e7klbN1jvv!@0z4zNTS zAWmc;J$9w`3ku{VhsjYzYDkMxh+RD?>S+ABI8oq^co?6yA#aD{QuXJ957d{1a>;~{U@d?n>oPlHDmJZi~{RXLwUGWBqzriw4siJ{@C zp3*VlB5}C0VE7h=l|TjtP9isQSZg@P&NII`HQ;l-QfCl9+1!b~Y6y+p=opocYiXn} z{btVsH0O>svpY@9n3}YVw+q_(Yt@{uSn-9=2>hbcHva5T|B{%W9)^LEo+b%i9p_L( z-m@8ka0Wg*=N5B-?zJ)YF?#(Rapy(%@Y|tfN>YBS`}f=P#-JIKkYd{Yb!Vt9fw(=V z=1uh4`Aul5$xE1+fG^&&;zs6IIA`A-)KjPhpP>ja;zxmvp!Z%1frv2Eo@U7QI@(Qy z7->X_LHWtuM2eC2Xt9=Tx$Wb{$U_AFkvsbWdcHK}pH8DlmZGy3)o>DIvz0b(S%1q# z$v8r4Y1ly5BlcN)OiRzwm@2XZGcsje9g9|`W&vp4_B+5A?38@^MFSH*0kIPo<@}r$ zs{oD#i`-%JuFw<-P; z18~>wP3;944uu&G1R5SgLT>1mrx&uIi3iXNK2S$Wu7agAt=XeLkoZQdrKJydICol?|)T@CKW%D6rXF<#>Bk?+WX&Cbh6Db%u|NfQ!4yyTp{ijNX9SkLrKnA9o6maTRqT`CNbk5?K#eRZ! zPwSBJYQ_HZ?_W&_pRt+!%QX_Sgkib{|(?6NO zTlnh>8qInd|I&EhS7KbPkuSE+4K9-UG6>QH3i1q75gLhWIRiZB!fuDtpS9pGAp5lRiNMDNR~&$E(?MWfcHpB^NAWO3{3c$vwQVDL|#t zR}NUv`=(AssXK)_b3zq)85Ib*HqYf16C_GXRrHkIA{#}oaz^7RCg+2>&R|_s1BblMys#>Oj9_lsgd7`p201l0ElH*(2}3PZ(QUxV!yMu0K!EY2OH2sNrn>m&wR#eG+%5HF}j{aY7y zOrYsVGpTnn9)5M~MmCzSuwvx5k6aCSlUN(Nt9FXWB04pD;Kgal3QCb=9Pu4;#V~(%gEV+ zW@@FSDy;5tq|661v(2-sKLQQZU+)4u>h2B%!`AZ~($<+nc0*M|i}*R%=5DoGPtl5z z%OqhrER+qhDptND1bjGHgs30b6(4SHB&YodcH_i9#McpRj_LLuLyqDP`Wge&Lb1jr zdhL-xR}!X2DsCi=tF(~bTOZjXWcvD+tork z3LL9rjKjT#-vY2y8SjDfX+GnbfqqWU&oDIFsD>E2Ywveg(-V=VstT7O3ruj4{T>=I zmvyTCmfOlzb5?}}=S;VN;|lHdZ9TnW#q)TYQHbqYXG~3MV;U;HR)0oa8U&Ijw%9&c z3TvGb_*0+U?1m!vs%Hwj9PrwJ;lm%~pp1{t7;NC? zQ{!#-D{E-xY0o)syAcfP)!#FjL2!2+9I;qIOA`#@ad7Ja129bh)G)}lvl{LPa0qW4 zUgH(ZAxEM!^}>IEQDJM~#OqKi%qt^qZQokpu}&*6aLk6NK>k!2LFGkbc{AK2L>#U$ zW3w=}E(c`o0}=&*OqkxyhDnf{Vk`z8(32-{g)Br9%g`X+WAJ?`BFskN#o7u=8$vFa z1rSs)L_k|$*o>#*JHmiFYuy&#W$Iw+t7lH5s~eifL#inOx=Axy@Hy8Ln4py7izMQ( zsK?xl7P$Pm9C=H#A&4FORr0MZNrmt%6Ln2!S;&+YJOV2j$2#P=DJfdr_1UuSL%f|q zDzGIKLXSne(6-g`cq?L7yFPh4HBUAP9_uB#OChc`XN>Svs}EEZB<2fObKZDkN#EXt zX<|RDAXBnx2Q7=H{^X6UVy+QoQ!Z?6ok_jBpzGAMtJ$dDL5~AY^l7_cNuvMT#|H;W zlXT9DFNMspDy6l)nUtTSIG0&wtmf(QHuHkWlKk3WBe|M5A|~Kx!(3=VSf0xqFQw)% zhOJ%rjM7&IwikmI+PBlbW4;X<8yC28L)SBb0sLGnty%V??e&{n3oBKPW)}-*4yzen;q`*aTYz*)z0VJo@$u^K zqljgN-$2A>#)!V-hlYwj8 z5AgNl7poVx_e`BF$VUdn%yF~d+-6j0b@VOeiQei>cn8SgsC#=oXNfzrenF@pjhhzG zCPtwZD=M_`dCg_1Y@}vc;05V$5LSG-vM)z8qmfp8a~8=wcIPsnZ&lEuRF!lDS1)*P zAJn(!_H)OA6b7S)vGFn0)HZ(GALCqqLL;8re-(U-k*67%T7R~RQ*A!mUBKUApfdh= zZdi$ps;;8IBbjDp!912@j(+IHGxC&J7%I5vPEso9l1*Lb(<-3)WW>D_Xh+7IhpGLM z*&ms<=cA#H=AkjSa^ImDr)-(q+4RO0ktr{1DQa57g(_+V1kIu53m4VNZnK0(yhzrb z*c&*A3a%E5Pdc0xIGj_9TV!m$ZoDQRpWT859*6WRZB@!ly1lpYVHr1k>ktrbf{O-9{yO`A_} z^cC5f89h>g^X4e~g73{|6hk-j+lJi6h1gcl zoq}!c6K;3Ir>~&==DPz0=9|w*&29X`-Fe9d3)DBCyXcFfscAbl^k4<fyg7?km zVGH0lpZn4{?iLhhOqH(^iavq+FmgBhXoZ&X-l@DU7L4-Y?X-~|NI>$%h{K9apB6>V z=Vigvy{>s@XI=(iY>*#ejlXaEftT>eRrog40bao8R27l(a{**-QYJSdAobtW4aNc| z2lQQe)pMpYiP3_slQVM13gFOed{RNOGS4L7olvnsx`Fu)CdtHRc42O!qhwA0HaQWp zJA7mmbc1*(5JI*OKVT#c#CiuD4uimi(8CR^H7)wrKo<*HA0gzYx^mxv^x)xrIj-9t zCLgfH5i za7v~XUzh@$W)8LtqKf_(5aM%?MYTCN6 z63zJc2nnH)jdEM*N(f z)uF<*^^pywd51ZXJW!PW`+gfsUGN1wPAEI|fLzcoP#Vx3sMU7G)>b>D8EB>sX~;iP z)PnpBda6Mma;g7?lnJm(Xc?5WoE14|*No77&WoG^=pybc*u&N)S8T{c1)gjGf7Gp3 zVB|LO#7Kgulz@sEmMqgaRqa|tsaQT;mON%B9#Py~ZXyPQ=NCg>@6f($81xleE6;`N z1Q_2oB=aTJw;j9}(Sj{y&VL#rtRof4%xpCXF~@E{0m2B3yH37Q7z7URpm6&H6z@16_is%7-zjMoI`|3*zHYbYj6-u6_eM8bF5w>>_|z`%$#Q ziPTrXEXGo_qB)HUmUC6`2tjkL>SX8!RWkt2)!V<4y}8o6v-CHOfuMwUuXv#N5sGOw z?(9DVmer%+SOq!VN7_Ax{li=Pg+no`#_jHIv8o;rr)pOiRS%C(^|07fPX?FjNnlbv zG#=FmM8e>#SSV(&uB>#Ct45VMOk{yV3G>-1?9pmUp;2S*_w$awOMh}f?6fT5>Vi|3l zWETv`G9HX&G!V;^24T4~0L%Cb@*%K_9uIkB6zp6mKGFUd{Q8c;1K|%nI`+^5;|~1- zPJU>~yC9sQEii_Lb6LjY3x!|(<8g(?VhXus2q2eXJfYA8@L*7hZF2b^9UbUy$UtLJ zfkq$#g`)wDAq#xQBLR&Db{LBQv@IUZgCPIhFY3?ewH=4{v+c@0D9X?dbZV`Mp4Lk_VFm_Jdc9R^LVH{ zyOznf4^bM2!ZVJV9tM5qVUc$N58sxEJLA^((U5i?3uWhV5q6#iy3SKT)_F8koqI&o zc^YUskBX!dwong^pz{>ab4GFfVbq*$*!;br<=iJy&Zu=8c|C@q;{=F;cSgq9SsEl9 z;=n}6!`Cd!S)?zUmyNh)!Sp?>`S@XHTTe5YkVZvGlg?biYGV*!XGQOeTm4Jr6ly^M z2+2ZV;B7Lr=iBJ7W7W|gFrvu2({mOve$7Yr=8q{tb-4JV zQn(?=9O9z}nyhhJGk$2vI`UZjSvVvXeO6Zb+8#8rt!*l%R$cXCi?)+)lr@ar9;Ra? zIwx}@Jxs|fcV<5VWuJ-jTrP8_EWrSVTYy*(f)t((pP#9M<^U0;_)qq3Ln<0phD|fm zETIC4ZgaeEDNk5@hp}oMdI62-E;lEjIqlHdBL&M-E@*=30cNQ0Wz2ApM%&rVio$@o z;A+L<+PVhG*`Px&${ZNB`?Xx)&?;G5FcuFQEKCZwkTKhsb2}mFi47^idfNJE>5HYC zd^S3~BPHn8>$G6UV345f9uH}mKmp`3r$PaM3w)q;X_Hcf18k0a_F23g^b8nI_)=^B z>^7sQ4^R*m^@Wt```PjADag%3Y|+OWY<%LQdAC6jwst2qz4I-Y)Yt5&g43d3tCm zth8;xketYAt-QP-Hx#p!mx9HRT^hzf$h59>=tcM}!2bhg7L{oMW}dKs^>xg%T~?el zw1;YigW|r?6m9g2Yb_3gL}f!$m68z$#8%i4yTg~me9r_9B-x63DZtL?26i+(tKRtc zA>NAix!J+J`oNYs6=g#E_G#m!--GHK6!bbS;B{26>yr(1y;G3ufKsbSk<;i()olBN zs-kVhnBu>GWsIMi-Z=z;;z{1Cw0o8I{#4p3D<_k=rbbAUH?G};=EM8}+?<|W)oraw z)HB))vs}9pBR-443&Mftp=9o8?4PA9=)?p&>OmUUr{0XvgI672y@LAI0$)Q#c3jzo zIvdJdZ)wz%x7r$~i4=p{xAB{6nFD4_BAP@cMl8axTGn@FTN?GsFg zTs%&w3KC5B66jt6t<5t`0=3J#mmPnBvZKd*YpKG9w}r}%=46#3W_bdL;zoYj34uw0 zw6jxhY}KlDq(@~A;Zm>cH+ou?zm50~w;4tQx#@1c#ud7TLbw!*(WwS8Wv=%Iz|!GI z!_W@l2~yfb(KTJ|gpG!ViPUI$=$1xErWR2ApBoU=&8V4nEYbdI7xb6ytNEju2ECZ8C89ih&pB-n3jXBV^BT9=bMPZsxAf9|IUjENolm= z!dxV1HPEYQ!ZktgT7pFu#bw=a&=>%;-jd~^+E`J|&3R#TPDKtZt35FFJ&f_$zu|)V z?Y7-RS$p!(~*zsxm3yrqd^6Y>ewlCTECf}C7f zocHCFX51tjPpOEfMv1RdjW;8qrf}^~ub-d%=H>tUvS7Exf58R!+ZWH|;upM4G1sE{PYvBA_Cq{j+Uhf?^5@nqBd9*oByV7SP#(QLs4c&Z@sc zTHG9s^>D1H?hQiB{(;F&G$dV^3ota>JeMl_a7HfWXYsi}?7zeyj6;N32&@1_19sOQ zF%~P6M^xbye-`g$SKZ+H^Pb(9L&jWmDvc|=J+dgl7_HBqD$|fCapG#wu2^&h+MRW1 zxSlkhT2P+&mC%y)fXSPT6V(cuFWI&-1!*#-fz}Me3Rs+QdBR8_NeEDZRa+w|BAz@( z^@{*`H&BqxR#c4<`QZKLt!~9P{8BF3x$r|IQT4vi^JO6u>jK?ejM@Th=00aKK2&}S zn-lG{M2E;%m)HkNIhU>*kVlGwMk^z+;x`N-=e2@X*qW?Rc%ps1v?`nPEMeqN4#Q!> z77G>?|BVuMh2{W(&=xb{PxfE`-L|hok_-0GMR%c6=No9HcE2z)bL>E`3k-cm-axuD z+OMzu%RRYdAZ7YU#&u+UnltiVUg(`D6E-2|puAU~01JLE-`ujOEIM65gD0Q| zekyduzO9g`aOyQAs)~kvjH%wG(~4~Ox|yVEgMVd8fH)GeXgvr6^gm6$rA+5s;2?~( zQF^`F6&Er5+1LHxdJchHg)Zuc5g=9$U8H-_+Tf}@jH);PENL<$uRT;m{HXhw;Ey-( zRc?3^M>NME7E_X5NfR6eEGO!T*0B7hA_h}jGoyLIqcWknt=!vL0c3ECDvG?&*KORX z;)L$iWwXKNU6!$&OT;rat{(qb9AQNzL%E&3$c1G z;*`a10TzK9Tu74{qd7cgm#QPbkU1m>AH@>Yj%ywj$20POv0V1X{0O$B1+RkXtXsA~ z%nL#lc}9+)Il|MF#VBbWTQMDz%e!d7`n9+y{{8p8^wJmL07JVgk$i8em3WJWF>DQL zuqB=PfcQFL&n6Ww@EkyvM><;hhbA>ja<+sMg=b~U^AsQ*wHY)EnaM;h*B4pNXsnf! zB8T(7wWx&c5d{rG=%i_JThZyVV~AdDw3WO;q;=@i3N)tfZzV(M^`;dWw~Jh%BiA=80jgr7)4uF~bZmJO-jn z=PZY)2H8`p3pHDwH$ZzF3B)p`ywl1TVgMTh+dyyxi43|1S zEa3hTK!XeG3;?1ALZJrQ_`)W?<+KAKPsc|+2k!5fBmKb8rVk8i`WSGg0TdYU%6Rb7 zY74&YiKGanjd!)ytaMZu;kFVO6oP3cU|B?UMqvp9P`NwXN1ekJ7M?SgEQH0A88!|H zX-1Y$q`WFKyK@jR+PD8)L^3r}KaLmlOG8Ri)H3n&YGW}Yqo$kmSbO}5V*y3Ea4yT{ zQuI!_vlE*>ca{UqG^*^x zY?(7yG(1Icsw|kVVAo9VZp@YOVfL_Q@K}7&g!@S-T5z@CdgcG?wR|rN>zDX4F{VSm z)K#XHd??0KRbTF*N-WA;w+Pg15SHT6sat9O_HtS#a!wOlV5oaWmmBZ8k()nz1^~A% zUqZqhnjE@qw>kNV<@7CT$6?t*;;^cYvfjTpBR1sBd(y}vpOwYUL z_A}8ld2asu!uN${a62|=ND7GDc%x2pVawiL4(^91UN;*xJ#My7PYLtH8D7 zd9rB>S8Fn$fn6QoUcgKoqjYTf%1FQ!XRBt~ZCE&$v9rMwBL{$6NRfj&8#w?sk<(2K zqI;D)ug7YMJY%`utiF5hR2YcjJIoex)WM3f1W#5TK5yWdNQWy50jI|ACxypFdWLV{ zxyuCncEj@+y)%|0_lnb=$i>w1~96}^TO zaNu1Ym0MT`XMfd%_lM5RE+bg40#M?@kdE;TYl#HW-8!>pYio4+R>LMe(8p<}o3H-N1cV zTgt|gdCHx=F1ydqoJF)$%$B>1iPGC@mD;b5z9v)h>{wH{z#{}(>kA(y@EK&_l@{;y zy7!z|USRVL@!)>1Ga+Mkx>#_*i}krocy#AbqxTyvde_@Z-jExH^Mt+DD+hHesvn)` zKL!mGz%yS1Dxv5(P;C5ajOO=p3HmPZdIb<5ufo zqf>GQdi~3x)}8jBBxYR0o%V+%xVy{e;J~&yni1=!OZ_b@4#{9Y`*bzmlrT-$HA|db zz!m`UYyrAuO)qD9GKx!q1k-0-SR{1YFbJgfO9(jF9j*KA^-{X-+y+cFskgI-T~Rd> zj^>WCEX*h-fOxbtJX3$fV)NocT7zEGXw}&j*4(M0WF|E-4Lt{TfdVN19;h5g@{1>P zOEBNwJ#h50YRZ~jt{B{Fuv=)soWbmjf~SQ)SMAqa$6WQgzO*33VUS3ee$m8&eCvA%%WB1vp$`NN zIXx;e+YI#Uy9R1X7&)?j0#dLfF`0@^r`2+NAuFY}&zdwPb)!~mgMMSi#b=Wj0e??l zXg&VWc?q~2fR)~~jD%bq=kPyg1RpeppDo(XuA6J^6ouHy`;50R3ovJYee9Xhzdm_!^884z#fxLT zDxM+yg=YwNzceH50a5cz;SfRvpn^9tk4?C=*<6@`DvT1&Q+r8I-~hVQ+^sZ%DGUtw zydYntGG||T%{&Yt+)!reuVSZn+ z+l=KL;EJ6*{}s4EQo6Q)m*!R|Gjp(VmN2T?mKwOzJZBV&m)+2H=ZswlkFk7%MHy0( zoo&2mE=+4k!Z1d|Y)^RZmoH)^$ifn|8m*k*5Ejmn^dhewh8~mP5dE~N|1B6}! ze$A4#;|s{l3<|-VMprj9k0C)WqXnPygcn+V?P%Yt{#r$Ko*8|@pgd?rZk-uSTxtu} z8h3_43hrz^m8u{S%eA7OtjSF-yB!@PtMF;UyyooY9;H<8}h3#37r0~EX_ZRgO@V#Q$qd8TI?2u(qZhYENvc1=Drtn8x8P3ch_a&9oVH1(gYM30vAV12L$_hZ zX%85VO7ob?>TU2Us~pV~bK;ED(qkZVSykllWhYkgpved4o6C$YfnM)A?PhybVjo(3 zQgc*tzyXH0ENCs@y2_q87t&uv6X9pHIJzb@m!%krT6B5L?-~PrZ;WtI`Jvw^?*uCd zW#xiApFJN66!^%ZGFSYXePlHLV378WHhs1@xAqPRMxr-p)!!VXlLlb4fXCy`e`o(D ztvvQ}`t{E{S{HM6D_(_Vgu5xv zjW=nRPw+Wg5dTmt5Tn+EF)+bTDWd}N!$j=Pfwu+WJ>cdd1M!cuHEwZbjvvJT!i{7i zd{P>BoAbQcR*N>P{DjSZs$<{iX?!meV>Z`~mzk;PW9#%gmYM6DG-cJ0Iy-3&)iI=v zakh`g4X3k*;bGP>EtmmS;O_0-M$Hq3 zSvUTyvm4;-M>20vw*}s4;o{*VhRd&N(S+w$(NKE1DtEP9xTCN&lUC*YK7=VFHG$Yr z$x@Dl4pp~Y6~w0x4#*LvSSp_KgysqO ztS@jfU^`;sn&%STGS@Um7l8woR^;D~zCZo=_xGpo-W+2wIXn6a_{$%m*W9l6h}d!K zO#r@c=b^`ymPJXEWKGyD1WsIUE0PSD+^u5K`mJd96K!cn$7Q*LLK~#ZnqI=xSl4h} zUu_vds|IWPdIXiU4s4(|Dt1){gmGFMtdn*>wVqHEF{SXbqhjq{cIE_Uvh^qqX{+=` zy-BDlc=VS9@pm3!MbPP!7wkcBwdviIxTY6Eq1l83fQ+PEKkgHgqSsB zW^*-*6ra%>HH&2GqsaDXBBKo12B81MoQ>bm8^v&lb3H`;b=Q1Cz)%+Ia-iJ7nCy6L z%|>@Ec)}2{t5)m494jEEwJgaE#i%*po&D$zmppq(-UwCZtU_LCcGD&v0|gp_5X%7= zF?`-&WPo}}4%lt+`-2HNxLqjyA5kpS!Hk@xS;8Y;XhB#kSYCye;SaQUT+>|odV4sk zAfdnr5Jc8zEg~bS!!>9L#QQ+pl{C&4L}JqE#N@$Z>?BvN0Zk012hHF^xBsoQHxoID z+4YHv>GKH;PZ{4%eJ)gygXahRtzTGqYvRwlYC|(D+ZhCyJv#t(LH8O_K@vs{Fts`4 zYxKPJqQQrR`IDefe-dDsAtR~7wr6qj^3sGnFC^YQta?SUqCoWan$`R19kD(;4{X-a>Rg1q_5g=uJ@xWJQRT0`JDQ@239 z!ha9a2>q$dnU;#~EP&aDno^hkoV=z5Md1rMmyy2V8q)&Q9B}&JtI^_<>v)vRXm(kpOaL#28Ne@9ITIw#^eK7 z=HQ<{&lMNF z5NY)Tuiw`CCh{aNE97ED^>sngGAVdAP>KXjho(hHD|glEX#@zTn#-c4Ieux8zXpjF zD7&?>cT~`&ZVEUiN%2oO55p}Up?O}opV4c|6KVp!6f2HrH5;>nWw?DX);fR9NJ%Lp9OFl(w7 zxce15#%yuQBz(cZzaGSoUSWSV zX5@mJEc3ysIpd{}B#~mNg#s(H-3i=W3SP)O9MpUW0oAmphx*Zy26^XwN=YP>ghkey z1Pg3`HrAkE613Fp>W^SjFvf!uT(pyqZ%$vodoxSp->l@#w2;$Mu_^C^vJF574#bVU zS5Vxn$DvL(1YGbHb7eC5Y4VbMQs^~vu^cQ0|7pKQn^O~{PHj24B*FdDlsfUPswWR5 zE^cwX)fVDOii8hC>SJ!yKFN=a+=!~h`c_=jK6iosg@hakfCblr*(b&FI;pWDf>k&v z70YMX{1aK-q1znB`jIVmyS5+MqHSr-$1Xm@N~p9fR)~oJJlRM+t!s^GK99b*p@kg! zqExHp?a$2e-y8?-KPFqNdhR=Kt9tG^gUjz|OfFaTJZx51^^CgV2hs7zgOBS+^RiuW z1>Ke=Ch6b*x#hAsjithO^y1XcJB`yGBwO-yciTpq_ypj5B(eQEg%Iz+ZyRLuO3#ljv$D^X0YyFim<&*Xp0i z6nmLwaYayf(1RW_(&cFw>mNCO<*u7b9$k-kl4i1dUh6Pz;l2dg>i)_kfVY`?QkX9d ztlQe@0EvX=G-UxdC~#xeGRv2FfGAbz#L*%#tg5QR<1ka#Frr6$XD( z({I9~0@*(1fJlQyi#Z^s1iuln2mBH-n~;QGF|ttKSZQz#8kMzjw+h!Ey1+w zu-QTP!COy-lL5JxMcA;TQt+J zy+iAZH5SJB$R2b zm_X3EFsv1i2AwOJlm#|E=I1_VhJo3_utV&)*^tM{;a)_x8`erNE8AUdGYe8@1=lqq|K zl2(Nc=@E8Yuw3s&&b-aZO4d*SuU@6Y^6h= z(Q!pGsytK#s+5d4*tM$N>Fom*O^`1gDqk%l+IKceLbELCjrR#!ZXsiKUd|J)Ru{W= z5Vf_9VWt~#PF;?o0SA;&97H>P5oj5eODGJkcfz*p9}NkYU&0Kg)T@iGoC|#3SK~KW zBU-4|pMDZq?emBx$$*+szppLRM>*Y=c}9Zbn%3-!Ku{Ro=QBi%>c2}{7gBizAEmIX zJ<+$j{eg!J1mKTA%X=5w-o^GW>|(pO@PrD*k$Rwf8{pTT2_oE2&=T%&M;Xxi22Tr9 zdcOC>R|r(+fgB=mtH(Pts{w=T$CSAUre^&kkBL>#RrPCp=#DTkQ%-;a*$F>9R3w&B z383O`ORE4Ov{VgmPA_o>WFPhk9)mr^@ltMsRyp~F<)mc#887HxaDB3g1Q7{aTuJk^@Oq!!hBa6N=nW}gxMN@A&|4-~lm z)Ry49=3#*04d2frxU~g6 ze7l`k6U6u`fyY5CRt31w4fPV`8vDH>2~RoTTfX;d6vPn?+eUF-^=;mdboR zan0y2Ywemh5U@Qe^PGtySr4O4RL?kh$W3|()uejrXR31Eff?AVo$8=jRe$JQ^*BGN z{w)*NRO1P{KoiXk`U`3wlWDXb@l z-3irWLBAd0H{{XhL#BItGFlWY7ca^GKKlH-pQp!vK05mG+4MjE_Pe9cGx*0>$A3Ql z+5YjnYX|gHq~Fkxq+dY5(clQcZ04w#0MUkMvk>$`3|Itdqs>M z*jf^d%EEtQ-)U*7*9A3nC5Kg2J_%=KrQc4qR_;ZumVzwAu0nTXSq;GZZP1%47X3Gc;Q^?(|v9S zhncyO&1??wPWV<)QH|kf+wIRA`*l*hCgoDl1usHv5hd@r=F-`TV7#s+QgR*2MWE5@ zqN033PBdfWl}C4ca)UAkYBjsPh*B3j8EPgAmn_n2WfKE^cX}F!nH#6tRW#8er){1o|`(=XR>KXq2Fbh>3+-~(Mk`d8;*+HzCz^#`!)soZ|) zEc~VB5Tj#}=WzTBDu9~>6}-g{IOppt>^eP3F_iE+-pQI;tm}|aawLfRh*Gy~QCHL) z%t_?OM8%)jgDvf#q8!o6;_vkj7cLwTPkpu%*sZ7QA{3dltm4K459tCYtSpnd^nI!z z`5>6`$Z`F{#VO%qHuisoZv0(i?7BZwg@2$8$+E} zzvp%AfOfA#3ac(JEdmPvsv^G@()>Cgw|8CyrbZHaFS#!)YAJvK6GKnny4$hIk}SA3 z^p1_mjpcPxcM04_L7)r~D@h{^-yQ%$oJ0}E2QVaj5QM5Xg}u&e#YUdv!nb-f1+L(k zhd_kgX+Y&UMRC3^poFz)If@w|F z5*?el@h<6&X49qu&aoQ+RA8A_#R@63QB46mMae|TJ0@a$NDmQ9J+Gs0tmPGiB*mPH z84F1Ru*CIbN&Xy!jP8ZYuorY{S$J+>Qzn*m@fN!73BC^w;ETkNCwO%TU-<zB`Z{Cq3|~p# z2AU}IOewzY7{l$GrKdO92Dx3ZA&%f~F6R>yJf>V+FXNUP=0Wt=EpE;6?m^dq!Cfa_ z`7w6e?sKcPUw^T~fWTyKmd&$zyK;`AUWl=Rg90Oj53sezM#-vT3c%%*A1kSSpoScp z9rL^dyt*t%R)ReQMv`jG*6ZClK-K5HH8+i!cSL{mO0{#bL_l382!ZM>GPBdMQkS5U z%5o10(uBFJT)##pZ@p*JJP?4sFa0d9f4sk2AC9Agt`iF~Q_A}0u%OjV+YxSM#585o z##!c!JIuueoPNQzE${8!NCZJm6O7}9&l&vTd4gc?pD=p>V{)%NP!j}qI>rXK!-(a7 zhDu$|IOrp|?Ok(zeT6g2ANMsJ?WJS(%$%!oR8wV^sNp$n%_;=5W_CZ=`=zhGVA@(+ z2_W$XIcMQ*?@BgAGE=j~Hh7geQMJCcR+(0t@~W24bd~wuDUf=Gcjye$7kia1>0~qA zSoU+{CT%Ksd_KjJTHSUGLzV)B1E)QdY1m!hU_ohNdpae2YA;wRMqr%GnnE-YIZk=( z{FqVM08}KINz#2JOyorL2HRi*f`mTONxyMe9MLR0v1{x7-r%wYjge4}z;pMQN|9 z5UrnyLrFycDRN0ELnEH2ehFOc!m_37IY|Jt#>%}2ESzSc#HP-pXT-T((8kCGHM{_A z9iJvfvqdN)6nrc2P6uwn!Fa$i+06Lu2&4oq4(e?X_~j*h&4Bsd`a}xE%oSsVFRVC1 zq2T^BWXAAT&aOSmmG6E8yLi$Q>N%@QK4@YdWY8T&JDE$PaM~U)^YV2)TM}#cGNFy9 z_WV7ts5^ zRS$tsSrV>GV}e3%=D_DwJx@kX<;4(n+J;MOP8UjQ{my@K;ORZdl25YalPsCEFIAQ# zk*XZ~Y`#mmo;E#OgU|4F6Y@?PXRHTily23pQ6PE`bU7BxxO_}rMf~26`>nD}j*}{q zGvyDmPnwmCVkF*7(RToTf3BUi+CGO+ThdBXKPETM-DqX-^&~kZGnDrwR7;z`L~gfS zTt~em$S+#85#qg$rIv`1l!*s!>MkB%*vFD~H6`y^A@7;O?SJ*LroxK4uPLwW=6fWF zT6!qF*tT0I=A3Yn-DX-8&STO-swvy2^DL|tyXUge-Z{Q8c%^FNB)&PHg#yps(-oX8 zR2fcd*67+$)97|aj{+>vk8F_)`+5XM45I*YN&WDgWv#FCBS6WHQJ`eENKo>*h6S|S z0fH{c9vAi-j2OYsCyvbc0GAk)Q^-Z#7?zMDM-=j}sexywl@Rc3K?R+$Q5b#{V_VJ! z-BQ^)Z4v^{pAOQ~LF#Ys9k#3S?D0i4t?mW~X1 z9fRHTvM;m{)qm)c#L)?>$j=Q^OJbQmA1jc@pg}cK%}b1b@b;WzXpF#+^Xj8zd?BCG zPSWXWC+$3W0E%qf3SdmxT66(Sf5}QZ?A!Uf%lxA~!0(LgL97TlcSy2n#R$Rh1ZYL@ z^a~1Ra>tgZ&Xv{`d3G-kmwg(snp#e7(zB*dwmV zl^{|%knMolZde@9YssTEb<>D$U!-bn%fSYB1B0#%pMc&E4ENp%9}DfheFlfGs}>=QMJ^rz|krqXGe~>upJ*qhY_Lyv+a2ZNnFoY(rKa5CP@(_ zJWF%%OD@vHubH~W`93fs9a~5S~=Ou_2NrCb}l{Y(y zK{BL?Y=lE0pGIkaK-iV}fa)-`L%t-Ch)?bMTqtzz`dSV%V60ZI9@BF3sU)Rj2z?mo z6k)y@Bss;+eRKYdlw31B0oqW*PO;kFv`WfMFtU&(pE_Txo5Y@XiV^TGh&|0?n>B?Y zpxY~<)hJSm5s+|}se8ypEL!xdxp#_vxkV!Qi5(8fTV9s%2@&k)XQMwH!b7e2(|o5B@5- zn&M3a5uD5eie^K2!0I!3&>S&y1iRDmLdICVuS~bb*SGd%TC~+-ulYnVaxteuuqsK4 zi?*AsbEd}7Vvcm25=)mVX79|o)P^i*G3O%W4-_G_F>dD8PCIf3=ICFKQrOfXZ(13& zRqwR3kB}U6?fY1z%n=Cy9ExdhHNm^xy>G9yO0E{c%Atby_Rf*7i1%-DX2XciNux{@&;woKB|iV(Ke*i%7}y!T&0oCL5nQ`yH> zps$~=d5DFv?3M6?yQ><}&1~cqC&az^@yB=h#iX9cZ?HgmlrK;i3Kj?0n%eUqlf zp4zuHMBBv7mD$&I3_C2(!qpwpg|UyUaM>H`s+sYQv_F@2HiebZUy|2xk`Qm|pJ1&{ zuaorAwqJv|)6wdwyWe_w7a9W7X#3%LY&lC9RYOsHqtjg`?`s*dD znJA(9Rf1;-lfA+3sy2Q4D!b2p{ixO@nTXwUS(Tcwk4AMDFfHU_VF_~RZ%U|GcGmC9 z5^x@eIV!(g=13p9roT=L`9~17etyL2{&*p{gQr{B1Uft4P-#ELz(m2rD+pV!^k8~s z#eKb@*fg%D8!B$49WOmq=6|Zp|BJ57f9#^?Q^+Q}ceNeY&5A z&y4TL**}Q3+Z*Ew8zDM9R@i?lx(W2$mpt(<#Mpm??7r-wo6+~* zUtQ))8Sxv>h{ONe;6P04Tpk$t_|Hu$xF?_Xb>*BzWWUI^Q!`@FHn(Gm|4n(Jh%kn8N%=_ zuV0c^LN|)Vf<&vsSU&b3qA_Hd*DoJIm;Y$!KypcKO_c#T`%q{RI`mXH`9bW97gtjs z2Gw@J;5u{=y&B+>%ia6ep+E{bE7|>-F6q~&Fg+g)-ChgT*W$dPYv9f>8@9NX2}HFL%0^$ba`(?;jDx4r>Ui%R}-;*jsX)x9VtG*EakQcW+FQ*-)=hJt8Kk>aQ2nwRV&cwxAUE$> zE%)aBu$vWg1~>KxsX5d{rG`+XPeoHvE7zgXB9l>bBdoAzw`r-LByiQ~6v7-%9sTam z^@XB~Pyv7nawWKl6}T~mt&+ldN!ebV1!TsJOUI0Z*vG!Nt;5AS15h0{%zQ5)&{s@7 zmd$y|zj zX6~UCK@#K{(-Q{y8A0Vyx#BfYq1FJXfUk}g3xL&3EjUJ<9h+S~8ua(&l*8HF&P!9X zEsJ(9p|=$Gy5m^nZoKcOP3CLGMxngSlvfZ+6#0yV>Tm7X>rB1k6~C^QtGd(3iK5|z zYnKMNt1ezBTj+FXbcW?&luJcgD}K)_HiH7HT+DRL;^r)cTf2s+Ef#OJVAgpHcE4Dm z91h64?{1+mF_;&RrZ}||=|Gm8tLNY()Y~F9Aw{p^3-wP(h$+#_Ma9M4X($LZl`dl? zBldwu6~$<^8;L$3ut_d?HV4#C1Dj*<{ZIb5qDCT{w)Qv#d=? zSY^Jcoe>(t30!zx%WyOnSNTrS{jnV>s>v$t_UOmvIewogeQ232dW7wibM6*j= z%_JMO8d!1C*W8^_UIl8y_e{0tAnZ@@xo(dOU6ss& zu5^p_3>*e@P4;T~PMT|cuRUj+?UtTtW%;P3AHi;2$@Se{(+m<+3g#T-f?|{k^N#_B zxp6F(!82b#+76(Y3%NaY$d-oKvIi*KYht-fr&=lGf)RR8c||7`81ilBuCGq1`y5sR zb~WkGfZf@EgSgi&M@o7yaOg@Fcj=7|Rcy4cS`4R@E(tA5qWMffWl&*AMGX_ha!gz* zTAh?eHHrscXaU82V?Dd#PEMyQrBt24&k+G!H`P+$;7n^e>mdTG2mtiZmK8jpa!bIllThjRG>!E@h*68gdpyma$hvu&=DNpKSDUTH#S z0rULgpth+?t`WJB6Nq7qoBPwR|1!Q$wfOM4y-Hs|(Q2koHhQcO;Sw7+#&%Wj$pvQ*IZ z$`pO&9h2-tFNAb6u^o1dc{}%2AD}PIibip>w1kR%G~=m;2 zN5r(qvX4T#4wu`Z7%w;LsiP_uMIs*RF}apnbGuC;^+}JD=4Wt?+V%xqqy$8U&-*Iv zntRHI)6p(m zzA5jrA{At9Reb@Nt5>E4|ASO_m84~o8bp(d-!XE@>PjwMk|a z$aSIl-qND&WJOxMy1BTy`fPj?2k28_F$b}N6mwdiH)ejxHB@-WzpU53OtNP%Q2hDI z)ZBu(n=FSuF8*|WO=x3*XI%0BJ(a_8jW?KkZSV@+cYCbQ_i&8WJ!Zt=lLO}Vwx`+- zj`Y4v1sB|KYNR@(zgw%*V8Cy*kqbn9@Ror$AW)!J;k?#iOp^tsD*(lnFicHp!B&FJ zPeFTu<8uE_=ZJrBjw?`>vijr8KO|n9e~gvgQCpI79D)_yI*;64`8l8F@SnwszYQ++ zUmIE>i26XBH>DPcyJzRZ*xY{(g;ec5c1sQ$iV-J3AW+T`4h}|9q3urQ^ZC!+%%77J zQ`DV4t_M$vQZ*vwIdBcPxUp|SN|dfC9oQ2V&cMN39$a@}`_koI!!z=RYlE@i_%Z|^ zVk!#Dfn8gEmDhizWvO1`ZR(YpsykfNvdJdYb@JTriCNaJK=19vHT0s%?|=6duw?)1 zH^2L;bN|1HY!$y;7u;h7X17ADAw{RNvEm6V$h+4!1D${m1+Y~) zR!p}+=973vC8f$*>I4fgD16_^d>;`S0qmmqD z_EaJbRQ7(dHxtv^Q^YR?C-?FV8@VO!dJWZ^vW4$UP&an!a)kTz=7~pc%bd2|IItzx zdt&7Z6~GVft-7J$!)pF_$gR8&v4#!~sc8%yuIBWkLtsg$4jw#B%y!VX8WLAlkJwfPe6-qfEFct+(nZ z674^5>N2}`kwDXM_}zQQCc1t$I}=_d{{yH;7R?QBqdgA`+gFv{6)Dov`Q9&ZyMzOd zb_-fN-@#HohzF`la(=zd;U_Cs2O?r$QKLcGI%1bVa1EBaVr0UNZk51GR5$hp34RaY z+8!%8W%5OW$imRdSy(2_JTNB6S6_XFYVoiB>7V`yJW)x>3cgr>5#IXWUw_>_-2Xj) z`-ad0q%N#LfTO~mq#f&1@_%l=dl!pZwVwhi1hDi-F)n<8Lr_UnHd8YX4*V3XT}e=f zBLF=

^Yv&*lI^E&$CcUbw6%XnOGZzA;u7J@oyZ(b>CQ-YGh5I-mbo6I3y61v6K! z4+n}^(o@^+u$~C+3?59+=8m*4tL_T;`&0r*5kOr@UeRJsm@tsj1-H$<-r4<}iqf7B zNJtGs?de7^%r<)+=HCh_iiD0@F)T%&$O|Ol9KH4FUVWqx7H*e`N=fa4N_1Kcq`RB^ ziuwhn1-Mm>Hs3TB!u{3AhF5sISQ`Z`$<8JMI=rG_8ZqYs`nH?+_6LMO#z=CyX)qrQ z#s!p5Z;Tv4Ay6OA-x2&5+j&*b=_yp;3+&zcSP7n_HT$wg=$N^s7tXK>2oNhO3c6qr zC4p1Q7-psHjOH`J6e{{4h>cWq!YVh2R9RF1vyVSv$`UC}=xhdsmhYL1{Nw)_3*F2a zxqkK5M?Pv|*+0X&vpZo6dAlsyMDBY`$SW-k)NippJJ9P;OA_4LMiAnd2chU^k8zQ6 zMoS+!W?8YiwlW&Iu*Yo5t;nWbAYs{9W}SAX+==aW&WKbc!z!m!@OTIvCYK&$oq(G6 z6K)h$OT1DX+%pEU1PiOfLVqwOgej2jghamO(-hkPg>D=MpL0V?=iuw{n z+FD^iu_n)O9YR75k7w8+RF`cGdfA+A{v>y8_e?Ea-&vmwLkZ$5#3wb_^UK(`uw%6w z%$wmjj_fYU3O2Oru&-BUAJFgM8tz#POS|n_q@O^f`1X~%93=h;CSLS)K|F^~$sKbP z$jTqS0=|8D&_oo2xIYYGWJ~A}$H<4=E_jITj&*7{HnkSi?TkIQ3-Gi*42A*msS7>G zv2wO1Mh*c28CrlgZGH#$0>?lkOvi1jUhmlQxklWur+dz8tT16|os}pCBM7!1AOhbH ziP!a&I3@3-vH!e+`q6-bmy+ps(!ei|wgc60%vL936sk3IusHLyTvuR zf=r?ax}DHHM2OoVy<`Ky{?4m(eN4AQQnfbdfWy0?K|6p?Ae&5G(SnseaR#-}p@z*m zTrsz`1yeInU=%$`o7UUl3j*8D=$Pw3zp3r$RKMPGDnPHck)ySIaN7Ty)RZedCg(msO8U&n zSxGm82Cu=z@#lu$)5?W|Tag`e#@KnR@~o%iVJ2xdGBAJ!P0^A`3iN8m+rjOhn+D5?nsI}<*cl;#IzT?rbilZw$*^r*UFJw#r~$MwM)9CZ z;Xj#@nSF0ivJAntJ}YZ%eSYY%wNULnNDcSSN(3p)l6ZL~W$txtB&a1(TQ-4}9_3iY z&H9YgWQk5V_ZH~UecjGk)c4A%t0jtR?A=i>#Ev%tL$lEwIZOpRaLe*}(oQez)zPyq zL$rp!rS(87P57==j+RbjV|=JRKF~<2+A))Osb4nO3=9U#3 zp>f69wChC!U3iWs_s}B*rGAHwhQ*Ugv`;Dzpi|G&9qdDoyzm^ z__@n4yGLcHC08>)mjUwakv)`F+o$kYT5VTT%rd&M+)?T< z7WkOnw1BJaxUNjA?P#t|t1Z{nX|?6KKCQNVVFTMfhcKFWFHtg#LTd zm94fG44=o;-l$1MB~AXUvB^*^O6XJ6(|3fzY-(twNCNLgNg7_Fn`#IM zemB`_&K^2H$+zhoFPA6#pLg?vcQ)e0V+{KOe$8;5^4c_1l=~==X$)LY8)ZSRhFaoTO!aqs*Tw%oe`5 zJ*bifb&5t5Sl^HZ?sQlAaOc`*V%Z%7E&!wLx=WZYXtYk3t(G|MkyvtwalqqzTS4_Ujs<;T`^*7pZi!& z3DjqSQyI)<*&D{CvpS8M3;Qb*_vD@`J?wDq!Gf0jp6lTO0#q!&8-(u!v!(7tt=nJk z^wsE}|MHI~|2~HQ{QAYey!e~{;~!tVI63+0&u_oIy?*r<{^D;xiDq$! zfBo&`C-&+unVr0N@h|^#;6z*8GZ$tg)d;urCHM#q>du3EzjGb$^H{4W*KaO1l(-)0 z;O-_Q`Q?2XGSYB!&M(MBGhlw0Yh|ED7eCsf%ykb-YPP4~Os4v|>2W`6pD|Y(;mKj_ zksZbm?oZxgIqk_??8#f~$y@A6E4ZyaX$7G@d5b-Hi*0-N7bJ>2d5b-Hi~Ul)#SjrT z_>2vc=Ay&cFUem_+ubeLc~Qtlm|J1QdVI91PIYB`jWAq-E7K(4COTSS3QW zyY5#elY6(>sUdR+tl$IJjOe*+s*))7AD#nsE4xj{NxgFN2TYdWphjz+Q~D>&co-34 zA8U?T)NfcJMR`o;e_LoklI8h>c7K!WHsq z`iCa6Dt*<$-+yIA;{uOgwx&@-K1MrMWm$cDV{9MdH@_uw*(g0ui+p_zzvb?pD5LX^ zAr+(AkgvZY3oaUy8{40VU%&h9fYXyNcA$XZTKiKYE&$&r|*l9#(t zhEh9Ff&QZ6(=%T@Vqxaq8T{PH$&z>u>Coq5HDH)Xga(A`E=U)%~82>tY8+vil_(eI^C3;y_39`ob~#b#U^bwHqC zf9+G_5++GS7ENV%T}1%B_aC@By<0kroG4A~5EKjZVD(`z(Vc{Gm@rUV0G#DnO%)A0 zP{_rC_T&*lD-s0{E4(@EU9V^rSDHBR?2Dp?2`W0Rw}a|BLvKVr2&~S>$c*1Jv5K3H zr~if)cT9B4sNZW3yK*V$!j);RmAvN`eObBEw?1`>3(TJEGpZwpw=b|7eYpCewy%BY zltw#=;`asfOsVa2-!2Wo7p7;@#Gjx!uxM7dl&>evmKa&jS4^Z zkuK_r>G9p~LFMO;^_iNKXYXH~U%q`cUTh;7pIa%yRzY;!iKT4F1I0{^8D$D@dHs^S z61q|D`%S}GQg@IFVF>w`k5IaB?^?%d(sgfSQ98b$vx6Z5bQbg>a4_+w{$yvn9)e%Z z<-^FxQKQ+2_e(}S(70nu@Ph1whqJDnF;koste&5_uMPx6*IP?sHWKvO@Vn)E-hXrX zz3$VdCA|FFT)%|PSV+N*R0k`f? z%1*OSI4IpzYRC@SA=~5ye(9$!$x%>~;WYUZApfIE%?BxnohKeY8hraCaP+V3i5MDG zqs?~+3}9j%r;V92VR(T?0q5A8l5ui1MQN_=F;>cZrW7xkCRubm)#mW(6K_kd(J#l* zA>YMesLFabw}!`aXm~VNhFzT)K9&2zpewOgkG`A9zF#%s(3X~qPDRXM9ZKs`gkJ_- ziZGwgf^6@pzyNV$>r>C*?W(`f1+CcCcl+uvTsLh!#*O-=gwsy#1F`RQ`wzexld+kyeqZ_XHMh;ox-D)3eYVJR%aWJXfZR z>ljRh62d8YBWK)~2DAu#VcWn5CysqesF!~POG>}=0&7hooY6-GvK={>~vGV?p182_!GbJoPxgqZX6`w z8P!@Aoc2{@2{Aa44Iw445BskU7|{HMA#b~Z`|&&M-sq|CoNzl_c-ZW{7{sf-bTUIQ zJNCG`=77b{fFF$XKC0R6H^QTb^Pwnj2W;>=&UH8|kRIabrhdn>Z+#xPo$YUQt+!v6 z?#!5wElMNb)%JSA-<-`K2v05Rrb6f90O&ym`5{(W9Dfh#I0;8R6n3W(uEWEQJ;H;` zYvo(lU8b!3I8n!kiZbrjA+#cpTjJ4Izx(ZPd#*07piUfz;#y{&260lwfXT;@V6R0$ z|1Hz2=s#}g@zFw!b3=>sJlcEhrh{A=AT7z&BcvrcdNPt@ryx0Q;*le#8+nW*BS%Xu zlHn;ZFpWrNdXW48zN}Orhe`l4AeJL9*~jpJm&Zu#@k!Eoe7YnaM@!xD7zsO$oTg(~ za*iR9VR=zu!w<+2lWy#pYU5xDHV%*rM*q(Eeo9eKP9)!i~C*Vd|MT3o1sI27=YM zoL;Xmr!5KJQ3yD^{aVnJ4YS*8*WeP*Oc+^krKED^xO5rlwZ&(1!xT!+ z=yTJ3W^b5rSOQpPB%uOBcr-oCKN0@}Q*%MBh6;cCSJ-tC{?U&A z4e2SaSJQBzGm6jEr#;Eb;0wt8qP*L0A^i?2an`%t62o{K$d5E~v;@~WWMSC87n&J+drT@S?z-R3l;G?Og}GH!XnQ64nH~cg zH!##Fj1|E0DDWWUx?)r_vY>aC15imyl14iRF-%isIVVUy#kHRr8Vmb%VT4SSe9(Z% zl2nqG{S7J?eq@s~+vC}v@PwXi-N!@V<41R9EbE7+^dWu@ z*|_*`BY!sSKqEKOp%9UrgSniQF&meVTJY)gc)PNBMV-Sj(R8{6+v~DNB{(AQoCHRw;RUJIoT1IN)BQ~*XV(dNjJ<(#clH}EkdMhb zY23Z+o^Xwd)F`sU9ew+z^MdlGp0`oB}!Hm7c1-&Z-F9e; zM;wddWPoUwvN`!Ba}MRCn4Kf|0)835kJ==T;dE(lo)!isK@G7L|cZ8j( z&s?175G67WLBZ=eQ#TDa-Eqme(Dl}wD6ZoOM8gmOOAGaTrZ5Bw%az!lz8?Rk8y4t4 z>A;4uK;O#XM$;aLs{Ux8^LxrG&_b+#TgswYFp&iN+o9Z#v`+=)iQP^VfntlEi*-z9z8a6w;qNhFHn0 z8geo99?rf41(Ucqf0EH#?MX&oZ%<6(%1}>CBD5zN{YgfDlF^^Y?-Tj$8~I5_|6*uw zj*Jeh^Lb43S zL0~VbJP|_7r-HPfl=MK*U<^x98eRq!Cj*T@!j;R$A{-Z zv_QS$z>!3O9mIf4hOD3c&t?6GvHiQS{Ex-%KN73I8=L=WSo}; z3AwZzxPdMXY!|zb!YEm-WK2il21&b%5CaDIxh8PVaYiaw(YkbFcB-dDraf=#24C)D zV2o;549E{XMqc)mP)*p!S}~36Z;yBY46Y@GF0Gn|%zFu-Pwi%QTkZCAkKOuk%L8qw zX;u)Rd(+=qfGbv5SxQa-YNhLDQ^23)ISf;nd1oX=wRS~E;=S@9uS<;8+t{RZ<1^|-IJ2lm0T`1au?lc7rW9d+PUy8YKAoyuxOO!ZUAxECcHsR zU7z1pVJwGKUHB=c84)lPI+=!In5ceJGW*T^ON@X!CFd1WW&x4X3QIu5MfsjL9sfRN zyP_JS7-0doJTphc`e!~;+VIG2+P9o9|8~mc@+%}e*JwZOt&F$FC)@SN4!PyM-s@|@ zwC*VA-CFdY+DUKRr@pKQm`OlOrhBc;0jZyB1d<7`+_vK0m3XT8EfX#c#=hA;zFX^Y z6~V^~W@t$b9na!BzT$lU>d6Czw5?=9?M>L!Qj9_6$ejdmO8As~*fh$AF4@8%Q?(>t z{|4n0JJ}CoM6PipDL?&Xybd4O zn9qgz-ETW_r7LZ%VpL}$$a{D-Eyi|m)ZN4`Y?;kXizNt?**5foi#JTn%={(!de_;R z4!wN)23p1>PZ2>T%u)u$x-(1eKhf^=4eJDZ<7*oj75`{U(wrR=Ky1oqYvr;#w%mXS zTSniO5_duCm3M1u`Qu#}srQlMc^QO?C833hsmK{=M9EaOv^$NLbm>5%w`eC2D{7|f zd1mF9xIB{;Gc0r-N*sjOwm^6@W3LX#KME;EhN%S?z_$PsnaK@q=>5dZ8CRsD6IN-m zpr&vcpFyOP>ct^B$VLq1s8<)C^w7WZjZEY*IAdh2%0o&Chuvjh1m^VK=WWxLJOwR; zy&?|>j?L6>v@T4oJV(N?@}t`P?gm6!eWSf4{i5>vv_}A#f7tpJaw{)E&452(zNPe+ rW)g%A-?6)5$$$O#Km3oU_SBx*Q+sNENA3Ry00960%qRUE05&}U&o*+^ literal 0 HcmV?d00001 diff --git a/charts/k8s-monitoring-v1/docs/examples/alloy-autoscaling-and-storage/output.yaml b/charts/k8s-monitoring-v1/docs/examples/alloy-autoscaling-and-storage/output.yaml index debbc9de7..7b85c9e6e 100644 --- a/charts/k8s-monitoring-v1/docs/examples/alloy-autoscaling-and-storage/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/alloy-autoscaling-and-storage/output.yaml @@ -1229,8 +1229,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11267,8 +11267,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19690,7 +19690,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19743,20 +19748,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19809,30 +19822,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19856,18 +19882,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19980,8 +20005,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20876,6 +20901,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21187,8 +21213,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21908,6 +21934,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22361,8 +22388,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27086,7 +27113,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27110,6 +27136,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27122,7 +27155,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28724,6 +28756,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29213,6 +29258,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29250,8 +29307,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29620,6 +29678,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32780,7 +32848,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32833,20 +32906,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32899,30 +32980,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32946,18 +33040,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33114,8 +33207,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38633,6 +38726,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38645,7 +38745,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41185,6 +41284,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41674,6 +41786,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41711,8 +41835,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42081,6 +42206,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45762,7 +45897,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45815,20 +45955,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45881,30 +46029,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45928,18 +46089,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46096,8 +46256,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46256,8 +46416,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46356,137 +46516,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46524,9 +46557,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46581,35 +46614,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46618,18 +46663,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46954,17 +46991,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47010,46 +47044,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47210,48 +47225,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47287,13 +47337,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47302,10 +47433,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47630,12 +47769,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47681,11 +47825,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47846,69 +48025,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47945,109 +48102,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48386,6 +48447,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48432,7 +48496,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48597,21 +48661,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48648,7 +48761,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48707,13 +48820,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48742,9 +48850,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48756,7 +48874,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49082,12 +49200,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49134,20 +49247,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49310,58 +49414,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49386,10 +49553,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49398,18 +49568,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49451,46 +50969,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49651,30 +51138,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49711,7 +51291,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49784,7 +51366,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50109,6 +51691,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50154,15 +51739,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50324,117 +51913,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50472,8 +51973,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50545,8 +52047,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50871,9 +52373,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50919,19 +52418,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51092,30 +52585,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51151,71 +52640,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51226,9 +52660,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51553,292 +52985,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55993,6 +57139,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56032,16 +57179,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56073,9 +57223,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56083,6 +57237,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56264,6 +57419,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56271,6 +57427,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57555,8 +58712,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57771,8 +58929,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58584,6 +59742,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59000,8 +60159,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66834,7 +67993,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66887,20 +68051,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66953,30 +68125,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67000,18 +68185,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68774,34 +69958,34 @@ spec: whenScaled: Delete --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/application-observability/output.yaml b/charts/k8s-monitoring-v1/docs/examples/application-observability/output.yaml index 6878702ee..f4cb2ad26 100644 --- a/charts/k8s-monitoring-v1/docs/examples/application-observability/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/application-observability/output.yaml @@ -2279,8 +2279,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -12317,8 +12317,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20740,7 +20740,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -20793,20 +20798,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -20859,30 +20872,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -20906,18 +20932,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -21030,8 +21055,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21926,6 +21951,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -22237,8 +22263,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22958,6 +22984,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -23411,8 +23438,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -28136,7 +28163,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -28160,6 +28186,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -28172,7 +28205,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -29774,6 +29806,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -30263,6 +30308,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -30300,8 +30357,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -30670,6 +30728,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -33830,7 +33898,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33883,20 +33956,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33949,30 +34030,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33996,18 +34090,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -34164,8 +34257,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -39683,6 +39776,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -39695,7 +39795,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -42235,6 +42334,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -42724,6 +42836,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -42761,8 +42885,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -43131,6 +43256,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -46812,7 +46947,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46865,20 +47005,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46931,30 +47079,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46978,18 +47139,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -47146,8 +47306,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -47306,8 +47466,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -47406,137 +47566,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47574,9 +47607,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -47631,35 +47664,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47668,18 +47713,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -48004,17 +48041,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -48060,46 +48094,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -48260,48 +48275,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48337,13 +48387,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48352,10 +48483,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -48680,12 +48819,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -48731,11 +48875,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -48896,69 +49075,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48995,109 +49152,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49436,6 +49497,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -49482,7 +49546,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -49647,21 +49711,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49698,7 +49811,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -49757,13 +49870,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49792,9 +49900,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49806,7 +49924,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -50132,12 +50250,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -50184,20 +50297,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50360,58 +50464,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -50436,10 +50603,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -50448,18 +50618,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -50501,46 +52019,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50701,30 +52188,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50761,7 +52341,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -50834,7 +52416,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -51159,6 +52741,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -51204,15 +52789,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -51374,117 +52963,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51522,8 +53023,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -51595,8 +53097,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -51921,9 +53423,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51969,19 +53468,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -52142,30 +53635,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -52201,71 +53690,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -52276,9 +53710,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -52603,292 +54035,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -57043,6 +58189,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -57082,16 +58229,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -57123,9 +58273,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -57133,6 +58287,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -57314,6 +58469,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -57321,6 +58477,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -58605,8 +59762,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -58821,8 +59979,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -59634,6 +60792,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -60050,8 +61209,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -67884,7 +69043,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67937,20 +69101,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -68003,30 +69175,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -68050,18 +69235,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -69997,34 +71181,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/azure-aks/output.yaml b/charts/k8s-monitoring-v1/docs/examples/azure-aks/output.yaml index ce1c8c265..fb1c2f685 100644 --- a/charts/k8s-monitoring-v1/docs/examples/azure-aks/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/azure-aks/output.yaml @@ -1229,8 +1229,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11267,8 +11267,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19690,7 +19690,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19743,20 +19748,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19809,30 +19822,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19856,18 +19882,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19980,8 +20005,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20876,6 +20901,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21187,8 +21213,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21908,6 +21934,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22361,8 +22388,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27086,7 +27113,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27110,6 +27136,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27122,7 +27155,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28724,6 +28756,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29213,6 +29258,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29250,8 +29307,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29620,6 +29678,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32780,7 +32848,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32833,20 +32906,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32899,30 +32980,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32946,18 +33040,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33114,8 +33207,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38633,6 +38726,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38645,7 +38745,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41185,6 +41284,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41674,6 +41786,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41711,8 +41835,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42081,6 +42206,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45762,7 +45897,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45815,20 +45955,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45881,30 +46029,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45928,18 +46089,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46096,8 +46256,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46256,8 +46416,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46356,137 +46516,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46524,9 +46557,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46581,35 +46614,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46618,18 +46663,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46954,17 +46991,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47010,46 +47044,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47210,48 +47225,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47287,13 +47337,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47302,10 +47433,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47630,12 +47769,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47681,11 +47825,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47846,69 +48025,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47945,109 +48102,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48386,6 +48447,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48432,7 +48496,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48597,21 +48661,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48648,7 +48761,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48707,13 +48820,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48742,9 +48850,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48756,7 +48874,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49082,12 +49200,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49134,20 +49247,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49310,58 +49414,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49386,10 +49553,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49398,18 +49568,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49451,46 +50969,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49651,30 +51138,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49711,7 +51291,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49784,7 +51366,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50109,6 +51691,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50154,15 +51739,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50324,117 +51913,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50472,8 +51973,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50545,8 +52047,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50871,9 +52373,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50919,19 +52418,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51092,30 +52585,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51151,71 +52640,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51226,9 +52660,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51553,292 +52985,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55993,6 +57139,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56032,16 +57179,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56073,9 +57223,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56083,6 +57237,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56264,6 +57419,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56271,6 +57427,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57555,8 +58712,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57771,8 +58929,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58584,6 +59742,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59000,8 +60159,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66834,7 +67993,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66887,20 +68051,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66953,30 +68125,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67000,18 +68185,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68718,34 +69902,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/bearer-token-auth/output.yaml b/charts/k8s-monitoring-v1/docs/examples/bearer-token-auth/output.yaml index 57e99df3c..ca3522e66 100644 --- a/charts/k8s-monitoring-v1/docs/examples/bearer-token-auth/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/bearer-token-auth/output.yaml @@ -1225,8 +1225,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11263,8 +11263,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19686,7 +19686,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19739,20 +19744,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19805,30 +19818,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19852,18 +19878,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19976,8 +20001,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20872,6 +20897,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21183,8 +21209,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21904,6 +21930,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22357,8 +22384,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27082,7 +27109,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27106,6 +27132,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27118,7 +27151,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28720,6 +28752,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29209,6 +29254,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29246,8 +29303,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29616,6 +29674,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32776,7 +32844,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32829,20 +32902,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32895,30 +32976,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32942,18 +33036,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33110,8 +33203,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38629,6 +38722,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38641,7 +38741,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41181,6 +41280,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41670,6 +41782,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41707,8 +41831,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42077,6 +42202,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45758,7 +45893,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45811,20 +45951,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45877,30 +46025,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45924,18 +46085,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46092,8 +46252,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46252,8 +46412,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46352,137 +46512,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46520,9 +46553,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46577,35 +46610,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46614,18 +46659,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46950,17 +46987,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47006,46 +47040,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47206,48 +47221,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47283,13 +47333,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47298,10 +47429,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47626,12 +47765,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47677,11 +47821,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47842,69 +48021,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47941,109 +48098,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48382,6 +48443,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48428,7 +48492,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48593,21 +48657,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48644,7 +48757,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48703,13 +48816,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48738,9 +48846,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48752,7 +48870,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49078,12 +49196,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49130,20 +49243,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49306,58 +49410,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49382,10 +49549,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49394,18 +49564,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49447,46 +50965,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49647,30 +51134,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49707,7 +51287,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49780,7 +51362,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50105,6 +51687,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50150,15 +51735,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50320,117 +51909,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50468,8 +51969,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50541,8 +52043,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50867,9 +52369,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50915,19 +52414,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51088,30 +52581,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51147,71 +52636,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51222,9 +52656,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51549,292 +52981,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55989,6 +57135,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56028,16 +57175,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56069,9 +57219,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56079,6 +57233,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56260,6 +57415,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56267,6 +57423,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57551,8 +58708,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57767,8 +58925,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58580,6 +59738,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58996,8 +60155,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66830,7 +67989,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66883,20 +68047,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66949,30 +68121,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66996,18 +68181,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68706,34 +69890,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/beyla/output.yaml b/charts/k8s-monitoring-v1/docs/examples/beyla/output.yaml index 160cd02d1..c0f89f0a7 100644 --- a/charts/k8s-monitoring-v1/docs/examples/beyla/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/beyla/output.yaml @@ -1413,8 +1413,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11451,8 +11451,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19874,7 +19874,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19927,20 +19932,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19993,30 +20006,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -20040,18 +20066,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20164,8 +20189,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21060,6 +21085,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21371,8 +21397,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22092,6 +22118,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22545,8 +22572,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27270,7 +27297,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27294,6 +27320,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27306,7 +27339,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28908,6 +28940,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29397,6 +29442,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29434,8 +29491,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29804,6 +29862,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32964,7 +33032,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33017,20 +33090,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33083,30 +33164,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33130,18 +33224,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33298,8 +33391,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38817,6 +38910,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38829,7 +38929,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41369,6 +41468,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41858,6 +41970,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41895,8 +42019,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42265,6 +42390,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45946,7 +46081,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45999,20 +46139,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46065,30 +46213,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46112,18 +46273,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46280,8 +46440,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46440,8 +46600,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46540,137 +46700,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46708,9 +46741,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46765,35 +46798,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46802,18 +46847,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47138,17 +47175,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47194,46 +47228,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47394,48 +47409,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47471,13 +47521,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47486,10 +47617,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47814,12 +47953,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47865,11 +48009,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -48030,69 +48209,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48129,109 +48286,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48570,6 +48631,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48616,7 +48680,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48781,21 +48845,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48832,7 +48945,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48891,13 +49004,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48926,9 +49034,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48940,7 +49058,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49266,12 +49384,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49318,20 +49431,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49494,58 +49598,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49570,10 +49737,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49582,18 +49752,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49635,46 +51153,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49835,30 +51322,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49895,7 +51475,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49968,7 +51550,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50293,6 +51875,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50338,15 +51923,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50508,117 +52097,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50656,8 +52157,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50729,8 +52231,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -51055,9 +52557,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51103,19 +52602,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51276,30 +52769,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51335,71 +52824,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51410,9 +52844,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51737,292 +53169,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56177,6 +57323,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56216,16 +57363,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56257,9 +57407,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56267,6 +57421,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56448,6 +57603,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56455,6 +57611,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57739,8 +58896,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57955,8 +59113,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58768,6 +59926,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59184,8 +60343,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -67018,7 +68177,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67071,20 +68235,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67137,30 +68309,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67184,18 +68369,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68997,34 +70181,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/control-plane-metrics/output.yaml b/charts/k8s-monitoring-v1/docs/examples/control-plane-metrics/output.yaml index 46f6e7f5e..2a56f776a 100644 --- a/charts/k8s-monitoring-v1/docs/examples/control-plane-metrics/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/control-plane-metrics/output.yaml @@ -1386,8 +1386,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11424,8 +11424,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19847,7 +19847,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19900,20 +19905,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19966,30 +19979,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -20013,18 +20039,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20137,8 +20162,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21033,6 +21058,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21344,8 +21370,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22065,6 +22091,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22518,8 +22545,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27243,7 +27270,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27267,6 +27293,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27279,7 +27312,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28881,6 +28913,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29370,6 +29415,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29407,8 +29464,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29777,6 +29835,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32937,7 +33005,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32990,20 +33063,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33056,30 +33137,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33103,18 +33197,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33271,8 +33364,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38790,6 +38883,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38802,7 +38902,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41342,6 +41441,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41831,6 +41943,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41868,8 +41992,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42238,6 +42363,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45919,7 +46054,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45972,20 +46112,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46038,30 +46186,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46085,18 +46246,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46253,8 +46413,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46413,8 +46573,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46513,137 +46673,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46681,9 +46714,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46738,35 +46771,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46775,18 +46820,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47111,17 +47148,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47167,46 +47201,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47367,48 +47382,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47444,13 +47494,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47459,10 +47590,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47787,12 +47926,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47838,11 +47982,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -48003,69 +48182,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48102,109 +48259,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48543,6 +48604,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48589,7 +48653,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48754,21 +48818,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48805,7 +48918,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48864,13 +48977,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48899,9 +49007,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48913,7 +49031,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49239,12 +49357,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49291,20 +49404,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49467,58 +49571,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49543,10 +49710,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49555,18 +49725,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49608,46 +51126,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49808,30 +51295,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49868,7 +51448,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49941,7 +51523,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50266,6 +51848,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50311,15 +51896,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50481,117 +52070,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50629,8 +52130,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50702,8 +52204,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -51028,9 +52530,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51076,19 +52575,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51249,30 +52742,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51308,71 +52797,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51383,9 +52817,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51710,292 +53142,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56150,6 +57296,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56189,16 +57336,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56230,9 +57380,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56240,6 +57394,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56421,6 +57576,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56428,6 +57584,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57712,8 +58869,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57928,8 +59086,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58741,6 +59899,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59157,8 +60316,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66991,7 +68150,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67044,20 +68208,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67110,30 +68282,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67157,18 +68342,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68867,34 +70051,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/custom-config/output.yaml b/charts/k8s-monitoring-v1/docs/examples/custom-config/output.yaml index 5f584d5d4..7bd3826bb 100644 --- a/charts/k8s-monitoring-v1/docs/examples/custom-config/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/custom-config/output.yaml @@ -2292,8 +2292,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -12330,8 +12330,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20753,7 +20753,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -20806,20 +20811,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -20872,30 +20885,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -20919,18 +20945,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -21043,8 +21068,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21939,6 +21964,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -22250,8 +22276,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22971,6 +22997,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -23424,8 +23451,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -28149,7 +28176,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -28173,6 +28199,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -28185,7 +28218,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -29787,6 +29819,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -30276,6 +30321,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -30313,8 +30370,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -30683,6 +30741,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -33843,7 +33911,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33896,20 +33969,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33962,30 +34043,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -34009,18 +34103,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -34177,8 +34270,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -39696,6 +39789,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -39708,7 +39808,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -42248,6 +42347,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -42737,6 +42849,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -42774,8 +42898,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -43144,6 +43269,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -46825,7 +46960,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46878,20 +47018,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46944,30 +47092,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46991,18 +47152,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -47159,8 +47319,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -47319,8 +47479,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -47419,137 +47579,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47587,9 +47620,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -47644,35 +47677,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47681,18 +47726,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -48017,17 +48054,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -48073,46 +48107,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -48273,48 +48288,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48350,13 +48400,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48365,10 +48496,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -48693,12 +48832,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -48744,11 +48888,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -48909,69 +49088,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -49008,109 +49165,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49449,6 +49510,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -49495,7 +49559,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -49660,21 +49724,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49711,7 +49824,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -49770,13 +49883,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49805,9 +49913,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49819,7 +49937,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -50145,12 +50263,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -50197,20 +50310,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50373,58 +50477,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -50449,10 +50616,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -50461,18 +50631,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -50514,46 +52032,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50714,30 +52201,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50774,7 +52354,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -50847,7 +52429,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -51172,6 +52754,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -51217,15 +52802,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -51387,117 +52976,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51535,8 +53036,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -51608,8 +53110,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -51934,9 +53436,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51982,19 +53481,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -52155,30 +53648,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -52214,71 +53703,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -52289,9 +53723,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -52616,292 +54048,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -57056,6 +58202,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -57095,16 +58242,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -57136,9 +58286,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -57146,6 +58300,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -57327,6 +58482,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -57334,6 +58490,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -58618,8 +59775,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -58834,8 +59992,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -59647,6 +60805,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -60063,8 +61222,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -67897,7 +69056,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67950,20 +69114,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -68016,30 +69188,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -68063,18 +69248,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -70010,34 +71194,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/custom-metrics-tuning/output.yaml b/charts/k8s-monitoring-v1/docs/examples/custom-metrics-tuning/output.yaml index fe2ccb3a7..ff255fd04 100644 --- a/charts/k8s-monitoring-v1/docs/examples/custom-metrics-tuning/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/custom-metrics-tuning/output.yaml @@ -869,8 +869,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -10907,8 +10907,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19330,7 +19330,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19383,20 +19388,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19449,30 +19462,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19496,18 +19522,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19620,8 +19645,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20516,6 +20541,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -20827,8 +20853,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21548,6 +21574,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22001,8 +22028,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -26726,7 +26753,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -26750,6 +26776,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -26762,7 +26795,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28364,6 +28396,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -28853,6 +28898,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -28890,8 +28947,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29260,6 +29318,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32420,7 +32488,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32473,20 +32546,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32539,30 +32620,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32586,18 +32680,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -32754,8 +32847,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38273,6 +38366,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38285,7 +38385,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -40825,6 +40924,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41314,6 +41426,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41351,8 +41475,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -41721,6 +41846,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45402,7 +45537,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45455,20 +45595,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45521,30 +45669,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45568,18 +45729,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -45736,8 +45896,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -45896,8 +46056,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -45996,137 +46156,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46164,9 +46197,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46221,35 +46254,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46258,18 +46303,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46594,17 +46631,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46650,46 +46684,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -46850,48 +46865,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46927,13 +46977,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46942,10 +47073,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47270,12 +47409,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47321,11 +47465,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47486,69 +47665,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47585,109 +47742,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48026,6 +48087,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48072,7 +48136,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48237,21 +48301,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48288,7 +48401,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48347,13 +48460,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48382,9 +48490,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48396,7 +48514,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -48722,12 +48840,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -48774,20 +48887,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -48950,58 +49054,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49026,10 +49193,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49038,18 +49208,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49091,46 +50609,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49291,30 +50778,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49351,7 +50931,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49424,7 +51006,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -49749,6 +51331,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -49794,15 +51379,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -49964,117 +51553,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50112,8 +51613,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50185,8 +51687,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50511,9 +52013,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50559,19 +52058,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50732,30 +52225,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50791,71 +52280,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -50866,9 +52300,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51193,292 +52625,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55633,6 +56779,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -55672,16 +56819,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -55713,9 +56863,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -55723,6 +56877,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -55904,6 +57059,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -55911,6 +57067,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57195,8 +58352,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57411,8 +58569,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58224,6 +59382,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58640,8 +59799,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66474,7 +67633,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66527,20 +67691,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66593,30 +67765,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66640,18 +67825,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -67877,34 +69061,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/custom-pricing/output.yaml b/charts/k8s-monitoring-v1/docs/examples/custom-pricing/output.yaml index 3ef522c90..62013774a 100644 --- a/charts/k8s-monitoring-v1/docs/examples/custom-pricing/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/custom-pricing/output.yaml @@ -1251,8 +1251,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11289,8 +11289,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19712,7 +19712,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19765,20 +19770,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19831,30 +19844,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19878,18 +19904,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20002,8 +20027,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20898,6 +20923,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21209,8 +21235,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21930,6 +21956,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22383,8 +22410,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27108,7 +27135,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27132,6 +27158,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27144,7 +27177,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28746,6 +28778,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29235,6 +29280,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29272,8 +29329,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29642,6 +29700,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32802,7 +32870,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32855,20 +32928,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32921,30 +33002,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32968,18 +33062,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33136,8 +33229,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38655,6 +38748,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38667,7 +38767,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41207,6 +41306,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41696,6 +41808,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41733,8 +41857,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42103,6 +42228,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45784,7 +45919,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45837,20 +45977,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45903,30 +46051,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45950,18 +46111,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46118,8 +46278,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46278,8 +46438,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46378,137 +46538,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46546,9 +46579,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46603,35 +46636,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46640,18 +46685,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46976,17 +47013,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47032,46 +47066,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47232,48 +47247,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47309,13 +47359,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47324,10 +47455,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47652,12 +47791,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47703,11 +47847,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47868,69 +48047,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47967,109 +48124,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48408,6 +48469,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48454,7 +48518,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48619,21 +48683,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48670,7 +48783,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48729,13 +48842,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48764,9 +48872,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48778,7 +48896,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49104,12 +49222,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49156,20 +49269,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49332,58 +49436,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49408,10 +49575,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49420,18 +49590,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49473,46 +50991,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49673,30 +51160,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49733,7 +51313,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49806,7 +51388,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50131,6 +51713,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50176,15 +51761,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50346,117 +51935,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50494,8 +51995,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50567,8 +52069,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50893,9 +52395,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50941,19 +52440,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51114,30 +52607,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51173,71 +52662,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51248,9 +52682,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51575,292 +53007,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56015,6 +57161,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56054,16 +57201,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56095,9 +57245,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56105,6 +57259,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56286,6 +57441,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56293,6 +57449,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57577,8 +58734,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57793,8 +58951,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58606,6 +59764,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59022,8 +60181,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66856,7 +68015,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66909,20 +68073,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66975,30 +68147,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67022,18 +68207,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68743,34 +69927,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/custom-prometheus-operator-rules/output.yaml b/charts/k8s-monitoring-v1/docs/examples/custom-prometheus-operator-rules/output.yaml index 4ad52bcab..639c498f4 100644 --- a/charts/k8s-monitoring-v1/docs/examples/custom-prometheus-operator-rules/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/custom-prometheus-operator-rules/output.yaml @@ -956,8 +956,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -10994,8 +10994,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19417,7 +19417,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19470,20 +19475,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19536,30 +19549,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19583,18 +19609,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19707,8 +19732,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20603,6 +20628,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -20914,8 +20940,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21635,6 +21661,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22088,8 +22115,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -26813,7 +26840,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -26837,6 +26863,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -26849,7 +26882,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28451,6 +28483,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -28940,6 +28985,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -28977,8 +29034,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29347,6 +29405,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32507,7 +32575,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32560,20 +32633,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32626,30 +32707,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32673,18 +32767,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -32841,8 +32934,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38360,6 +38453,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38372,7 +38472,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -40912,6 +41011,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41401,6 +41513,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41438,8 +41562,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -41808,6 +41933,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45489,7 +45624,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45542,20 +45682,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45608,30 +45756,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45655,18 +45816,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -45823,8 +45983,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -45983,8 +46143,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46083,137 +46243,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46251,9 +46284,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46308,35 +46341,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46345,18 +46390,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46681,17 +46718,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46737,46 +46771,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -46937,48 +46952,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47014,13 +47064,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47029,10 +47160,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47357,12 +47496,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47408,11 +47552,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47573,69 +47752,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47672,109 +47829,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48113,6 +48174,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48159,7 +48223,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48324,21 +48388,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48375,7 +48488,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48434,13 +48547,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48469,9 +48577,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48483,7 +48601,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -48809,12 +48927,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -48861,20 +48974,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49037,58 +49141,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49113,10 +49280,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49125,18 +49295,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49178,46 +50696,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49378,30 +50865,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49438,7 +51018,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49511,7 +51093,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -49836,6 +51418,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -49881,15 +51466,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50051,117 +51640,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50199,8 +51700,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50272,8 +51774,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50598,9 +52100,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50646,19 +52145,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50819,30 +52312,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50878,71 +52367,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -50953,9 +52387,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51280,292 +52712,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55720,6 +56866,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -55759,16 +56906,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -55800,9 +56950,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -55810,6 +56964,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -55991,6 +57146,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -55998,6 +57154,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57282,8 +58439,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57498,8 +58656,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58311,6 +59469,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58727,8 +59886,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66561,7 +67720,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66614,20 +67778,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66680,30 +67852,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66727,18 +67912,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -67964,34 +69148,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/default-values/output.yaml b/charts/k8s-monitoring-v1/docs/examples/default-values/output.yaml index 4b2b922d5..9499ae8c4 100644 --- a/charts/k8s-monitoring-v1/docs/examples/default-values/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/default-values/output.yaml @@ -1229,8 +1229,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11267,8 +11267,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19690,7 +19690,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19743,20 +19748,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19809,30 +19822,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19856,18 +19882,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19980,8 +20005,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20876,6 +20901,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21187,8 +21213,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21908,6 +21934,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22361,8 +22388,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27086,7 +27113,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27110,6 +27136,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27122,7 +27155,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28724,6 +28756,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29213,6 +29258,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29250,8 +29307,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29620,6 +29678,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32780,7 +32848,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32833,20 +32906,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32899,30 +32980,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32946,18 +33040,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33114,8 +33207,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38633,6 +38726,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38645,7 +38745,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41185,6 +41284,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41674,6 +41786,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41711,8 +41835,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42081,6 +42206,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45762,7 +45897,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45815,20 +45955,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45881,30 +46029,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45928,18 +46089,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46096,8 +46256,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46256,8 +46416,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46356,137 +46516,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46524,9 +46557,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46581,35 +46614,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46618,18 +46663,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46954,17 +46991,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47010,46 +47044,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47210,48 +47225,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47287,13 +47337,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47302,10 +47433,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47630,12 +47769,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47681,11 +47825,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47846,69 +48025,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47945,109 +48102,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48386,6 +48447,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48432,7 +48496,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48597,21 +48661,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48648,7 +48761,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48707,13 +48820,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48742,9 +48850,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48756,7 +48874,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49082,12 +49200,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49134,20 +49247,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49310,58 +49414,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49386,10 +49553,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49398,18 +49568,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49451,46 +50969,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49651,30 +51138,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49711,7 +51291,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49784,7 +51366,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50109,6 +51691,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50154,15 +51739,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50324,117 +51913,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50472,8 +51973,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50545,8 +52047,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50871,9 +52373,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50919,19 +52418,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51092,30 +52585,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51151,71 +52640,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51226,9 +52660,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51553,292 +52985,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55993,6 +57139,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56032,16 +57179,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56073,9 +57223,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56083,6 +57237,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56264,6 +57419,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56271,6 +57427,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57555,8 +58712,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57771,8 +58929,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58584,6 +59742,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59000,8 +60159,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66834,7 +67993,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66887,20 +68051,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66953,30 +68125,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67000,18 +68185,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68710,34 +69894,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/eks-fargate/output.yaml b/charts/k8s-monitoring-v1/docs/examples/eks-fargate/output.yaml index e2e09bc05..5f0112135 100644 --- a/charts/k8s-monitoring-v1/docs/examples/eks-fargate/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/eks-fargate/output.yaml @@ -1152,8 +1152,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11190,8 +11190,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19613,7 +19613,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19666,20 +19671,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19732,30 +19745,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19779,18 +19805,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19903,8 +19928,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20799,6 +20824,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21110,8 +21136,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21831,6 +21857,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22284,8 +22311,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27009,7 +27036,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27033,6 +27059,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27045,7 +27078,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28647,6 +28679,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29136,6 +29181,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29173,8 +29230,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29543,6 +29601,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32703,7 +32771,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32756,20 +32829,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32822,30 +32903,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32869,18 +32963,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33037,8 +33130,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38556,6 +38649,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38568,7 +38668,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41108,6 +41207,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41597,6 +41709,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41634,8 +41758,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42004,6 +42129,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45685,7 +45820,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45738,20 +45878,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45804,30 +45952,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45851,18 +46012,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46019,8 +46179,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46179,8 +46339,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46279,137 +46439,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46447,9 +46480,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46504,35 +46537,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46541,18 +46586,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46877,17 +46914,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46933,46 +46967,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47133,48 +47148,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47210,13 +47260,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47225,10 +47356,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47553,12 +47692,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47604,11 +47748,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47769,69 +47948,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47868,109 +48025,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48309,6 +48370,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48355,7 +48419,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48520,21 +48584,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48571,7 +48684,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48630,13 +48743,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48665,9 +48773,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48679,7 +48797,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49005,12 +49123,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49057,20 +49170,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49233,58 +49337,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49309,10 +49476,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49321,18 +49491,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49374,46 +50892,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49574,30 +51061,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49634,7 +51214,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49707,7 +51289,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50032,6 +51614,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50077,15 +51662,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50247,117 +51836,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50395,8 +51896,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50468,8 +51970,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50794,9 +52296,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50842,19 +52341,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51015,30 +52508,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51074,71 +52563,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51149,9 +52583,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51476,292 +52908,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55916,6 +57062,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -55955,16 +57102,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -55996,9 +57146,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56006,6 +57160,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56187,6 +57342,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56194,6 +57350,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57478,8 +58635,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57694,8 +58852,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58507,6 +59665,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58923,8 +60082,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66757,7 +67916,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66810,20 +67974,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66876,30 +68048,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66923,18 +68108,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68511,34 +69695,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/environment-variables/output.yaml b/charts/k8s-monitoring-v1/docs/examples/environment-variables/output.yaml index 139dae79f..82678f41f 100644 --- a/charts/k8s-monitoring-v1/docs/examples/environment-variables/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/environment-variables/output.yaml @@ -1303,8 +1303,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11341,8 +11341,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19764,7 +19764,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19817,20 +19822,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19883,30 +19896,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19930,18 +19956,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20054,8 +20079,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20950,6 +20975,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21261,8 +21287,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21982,6 +22008,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22435,8 +22462,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27160,7 +27187,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27184,6 +27210,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27196,7 +27229,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28798,6 +28830,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29287,6 +29332,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29324,8 +29381,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29694,6 +29752,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32854,7 +32922,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32907,20 +32980,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32973,30 +33054,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33020,18 +33114,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33188,8 +33281,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38707,6 +38800,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38719,7 +38819,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41259,6 +41358,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41748,6 +41860,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41785,8 +41909,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42155,6 +42280,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45836,7 +45971,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45889,20 +46029,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45955,30 +46103,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46002,18 +46163,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46170,8 +46330,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46330,8 +46490,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46430,137 +46590,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46598,9 +46631,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46655,35 +46688,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46692,18 +46737,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47028,17 +47065,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47084,46 +47118,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47284,48 +47299,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47361,13 +47411,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47376,10 +47507,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47704,12 +47843,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47755,11 +47899,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47920,69 +48099,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48019,109 +48176,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48460,6 +48521,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48506,7 +48570,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48671,21 +48735,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48722,7 +48835,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48781,13 +48894,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48816,9 +48924,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48830,7 +48948,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49156,12 +49274,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49208,20 +49321,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49384,58 +49488,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49460,10 +49627,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49472,18 +49642,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49525,46 +51043,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49725,30 +51212,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49785,7 +51365,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49858,7 +51440,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50183,6 +51765,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50228,15 +51813,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50398,117 +51987,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50546,8 +52047,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50619,8 +52121,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50945,9 +52447,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50993,19 +52492,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51166,30 +52659,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51225,71 +52714,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51300,9 +52734,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51627,292 +53059,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56067,6 +57213,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56106,16 +57253,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56147,9 +57297,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56157,6 +57311,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56338,6 +57493,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56345,6 +57501,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57629,8 +58786,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57845,8 +59003,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58658,6 +59816,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59074,8 +60233,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66908,7 +68067,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66961,20 +68125,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67027,30 +68199,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67074,18 +68259,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68787,34 +69971,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/external-secrets/output.yaml b/charts/k8s-monitoring-v1/docs/examples/external-secrets/output.yaml index 512863cc6..ca3e1d76c 100644 --- a/charts/k8s-monitoring-v1/docs/examples/external-secrets/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/external-secrets/output.yaml @@ -1203,8 +1203,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11241,8 +11241,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19664,7 +19664,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19717,20 +19722,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19783,30 +19796,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19830,18 +19856,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19954,8 +19979,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20850,6 +20875,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21161,8 +21187,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21882,6 +21908,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22335,8 +22362,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27060,7 +27087,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27084,6 +27110,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27096,7 +27129,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28698,6 +28730,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29187,6 +29232,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29224,8 +29281,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29594,6 +29652,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32754,7 +32822,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32807,20 +32880,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32873,30 +32954,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32920,18 +33014,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33088,8 +33181,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38607,6 +38700,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38619,7 +38719,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41159,6 +41258,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41648,6 +41760,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41685,8 +41809,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42055,6 +42180,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45736,7 +45871,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45789,20 +45929,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45855,30 +46003,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45902,18 +46063,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46070,8 +46230,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46230,8 +46390,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46330,137 +46490,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46498,9 +46531,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46555,35 +46588,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46592,18 +46637,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46928,17 +46965,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46984,46 +47018,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47184,48 +47199,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47261,13 +47311,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47276,10 +47407,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47604,12 +47743,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47655,11 +47799,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47820,69 +47999,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47919,109 +48076,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48360,6 +48421,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48406,7 +48470,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48571,21 +48635,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48622,7 +48735,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48681,13 +48794,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48716,9 +48824,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48730,7 +48848,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49056,12 +49174,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49108,20 +49221,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49284,58 +49388,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49360,10 +49527,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49372,18 +49542,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49425,46 +50943,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49625,30 +51112,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49685,7 +51265,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49758,7 +51340,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50083,6 +51665,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50128,15 +51713,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50298,117 +51887,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50446,8 +51947,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50519,8 +52021,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50845,9 +52347,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50893,19 +52392,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51066,30 +52559,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51125,71 +52614,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51200,9 +52634,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51527,292 +52959,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55967,6 +57113,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56006,16 +57153,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56047,9 +57197,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56057,6 +57211,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56238,6 +57393,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56245,6 +57401,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57529,8 +58686,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57745,8 +58903,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58558,6 +59716,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58974,8 +60133,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66808,7 +67967,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66861,20 +68025,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66927,30 +68099,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66974,18 +68159,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68684,34 +69868,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/extra-rules/output.yaml b/charts/k8s-monitoring-v1/docs/examples/extra-rules/output.yaml index 803b7b913..00a8d6608 100644 --- a/charts/k8s-monitoring-v1/docs/examples/extra-rules/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/extra-rules/output.yaml @@ -1356,8 +1356,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11394,8 +11394,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19817,7 +19817,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19870,20 +19875,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19936,30 +19949,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19983,18 +20009,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20107,8 +20132,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21003,6 +21028,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21314,8 +21340,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22035,6 +22061,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22488,8 +22515,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27213,7 +27240,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27237,6 +27263,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27249,7 +27282,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28851,6 +28883,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29340,6 +29385,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29377,8 +29434,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29747,6 +29805,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32907,7 +32975,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32960,20 +33033,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33026,30 +33107,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33073,18 +33167,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33241,8 +33334,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38760,6 +38853,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38772,7 +38872,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41312,6 +41411,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41801,6 +41913,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41838,8 +41962,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42208,6 +42333,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45889,7 +46024,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45942,20 +46082,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46008,30 +46156,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46055,18 +46216,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46223,8 +46383,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46383,8 +46543,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46483,137 +46643,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46651,9 +46684,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46708,35 +46741,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46745,18 +46790,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47081,17 +47118,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47137,46 +47171,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47337,48 +47352,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47414,13 +47464,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47429,10 +47560,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47757,12 +47896,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47808,11 +47952,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47973,69 +48152,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48072,109 +48229,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48513,6 +48574,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48559,7 +48623,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48724,21 +48788,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48775,7 +48888,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48834,13 +48947,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48869,9 +48977,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48883,7 +49001,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49209,12 +49327,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49261,20 +49374,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49437,58 +49541,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49513,10 +49680,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49525,18 +49695,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49578,46 +51096,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49778,30 +51265,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49838,7 +51418,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49911,7 +51493,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50236,6 +51818,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50281,15 +51866,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50451,117 +52040,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50599,8 +52100,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50672,8 +52174,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50998,9 +52500,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51046,19 +52545,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51219,30 +52712,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51278,71 +52767,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51353,9 +52787,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51680,292 +53112,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56120,6 +57266,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56159,16 +57306,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56200,9 +57350,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56210,6 +57364,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56391,6 +57546,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56398,6 +57554,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57682,8 +58839,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57898,8 +59056,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58711,6 +59869,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59127,8 +60286,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66961,7 +68120,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67014,20 +68178,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67080,30 +68252,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67127,18 +68312,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68837,34 +70021,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/gke-autopilot/output.yaml b/charts/k8s-monitoring-v1/docs/examples/gke-autopilot/output.yaml index 5dde64f3a..fefd5f993 100644 --- a/charts/k8s-monitoring-v1/docs/examples/gke-autopilot/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/gke-autopilot/output.yaml @@ -1165,8 +1165,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11203,8 +11203,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19626,7 +19626,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19679,20 +19684,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19745,30 +19758,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19792,18 +19818,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19916,8 +19941,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20812,6 +20837,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21123,8 +21149,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21844,6 +21870,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22297,8 +22324,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27022,7 +27049,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27046,6 +27072,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27058,7 +27091,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28660,6 +28692,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29149,6 +29194,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29186,8 +29243,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29556,6 +29614,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32716,7 +32784,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32769,20 +32842,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32835,30 +32916,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32882,18 +32976,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33050,8 +33143,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38569,6 +38662,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38581,7 +38681,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41121,6 +41220,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41610,6 +41722,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41647,8 +41771,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42017,6 +42142,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45698,7 +45833,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45751,20 +45891,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45817,30 +45965,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45864,18 +46025,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46032,8 +46192,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46192,8 +46352,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46292,137 +46452,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46460,9 +46493,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46517,35 +46550,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46554,18 +46599,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46890,17 +46927,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46946,46 +46980,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47146,48 +47161,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47223,13 +47273,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47238,10 +47369,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47566,12 +47705,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47617,11 +47761,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47782,69 +47961,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47881,109 +48038,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48322,6 +48383,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48368,7 +48432,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48533,21 +48597,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48584,7 +48697,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48643,13 +48756,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48678,9 +48786,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48692,7 +48810,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49018,12 +49136,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49070,20 +49183,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49246,58 +49350,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49322,10 +49489,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49334,18 +49504,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49387,46 +50905,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49587,30 +51074,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49647,7 +51227,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49720,7 +51302,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50045,6 +51627,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50090,15 +51675,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50260,117 +51849,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50408,8 +51909,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50481,8 +51983,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50807,9 +52309,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50855,19 +52354,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51028,30 +52521,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51087,71 +52576,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51162,9 +52596,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51489,292 +52921,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55929,6 +57075,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -55968,16 +57115,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56009,9 +57159,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56019,6 +57173,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56200,6 +57355,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56207,6 +57363,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57491,8 +58648,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57707,8 +58865,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58520,6 +59678,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58936,8 +60095,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66770,7 +67929,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66823,20 +67987,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66889,30 +68061,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66936,18 +68121,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68493,34 +69677,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/ibm-cloud/output.yaml b/charts/k8s-monitoring-v1/docs/examples/ibm-cloud/output.yaml index 13a12752c..7616feee6 100644 --- a/charts/k8s-monitoring-v1/docs/examples/ibm-cloud/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/ibm-cloud/output.yaml @@ -1229,8 +1229,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11267,8 +11267,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19690,7 +19690,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19743,20 +19748,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19809,30 +19822,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19856,18 +19882,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19980,8 +20005,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20876,6 +20901,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21187,8 +21213,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21908,6 +21934,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22361,8 +22388,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27086,7 +27113,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27110,6 +27136,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27122,7 +27155,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28724,6 +28756,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29213,6 +29258,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29250,8 +29307,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29620,6 +29678,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32780,7 +32848,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32833,20 +32906,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32899,30 +32980,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32946,18 +33040,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33114,8 +33207,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38633,6 +38726,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38645,7 +38745,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41185,6 +41284,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41674,6 +41786,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41711,8 +41835,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42081,6 +42206,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45762,7 +45897,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45815,20 +45955,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45881,30 +46029,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45928,18 +46089,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46096,8 +46256,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46256,8 +46416,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46356,137 +46516,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46524,9 +46557,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46581,35 +46614,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46618,18 +46663,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46954,17 +46991,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47010,46 +47044,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47210,48 +47225,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47287,13 +47337,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47302,10 +47433,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47630,12 +47769,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47681,11 +47825,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47846,69 +48025,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47945,109 +48102,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48386,6 +48447,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48432,7 +48496,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48597,21 +48661,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48648,7 +48761,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48707,13 +48820,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48742,9 +48850,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48756,7 +48874,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49082,12 +49200,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49134,20 +49247,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49310,58 +49414,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49386,10 +49553,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49398,18 +49568,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49451,46 +50969,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49651,30 +51138,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49711,7 +51291,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49784,7 +51366,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50109,6 +51691,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50154,15 +51739,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50324,117 +51913,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50472,8 +51973,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50545,8 +52047,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50871,9 +52373,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50919,19 +52418,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51092,30 +52585,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51151,71 +52640,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51226,9 +52660,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51553,292 +52985,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55993,6 +57139,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56032,16 +57179,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56073,9 +57223,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56083,6 +57237,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56264,6 +57419,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56271,6 +57427,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57555,8 +58712,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57771,8 +58929,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58584,6 +59742,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59000,8 +60159,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66834,7 +67993,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66887,20 +68051,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66953,30 +68125,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67000,18 +68185,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68716,34 +69900,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/metric-module-imports-extra-config/output.yaml b/charts/k8s-monitoring-v1/docs/examples/metric-module-imports-extra-config/output.yaml index ae02c47fc..95d909401 100644 --- a/charts/k8s-monitoring-v1/docs/examples/metric-module-imports-extra-config/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/metric-module-imports-extra-config/output.yaml @@ -1245,8 +1245,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11283,8 +11283,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19706,7 +19706,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19759,20 +19764,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19825,30 +19838,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19872,18 +19898,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19996,8 +20021,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20892,6 +20917,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21203,8 +21229,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21924,6 +21950,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22377,8 +22404,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27102,7 +27129,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27126,6 +27152,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27138,7 +27171,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28740,6 +28772,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29229,6 +29274,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29266,8 +29323,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29636,6 +29694,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32796,7 +32864,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32849,20 +32922,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32915,30 +32996,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32962,18 +33056,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33130,8 +33223,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38649,6 +38742,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38661,7 +38761,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41201,6 +41300,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41690,6 +41802,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41727,8 +41851,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42097,6 +42222,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45778,7 +45913,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45831,20 +45971,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45897,30 +46045,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45944,18 +46105,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46112,8 +46272,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46272,8 +46432,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46372,137 +46532,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46540,9 +46573,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46597,35 +46630,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46634,18 +46679,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46970,17 +47007,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47026,46 +47060,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47226,48 +47241,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47303,13 +47353,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47318,10 +47449,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47646,12 +47785,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47697,11 +47841,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47862,69 +48041,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47961,109 +48118,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48402,6 +48463,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48448,7 +48512,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48613,21 +48677,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48664,7 +48777,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48723,13 +48836,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48758,9 +48866,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48772,7 +48890,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49098,12 +49216,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49150,20 +49263,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49326,58 +49430,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49402,10 +49569,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49414,18 +49584,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49467,46 +50985,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49667,30 +51154,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49727,7 +51307,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49800,7 +51382,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50125,6 +51707,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50170,15 +51755,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50340,117 +51929,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50488,8 +51989,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50561,8 +52063,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50887,9 +52389,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50935,19 +52434,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51108,30 +52601,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51167,71 +52656,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51242,9 +52676,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51569,292 +53001,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56009,6 +57155,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56048,16 +57195,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56089,9 +57239,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56099,6 +57253,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56280,6 +57435,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56287,6 +57443,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57571,8 +58728,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57787,8 +58945,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58600,6 +59758,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59016,8 +60175,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66850,7 +68009,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66903,20 +68067,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66969,30 +68141,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67016,18 +68201,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68726,34 +69910,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/metric-module-imports/output.yaml b/charts/k8s-monitoring-v1/docs/examples/metric-module-imports/output.yaml index da4420b01..e3d74eb78 100644 --- a/charts/k8s-monitoring-v1/docs/examples/metric-module-imports/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/metric-module-imports/output.yaml @@ -1406,8 +1406,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11444,8 +11444,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19867,7 +19867,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19920,20 +19925,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19986,30 +19999,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -20033,18 +20059,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20157,8 +20182,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21053,6 +21078,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21364,8 +21390,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22085,6 +22111,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22538,8 +22565,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27263,7 +27290,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27287,6 +27313,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27299,7 +27332,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28901,6 +28933,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29390,6 +29435,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29427,8 +29484,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29797,6 +29855,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32957,7 +33025,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33010,20 +33083,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33076,30 +33157,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33123,18 +33217,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33291,8 +33384,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38810,6 +38903,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38822,7 +38922,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41362,6 +41461,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41851,6 +41963,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41888,8 +42012,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42258,6 +42383,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45939,7 +46074,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45992,20 +46132,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46058,30 +46206,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46105,18 +46266,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46273,8 +46433,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46433,8 +46593,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46533,137 +46693,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46701,9 +46734,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46758,35 +46791,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46795,18 +46840,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47131,17 +47168,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47187,46 +47221,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47387,48 +47402,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47464,13 +47514,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47479,10 +47610,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47807,12 +47946,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47858,11 +48002,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -48023,69 +48202,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48122,109 +48279,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48563,6 +48624,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48609,7 +48673,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48774,21 +48838,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48825,7 +48938,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48884,13 +48997,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48919,9 +49027,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48933,7 +49051,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49259,12 +49377,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49311,20 +49424,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49487,58 +49591,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49563,10 +49730,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49575,18 +49745,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49628,46 +51146,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49828,30 +51315,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49888,7 +51468,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49961,7 +51543,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50286,6 +51868,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50331,15 +51916,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50501,117 +52090,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50649,8 +52150,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50722,8 +52224,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -51048,9 +52550,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51096,19 +52595,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51269,30 +52762,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51328,71 +52817,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51403,9 +52837,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51730,292 +53162,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56170,6 +57316,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56209,16 +57356,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56250,9 +57400,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56260,6 +57414,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56441,6 +57596,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56448,6 +57604,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57732,8 +58889,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57948,8 +59106,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58761,6 +59919,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59177,8 +60336,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -67011,7 +68170,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67064,20 +68228,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67130,30 +68302,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67177,18 +68362,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68887,34 +70071,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/metrics-only/output.yaml b/charts/k8s-monitoring-v1/docs/examples/metrics-only/output.yaml index df3ddd817..1c9be2797 100644 --- a/charts/k8s-monitoring-v1/docs/examples/metrics-only/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/metrics-only/output.yaml @@ -875,8 +875,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -10913,8 +10913,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19336,7 +19336,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19389,20 +19394,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19455,30 +19468,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19502,18 +19528,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19626,8 +19651,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20522,6 +20547,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -20833,8 +20859,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21554,6 +21580,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22007,8 +22034,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -26732,7 +26759,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -26756,6 +26782,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -26768,7 +26801,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28370,6 +28402,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -28859,6 +28904,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -28896,8 +28953,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29266,6 +29324,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32426,7 +32494,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32479,20 +32552,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32545,30 +32626,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32592,18 +32686,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -32760,8 +32853,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38279,6 +38372,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38291,7 +38391,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -40831,6 +40930,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41320,6 +41432,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41357,8 +41481,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -41727,6 +41852,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45408,7 +45543,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45461,20 +45601,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45527,30 +45675,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45574,18 +45735,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -45742,8 +45902,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -45902,8 +46062,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46002,137 +46162,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46170,9 +46203,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46227,35 +46260,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46264,18 +46309,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46600,17 +46637,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46656,46 +46690,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -46856,48 +46871,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46933,13 +46983,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46948,10 +47079,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47276,12 +47415,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47327,11 +47471,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47492,69 +47671,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47591,109 +47748,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48032,6 +48093,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48078,7 +48142,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48243,21 +48307,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48294,7 +48407,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48353,13 +48466,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48388,9 +48496,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48402,7 +48520,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -48728,12 +48846,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -48780,20 +48893,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -48956,58 +49060,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49032,10 +49199,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49044,18 +49214,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49097,46 +50615,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49297,30 +50784,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49357,7 +50937,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49430,7 +51012,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -49755,6 +51337,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -49800,15 +51385,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -49970,117 +51559,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50118,8 +51619,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50191,8 +51693,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50517,9 +52019,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50565,19 +52064,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50738,30 +52231,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50797,71 +52286,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -50872,9 +52306,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51199,292 +52631,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55639,6 +56785,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -55678,16 +56825,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -55719,9 +56869,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -55729,6 +56883,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -55910,6 +57065,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -55917,6 +57073,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57201,8 +58358,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57417,8 +58575,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58230,6 +59388,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58646,8 +59805,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66480,7 +67639,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66533,20 +67697,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66599,30 +67771,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66646,18 +67831,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -67883,34 +69067,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/openshift-compatible/output.yaml b/charts/k8s-monitoring-v1/docs/examples/openshift-compatible/output.yaml index dcbbcb8f9..670e88a73 100644 --- a/charts/k8s-monitoring-v1/docs/examples/openshift-compatible/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/openshift-compatible/output.yaml @@ -1200,8 +1200,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11238,8 +11238,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19661,7 +19661,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19714,20 +19719,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19780,30 +19793,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19827,18 +19853,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19951,8 +19976,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20847,6 +20872,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21158,8 +21184,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21879,6 +21905,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22332,8 +22359,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27057,7 +27084,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27081,6 +27107,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27093,7 +27126,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28695,6 +28727,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29184,6 +29229,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29221,8 +29278,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29591,6 +29649,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32751,7 +32819,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32804,20 +32877,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32870,30 +32951,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32917,18 +33011,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33085,8 +33178,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38604,6 +38697,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38616,7 +38716,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41156,6 +41255,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41645,6 +41757,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41682,8 +41806,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42052,6 +42177,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45733,7 +45868,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45786,20 +45926,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45852,30 +46000,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45899,18 +46060,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46067,8 +46227,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46227,8 +46387,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46327,137 +46487,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46495,9 +46528,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46552,35 +46585,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46589,18 +46634,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46925,17 +46962,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46981,46 +47015,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47181,48 +47196,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47258,13 +47308,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47273,10 +47404,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47601,12 +47740,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47652,11 +47796,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47817,69 +47996,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47916,109 +48073,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48357,6 +48418,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48403,7 +48467,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48568,21 +48632,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48619,7 +48732,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48678,13 +48791,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48713,9 +48821,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48727,7 +48845,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49053,12 +49171,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49105,20 +49218,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49281,58 +49385,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49357,10 +49524,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49369,18 +49539,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49422,46 +50940,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49622,30 +51109,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49682,7 +51262,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49755,7 +51337,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50080,6 +51662,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50125,15 +51710,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50295,117 +51884,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50443,8 +51944,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50516,8 +52018,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50842,9 +52344,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50890,19 +52389,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51063,30 +52556,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51122,71 +52611,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51197,9 +52631,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51524,292 +52956,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55964,6 +57110,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56003,16 +57150,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56044,9 +57194,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56054,6 +57208,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56235,6 +57390,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56242,6 +57398,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57526,8 +58683,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57742,8 +58900,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58555,6 +59713,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58971,8 +60130,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66805,7 +67964,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66858,20 +68022,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66924,30 +68096,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66971,18 +68156,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68382,34 +69566,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/platform_specific/openshift/alloy-scc.yaml apiVersion: security.openshift.io/v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/otel-metrics-service/output.yaml b/charts/k8s-monitoring-v1/docs/examples/otel-metrics-service/output.yaml index 5010d7ad2..93bfd25e1 100644 --- a/charts/k8s-monitoring-v1/docs/examples/otel-metrics-service/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/otel-metrics-service/output.yaml @@ -1246,8 +1246,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11284,8 +11284,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19707,7 +19707,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19760,20 +19765,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19826,30 +19839,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19873,18 +19899,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19997,8 +20022,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20893,6 +20918,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21204,8 +21230,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21925,6 +21951,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22378,8 +22405,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27103,7 +27130,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27127,6 +27153,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27139,7 +27172,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28741,6 +28773,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29230,6 +29275,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29267,8 +29324,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29637,6 +29695,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32797,7 +32865,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32850,20 +32923,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32916,30 +32997,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32963,18 +33057,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33131,8 +33224,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38650,6 +38743,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38662,7 +38762,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41202,6 +41301,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41691,6 +41803,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41728,8 +41852,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42098,6 +42223,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45779,7 +45914,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45832,20 +45972,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45898,30 +46046,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45945,18 +46106,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46113,8 +46273,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46273,8 +46433,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46373,137 +46533,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46541,9 +46574,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46598,35 +46631,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46635,18 +46680,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46971,17 +47008,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47027,46 +47061,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47227,48 +47242,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47304,13 +47354,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47319,10 +47450,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47647,12 +47786,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47698,11 +47842,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47863,69 +48042,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47962,109 +48119,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48403,6 +48464,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48449,7 +48513,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48614,21 +48678,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48665,7 +48778,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48724,13 +48837,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48759,9 +48867,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48773,7 +48891,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49099,12 +49217,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49151,20 +49264,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49327,58 +49431,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49403,10 +49570,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49415,18 +49585,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49468,46 +50986,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49668,30 +51155,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49728,7 +51308,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49801,7 +51383,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50126,6 +51708,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50171,15 +51756,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50341,117 +51930,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50489,8 +51990,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50562,8 +52064,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50888,9 +52390,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50936,19 +52435,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51109,30 +52602,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51168,71 +52657,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51243,9 +52677,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51570,292 +53002,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56010,6 +57156,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56049,16 +57196,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56090,9 +57240,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56100,6 +57254,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56281,6 +57436,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56288,6 +57444,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57572,8 +58729,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57788,8 +58946,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58601,6 +59759,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59017,8 +60176,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66851,7 +68010,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66904,20 +68068,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66970,30 +68142,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67017,18 +68202,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68727,34 +69911,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/pod-labels/output.yaml b/charts/k8s-monitoring-v1/docs/examples/pod-labels/output.yaml index 8e4a6212a..7e48d462d 100644 --- a/charts/k8s-monitoring-v1/docs/examples/pod-labels/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/pod-labels/output.yaml @@ -1316,8 +1316,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11354,8 +11354,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19777,7 +19777,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19830,20 +19835,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19896,30 +19909,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19943,18 +19969,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20067,8 +20092,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20963,6 +20988,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21274,8 +21300,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21995,6 +22021,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22448,8 +22475,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27173,7 +27200,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27197,6 +27223,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27209,7 +27242,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28811,6 +28843,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29300,6 +29345,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29337,8 +29394,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29707,6 +29765,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32867,7 +32935,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32920,20 +32993,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32986,30 +33067,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33033,18 +33127,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33201,8 +33294,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38720,6 +38813,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38732,7 +38832,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41272,6 +41371,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41761,6 +41873,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41798,8 +41922,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42168,6 +42293,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45849,7 +45984,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45902,20 +46042,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45968,30 +46116,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46015,18 +46176,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46183,8 +46343,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46343,8 +46503,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46443,137 +46603,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46611,9 +46644,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46668,35 +46701,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46705,18 +46750,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47041,17 +47078,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47097,46 +47131,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47297,48 +47312,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47374,13 +47424,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47389,10 +47520,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47717,12 +47856,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47768,11 +47912,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47933,69 +48112,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48032,109 +48189,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48473,6 +48534,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48519,7 +48583,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48684,21 +48748,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48735,7 +48848,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48794,13 +48907,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48829,9 +48937,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48843,7 +48961,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49169,12 +49287,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49221,20 +49334,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49397,58 +49501,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49473,10 +49640,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49485,18 +49655,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49538,46 +51056,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49738,30 +51225,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49798,7 +51378,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49871,7 +51453,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50196,6 +51778,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50241,15 +51826,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50411,117 +52000,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50559,8 +52060,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50632,8 +52134,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50958,9 +52460,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51006,19 +52505,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51179,30 +52672,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51238,71 +52727,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51313,9 +52747,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51640,292 +53072,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56080,6 +57226,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56119,16 +57266,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56160,9 +57310,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56170,6 +57324,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56351,6 +57506,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56358,6 +57514,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57642,8 +58799,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57858,8 +59016,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58671,6 +59829,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59087,8 +60246,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66921,7 +68080,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66974,20 +68138,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67040,30 +68212,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67087,18 +68272,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68797,34 +69981,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/private-image-registry/output.yaml b/charts/k8s-monitoring-v1/docs/examples/private-image-registry/output.yaml index da17c7e7d..c06725276 100644 --- a/charts/k8s-monitoring-v1/docs/examples/private-image-registry/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/private-image-registry/output.yaml @@ -1233,8 +1233,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11271,8 +11271,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19694,7 +19694,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19747,20 +19752,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19813,30 +19826,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19860,18 +19886,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19984,8 +20009,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20880,6 +20905,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21191,8 +21217,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21912,6 +21938,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22365,8 +22392,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27090,7 +27117,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27114,6 +27140,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27126,7 +27159,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28728,6 +28760,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29217,6 +29262,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29254,8 +29311,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29624,6 +29682,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32784,7 +32852,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32837,20 +32910,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32903,30 +32984,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32950,18 +33044,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33118,8 +33211,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38637,6 +38730,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38649,7 +38749,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41189,6 +41288,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41678,6 +41790,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41715,8 +41839,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42085,6 +42210,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45766,7 +45901,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45819,20 +45959,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45885,30 +46033,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45932,18 +46093,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46100,8 +46260,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46260,8 +46420,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46360,137 +46520,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46528,9 +46561,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46585,35 +46618,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46622,18 +46667,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46958,17 +46995,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47014,46 +47048,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47214,48 +47229,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47291,13 +47341,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47306,10 +47437,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47634,12 +47773,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47685,11 +47829,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47850,69 +48029,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47949,109 +48106,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48390,6 +48451,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48436,7 +48500,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48601,21 +48665,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48652,7 +48765,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48711,13 +48824,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48746,9 +48854,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48760,7 +48878,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49086,12 +49204,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49138,20 +49251,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49314,58 +49418,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49390,10 +49557,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49402,18 +49572,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49455,46 +50973,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49655,30 +51142,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49715,7 +51295,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49788,7 +51370,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50113,6 +51695,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50158,15 +51743,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50328,117 +51917,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50476,8 +51977,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50549,8 +52051,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50875,9 +52377,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50923,19 +52422,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51096,30 +52589,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51155,71 +52644,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51230,9 +52664,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51557,292 +52989,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55997,6 +57143,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56036,16 +57183,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56077,9 +57227,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56087,6 +57241,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56268,6 +57423,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56275,6 +57431,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57559,8 +58716,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57775,8 +58933,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58588,6 +59746,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59004,8 +60163,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66838,7 +67997,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66891,20 +68055,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66957,30 +68129,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67004,18 +68189,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68726,34 +69910,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/profiles-enabled/output.yaml b/charts/k8s-monitoring-v1/docs/examples/profiles-enabled/output.yaml index 1c8dd39c0..b675db6b3 100644 --- a/charts/k8s-monitoring-v1/docs/examples/profiles-enabled/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/profiles-enabled/output.yaml @@ -2190,8 +2190,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -12228,8 +12228,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20651,7 +20651,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -20704,20 +20709,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -20770,30 +20783,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -20817,18 +20843,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20941,8 +20966,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21837,6 +21862,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -22148,8 +22174,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22869,6 +22895,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -23322,8 +23349,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -28047,7 +28074,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -28071,6 +28097,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -28083,7 +28116,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -29685,6 +29717,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -30174,6 +30219,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -30211,8 +30268,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -30581,6 +30639,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -33741,7 +33809,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33794,20 +33867,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33860,30 +33941,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33907,18 +34001,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -34075,8 +34168,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -39594,6 +39687,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -39606,7 +39706,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -42146,6 +42245,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -42635,6 +42747,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -42672,8 +42796,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -43042,6 +43167,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -46723,7 +46858,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46776,20 +46916,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46842,30 +46990,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46889,18 +47050,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -47057,8 +47217,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -47217,8 +47377,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -47317,137 +47477,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47485,9 +47518,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -47542,35 +47575,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47579,18 +47624,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47915,17 +47952,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47971,46 +48005,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -48171,48 +48186,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48248,13 +48298,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48263,10 +48394,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -48591,12 +48730,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -48642,11 +48786,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -48807,69 +48986,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48906,109 +49063,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49347,6 +49408,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -49393,7 +49457,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -49558,21 +49622,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49609,7 +49722,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -49668,13 +49781,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49703,9 +49811,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49717,7 +49835,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -50043,12 +50161,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -50095,20 +50208,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50271,58 +50375,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -50347,10 +50514,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -50359,18 +50529,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -50412,46 +51930,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50612,30 +52099,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50672,7 +52252,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -50745,7 +52327,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -51070,6 +52652,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -51115,15 +52700,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -51285,117 +52874,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51433,8 +52934,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -51506,8 +53008,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -51832,9 +53334,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51880,19 +53379,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -52053,30 +53546,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -52112,71 +53601,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -52187,9 +53621,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -52514,292 +53946,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56954,6 +58100,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56993,16 +58140,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -57034,9 +58184,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -57044,6 +58198,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -57225,6 +58380,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -57232,6 +58388,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -58516,8 +59673,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -58732,8 +59890,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -59545,6 +60703,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59961,8 +61120,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -67795,7 +68954,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67848,20 +69012,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67914,30 +69086,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67961,18 +69146,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -69908,34 +71092,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/proxies/output.yaml b/charts/k8s-monitoring-v1/docs/examples/proxies/output.yaml index 344201d12..6c4714e64 100644 --- a/charts/k8s-monitoring-v1/docs/examples/proxies/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/proxies/output.yaml @@ -1245,8 +1245,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11283,8 +11283,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19706,7 +19706,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19759,20 +19764,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19825,30 +19838,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19872,18 +19898,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19996,8 +20021,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20892,6 +20917,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21203,8 +21229,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21924,6 +21950,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22377,8 +22404,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27102,7 +27129,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27126,6 +27152,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27138,7 +27171,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28740,6 +28772,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29229,6 +29274,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29266,8 +29323,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29636,6 +29694,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32796,7 +32864,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32849,20 +32922,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32915,30 +32996,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32962,18 +33056,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33130,8 +33223,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38649,6 +38742,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38661,7 +38761,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41201,6 +41300,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41690,6 +41802,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41727,8 +41851,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42097,6 +42222,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45778,7 +45913,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45831,20 +45971,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45897,30 +46045,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45944,18 +46105,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46112,8 +46272,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46272,8 +46432,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46372,137 +46532,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46540,9 +46573,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46597,35 +46630,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46634,18 +46679,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46970,17 +47007,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47026,46 +47060,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47226,48 +47241,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47303,13 +47353,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47318,10 +47449,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47646,12 +47785,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47697,11 +47841,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47862,69 +48041,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47961,109 +48118,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48402,6 +48463,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48448,7 +48512,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48613,21 +48677,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48664,7 +48777,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48723,13 +48836,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48758,9 +48866,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48772,7 +48890,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49098,12 +49216,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49150,20 +49263,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49326,58 +49430,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49402,10 +49569,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49414,18 +49584,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49467,46 +50985,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49667,30 +51154,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49727,7 +51307,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49800,7 +51382,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50125,6 +51707,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50170,15 +51755,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50340,117 +51929,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50488,8 +51989,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50561,8 +52063,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50887,9 +52389,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50935,19 +52434,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51108,30 +52601,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51167,71 +52656,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51242,9 +52676,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51569,292 +53001,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56009,6 +57155,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56048,16 +57195,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56089,9 +57239,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56099,6 +57253,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56280,6 +57435,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56287,6 +57443,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57571,8 +58728,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57787,8 +58945,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58600,6 +59758,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59016,8 +60175,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66850,7 +68009,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66903,20 +68067,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66969,30 +68141,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67016,18 +68201,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68726,34 +69910,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/scrape-intervals/output.yaml b/charts/k8s-monitoring-v1/docs/examples/scrape-intervals/output.yaml index 3ec1aa45c..081050bef 100644 --- a/charts/k8s-monitoring-v1/docs/examples/scrape-intervals/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/scrape-intervals/output.yaml @@ -874,8 +874,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -10912,8 +10912,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19335,7 +19335,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19388,20 +19393,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19454,30 +19467,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19501,18 +19527,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19625,8 +19650,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20521,6 +20546,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -20832,8 +20858,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21553,6 +21579,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22006,8 +22033,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -26731,7 +26758,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -26755,6 +26781,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -26767,7 +26800,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28369,6 +28401,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -28858,6 +28903,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -28895,8 +28952,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29265,6 +29323,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32425,7 +32493,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32478,20 +32551,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32544,30 +32625,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32591,18 +32685,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -32759,8 +32852,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38278,6 +38371,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38290,7 +38390,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -40830,6 +40929,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41319,6 +41431,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41356,8 +41480,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -41726,6 +41851,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45407,7 +45542,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45460,20 +45600,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45526,30 +45674,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45573,18 +45734,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -45741,8 +45901,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -45901,8 +46061,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46001,137 +46161,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46169,9 +46202,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46226,35 +46259,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46263,18 +46308,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46599,17 +46636,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -46655,46 +46689,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -46855,48 +46870,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46932,13 +46982,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46947,10 +47078,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47275,12 +47414,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47326,11 +47470,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47491,69 +47670,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47590,109 +47747,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48031,6 +48092,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48077,7 +48141,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48242,21 +48306,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48293,7 +48406,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48352,13 +48465,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48387,9 +48495,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48401,7 +48519,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -48727,12 +48845,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -48779,20 +48892,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -48955,58 +49059,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49031,10 +49198,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49043,18 +49213,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49096,46 +50614,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49296,30 +50783,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49356,7 +50936,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49429,7 +51011,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -49754,6 +51336,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -49799,15 +51384,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -49969,117 +51558,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50117,8 +51618,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50190,8 +51692,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50516,9 +52018,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50564,19 +52063,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -50737,30 +52230,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50796,71 +52285,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -50871,9 +52305,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51198,292 +52630,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55638,6 +56784,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -55677,16 +56824,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -55718,9 +56868,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -55728,6 +56882,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -55909,6 +57064,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -55916,6 +57072,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57200,8 +58357,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57416,8 +58574,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58229,6 +59387,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58645,8 +59804,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66479,7 +67638,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66532,20 +67696,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66598,30 +67770,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66645,18 +67830,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -67882,34 +69066,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/service-integrations/output.yaml b/charts/k8s-monitoring-v1/docs/examples/service-integrations/output.yaml index c8e965ecd..71b4206bb 100644 --- a/charts/k8s-monitoring-v1/docs/examples/service-integrations/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/service-integrations/output.yaml @@ -1264,8 +1264,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11302,8 +11302,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19725,7 +19725,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19778,20 +19783,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19844,30 +19857,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19891,18 +19917,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20015,8 +20040,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20911,6 +20936,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21222,8 +21248,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21943,6 +21969,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22396,8 +22423,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27121,7 +27148,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27145,6 +27171,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27157,7 +27190,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28759,6 +28791,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29248,6 +29293,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29285,8 +29342,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29655,6 +29713,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32815,7 +32883,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32868,20 +32941,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32934,30 +33015,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32981,18 +33075,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33149,8 +33242,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38668,6 +38761,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38680,7 +38780,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41220,6 +41319,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41709,6 +41821,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41746,8 +41870,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42116,6 +42241,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45797,7 +45932,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45850,20 +45990,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45916,30 +46064,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45963,18 +46124,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46131,8 +46291,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46291,8 +46451,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46391,137 +46551,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46559,9 +46592,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46616,35 +46649,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46653,18 +46698,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46989,17 +47026,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47045,46 +47079,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47245,48 +47260,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47322,13 +47372,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47337,10 +47468,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47665,12 +47804,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47716,11 +47860,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47881,69 +48060,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47980,109 +48137,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48421,6 +48482,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48467,7 +48531,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48632,21 +48696,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48683,7 +48796,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48742,13 +48855,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48777,9 +48885,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48791,7 +48909,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49117,12 +49235,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49169,20 +49282,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49345,58 +49449,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49421,10 +49588,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49433,18 +49603,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49486,46 +51004,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49686,30 +51173,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49746,7 +51326,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49819,7 +51401,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50144,6 +51726,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50189,15 +51774,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50359,117 +51948,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50507,8 +52008,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50580,8 +52082,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50906,9 +52408,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50954,19 +52453,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51127,30 +52620,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51186,71 +52675,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51261,9 +52695,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51588,292 +53020,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56028,6 +57174,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56067,16 +57214,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56108,9 +57258,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56118,6 +57272,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56299,6 +57454,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56306,6 +57462,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57590,8 +58747,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57806,8 +58964,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58619,6 +59777,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59035,8 +60194,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66869,7 +68028,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66922,20 +68086,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66988,30 +68160,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67035,18 +68220,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68745,34 +69929,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/sigv4-auth/output.yaml b/charts/k8s-monitoring-v1/docs/examples/sigv4-auth/output.yaml index c5161d475..b73f574e7 100644 --- a/charts/k8s-monitoring-v1/docs/examples/sigv4-auth/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/sigv4-auth/output.yaml @@ -1228,8 +1228,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11266,8 +11266,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19689,7 +19689,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19742,20 +19747,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19808,30 +19821,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19855,18 +19881,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -19979,8 +20004,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20875,6 +20900,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21186,8 +21212,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21907,6 +21933,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22360,8 +22387,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27085,7 +27112,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27109,6 +27135,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27121,7 +27154,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28723,6 +28755,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29212,6 +29257,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29249,8 +29306,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29619,6 +29677,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32779,7 +32847,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32832,20 +32905,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32898,30 +32979,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -32945,18 +33039,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33113,8 +33206,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38632,6 +38725,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38644,7 +38744,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41184,6 +41283,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41673,6 +41785,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41710,8 +41834,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42080,6 +42205,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45761,7 +45896,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45814,20 +45954,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45880,30 +46028,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -45927,18 +46088,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46095,8 +46255,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46255,8 +46415,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46355,137 +46515,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46523,9 +46556,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46580,35 +46613,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46617,18 +46662,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -46953,17 +46990,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47009,46 +47043,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47209,48 +47224,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47286,13 +47336,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47301,10 +47432,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47629,12 +47768,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47680,11 +47824,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47845,69 +48024,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -47944,109 +48101,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48385,6 +48446,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48431,7 +48495,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48596,21 +48660,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48647,7 +48760,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48706,13 +48819,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48741,9 +48849,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48755,7 +48873,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49081,12 +49199,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49133,20 +49246,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49309,58 +49413,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49385,10 +49552,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49397,18 +49567,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49450,46 +50968,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49650,30 +51137,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49710,7 +51290,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49783,7 +51365,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50108,6 +51690,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50153,15 +51738,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50323,117 +51912,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50471,8 +51972,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50544,8 +52046,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50870,9 +52372,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -50918,19 +52417,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51091,30 +52584,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51150,71 +52639,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51225,9 +52659,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51552,292 +52984,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -55992,6 +57138,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56031,16 +57178,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56072,9 +57222,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56082,6 +57236,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56263,6 +57418,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56270,6 +57426,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57554,8 +58711,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57770,8 +58928,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58583,6 +59741,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -58999,8 +60158,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66833,7 +67992,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66886,20 +68050,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66952,30 +68124,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -66999,18 +68184,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68709,34 +69893,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/specific-namespace/output.yaml b/charts/k8s-monitoring-v1/docs/examples/specific-namespace/output.yaml index d08e1e405..45464332f 100644 --- a/charts/k8s-monitoring-v1/docs/examples/specific-namespace/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/specific-namespace/output.yaml @@ -1313,8 +1313,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11351,8 +11351,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19774,7 +19774,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19827,20 +19832,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19893,30 +19906,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19940,18 +19966,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20064,8 +20089,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20960,6 +20985,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21271,8 +21297,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21992,6 +22018,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22445,8 +22472,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27170,7 +27197,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27194,6 +27220,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27206,7 +27239,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28808,6 +28840,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29297,6 +29342,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29334,8 +29391,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29704,6 +29762,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32864,7 +32932,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32917,20 +32990,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32983,30 +33064,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33030,18 +33124,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33198,8 +33291,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38717,6 +38810,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38729,7 +38829,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41269,6 +41368,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41758,6 +41870,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41795,8 +41919,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42165,6 +42290,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45846,7 +45981,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45899,20 +46039,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45965,30 +46113,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46012,18 +46173,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46180,8 +46340,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46340,8 +46500,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46440,137 +46600,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46608,9 +46641,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46665,35 +46698,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46702,18 +46747,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47038,17 +47075,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47094,46 +47128,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47294,48 +47309,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47371,13 +47421,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47386,10 +47517,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47714,12 +47853,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47765,11 +47909,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47930,69 +48109,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48029,109 +48186,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48470,6 +48531,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48516,7 +48580,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48681,21 +48745,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48732,7 +48845,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48791,13 +48904,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48826,9 +48934,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48840,7 +48958,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49166,12 +49284,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49218,20 +49331,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49394,58 +49498,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49470,10 +49637,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49482,18 +49652,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49535,46 +51053,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49735,30 +51222,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49795,7 +51375,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49868,7 +51450,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50193,6 +51775,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50238,15 +51823,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50408,117 +51997,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50556,8 +52057,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50629,8 +52131,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50955,9 +52457,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51003,19 +52502,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51176,30 +52669,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51235,71 +52724,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51310,9 +52744,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51637,292 +53069,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56077,6 +57223,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56116,16 +57263,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56157,9 +57307,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56167,6 +57321,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56348,6 +57503,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56355,6 +57511,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57639,8 +58796,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57855,8 +59013,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58668,6 +59826,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59084,8 +60243,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66918,7 +68077,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66971,20 +68135,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67037,30 +68209,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67084,18 +68269,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68794,34 +69978,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/traces-enabled/output.yaml b/charts/k8s-monitoring-v1/docs/examples/traces-enabled/output.yaml index fb2e527d9..1988b1603 100644 --- a/charts/k8s-monitoring-v1/docs/examples/traces-enabled/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/traces-enabled/output.yaml @@ -1353,8 +1353,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11391,8 +11391,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19814,7 +19814,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19867,20 +19872,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19933,30 +19946,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19980,18 +20006,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20104,8 +20129,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -21000,6 +21025,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21311,8 +21337,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22032,6 +22058,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22485,8 +22512,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27210,7 +27237,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27234,6 +27260,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27246,7 +27279,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28848,6 +28880,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29337,6 +29382,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29374,8 +29431,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29744,6 +29802,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32904,7 +32972,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32957,20 +33030,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33023,30 +33104,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33070,18 +33164,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33238,8 +33331,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38757,6 +38850,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38769,7 +38869,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41309,6 +41408,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41798,6 +41910,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41835,8 +41959,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42205,6 +42330,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45886,7 +46021,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45939,20 +46079,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -46005,30 +46153,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46052,18 +46213,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46220,8 +46380,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46380,8 +46540,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46480,137 +46640,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46648,9 +46681,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46705,35 +46738,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46742,18 +46787,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47078,17 +47115,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47134,46 +47168,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47334,48 +47349,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47411,13 +47461,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47426,10 +47557,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47754,12 +47893,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47805,11 +47949,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47970,69 +48149,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48069,109 +48226,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48510,6 +48571,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48556,7 +48620,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48721,21 +48785,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48772,7 +48885,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48831,13 +48944,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48866,9 +48974,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48880,7 +48998,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49206,12 +49324,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49258,20 +49371,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49434,58 +49538,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49510,10 +49677,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49522,18 +49692,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49575,46 +51093,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49775,30 +51262,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49835,7 +51415,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49908,7 +51490,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50233,6 +51815,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50278,15 +51863,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50448,117 +52037,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50596,8 +52097,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50669,8 +52171,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50995,9 +52497,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51043,19 +52542,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51216,30 +52709,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51275,71 +52764,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51350,9 +52784,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51677,292 +53109,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56117,6 +57263,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56156,16 +57303,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56197,9 +57347,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56207,6 +57361,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56388,6 +57543,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56395,6 +57551,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57679,8 +58836,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57895,8 +59053,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58708,6 +59866,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59124,8 +60283,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66958,7 +68117,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67011,20 +68175,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67077,30 +68249,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67124,18 +68309,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68834,34 +70018,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1 diff --git a/charts/k8s-monitoring-v1/docs/examples/windows-exporter/output.yaml b/charts/k8s-monitoring-v1/docs/examples/windows-exporter/output.yaml index ff7662fc1..d67cedb8c 100644 --- a/charts/k8s-monitoring-v1/docs/examples/windows-exporter/output.yaml +++ b/charts/k8s-monitoring-v1/docs/examples/windows-exporter/output.yaml @@ -1337,8 +1337,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagerconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -11375,8 +11375,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: alertmanagers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -19798,7 +19798,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19851,20 +19856,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -19917,30 +19930,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -19964,18 +19990,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -20088,8 +20113,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -20984,6 +21009,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -21295,8 +21321,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: probes.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -22016,6 +22042,7 @@ spec: description: |- Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape timeout is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: @@ -22469,8 +22496,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusagents.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -27194,7 +27221,6 @@ spec: mode: description: |- Mode defines how the Prometheus operator deploys the PrometheusAgent pod(s). - For now this field has no effect. (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. enum: @@ -27218,6 +27244,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -27230,7 +27263,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -28832,6 +28864,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -29321,6 +29366,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -29358,8 +29415,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -29728,6 +29786,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string shards: description: |- Number of shards to distribute scraped targets onto. @@ -32888,7 +32956,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -32941,20 +33014,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -33007,30 +33088,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -33054,18 +33148,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -33222,8 +33315,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheuses.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -38741,6 +38834,13 @@ spec: Settings related to the OTLP receiver feature. It requires Prometheus >= v2.55.0. properties: + keepIdentifyingResourceAttributes: + description: |- + Enables adding `service.name`, `service.namespace` and `service.instance.id` + resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + + It requires Prometheus >= v3.1.0. + type: boolean promoteResourceAttributes: description: List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. @@ -38753,7 +38853,6 @@ spec: translationStrategy: description: |- Configures how the OTLP receiver endpoint translates the incoming metrics. - If unset, Prometheus uses its default value. It requires Prometheus >= v3.0.0. enum: @@ -41293,6 +41392,19 @@ spec: Only one scrape class can be set as the default. type: boolean + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string metricRelabelings: description: |- MetricRelabelings configures the relabeling rules to apply to all samples before ingestion. @@ -41782,6 +41894,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + scrapeFailureLogFile: + description: |- + File to which scrape failures are logged. + Reloading the configuration will reopen the file. + + If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + will mount the file into an emptyDir volume at `/var/log/prometheus`. + If a full path is provided, e.g. '/var/log/prometheus/file.log', you + must mount a volume in the specified directory and it must be writable. + It requires Prometheus >= v2.55.0. + minLength: 1 + type: string scrapeInterval: default: 30s description: |- @@ -41819,8 +41943,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: Number of seconds to wait until a scrape request times - out. + description: |- + Number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string secrets: @@ -42189,6 +42314,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + serviceName: + description: |- + The name of the service name used by the underlying StatefulSet(s) as the governing service. + If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + or `prometheus-agent-operated` for PrometheusAgent resources. + When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + minLength: 1 + type: string sha: description: 'Deprecated: use ''spec.image'' instead. The image''s digest can be specified as part of the image name.' @@ -45870,7 +46005,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45923,20 +46063,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -45989,30 +46137,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -46036,18 +46197,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -46204,8 +46364,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: prometheusrules.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46364,8 +46524,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: scrapeconfigs.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -46464,137 +46624,10 @@ spec: - ManagedIdentity - SDK type: string - clientID: - description: Optional client ID. Only required with the OAuth - authentication method. - type: string - clientSecret: - description: Optional client secret. Only required with the - OAuth authentication method. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - environment: - description: The Azure environment. - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - resourceGroup: - description: Optional resource group name. Limits discovery - to this resource group. - type: string - subscriptionID: - description: The subscription ID. Always required. - minLength: 1 - type: string - tenantID: - description: Optional tenant ID. Only required with the OAuth - authentication method. - type: string - required: - - subscriptionID - type: object - type: array - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must be - a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must be - defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - consulSDConfigs: - description: ConsulSDConfigs defines a list of Consul service discovery - configurations. - items: - description: |- - ConsulSDConfig defines a Consul service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config - properties: - allowStale: - description: |- - Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. - If unset, Prometheus uses its default value. - type: boolean authorization: description: |- - Optional Authorization header configuration to authenticate against the Consul Server. - Cannot be set at the same time as `basicAuth`, or `oauth2`. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -46632,9 +46665,9 @@ spec: type: object basicAuth: description: |- - Optional BasicAuth information to authenticate against the Consul Server. + BasicAuth information to authenticate against the target HTTP endpoint. More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oauth2`. + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -46689,35 +46722,47 @@ spec: type: object x-kubernetes-map-type: atomic type: object - datacenter: - description: Consul Datacenter name, if not provided it will - use the local Consul Agent Datacenter. + clientID: + description: Optional client ID. Only required with the OAuth + authentication method. minLength: 1 type: string + clientSecret: + description: Optional client secret. Only required with the + OAuth authentication method. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic enableHTTP2: - description: |- - Whether to enable HTTP2. - If unset, Prometheus uses its default value. + description: Whether to enable HTTP2. type: boolean - filter: - description: |- - Filter expression used to filter the catalog results. - See https://www.consul.io/api-docs/catalog#list-services - It requires Prometheus >= 3.0.0. + environment: + description: The Azure environment. minLength: 1 type: string followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - If unset, Prometheus uses its default value. + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean - namespace: - description: |- - Namespaces are only supported in Consul Enterprise. - - It requires Prometheus >= 2.28.0. - minLength: 1 - type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -46726,18 +46771,10 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - nodeMeta: - additionalProperties: - type: string - description: |- - Node metadata key/value pairs to filter nodes for a given service. - Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. - type: object - x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth2.0 configuration. - Cannot be set at the same time as `basicAuth`, or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -47062,17 +47099,14 @@ spec: - clientSecret - tokenUrl type: object - partition: - description: Admin Partitions are only supported in Consul Enterprise. - minLength: 1 - type: string - pathPrefix: + port: description: |- - Prefix for URIs for when consul is behind an API gateway (reverse proxy). - - It requires Prometheus >= 2.45.0. - minLength: 1 - type: string + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer proxyConnectHeader: additionalProperties: items: @@ -47118,46 +47152,27 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: |- - The time after which the provided names are refreshed. - On large setup it might be a good idea to increase this value because the catalog will change all the time. - If unset, Prometheus uses its default value. + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - scheme: - description: HTTP Scheme default "http" - enum: - - HTTP - - HTTPS + resourceGroup: + description: |- + Optional resource group name. Limits discovery to this resource group. + Requires Prometheus v2.35.0 and above + minLength: 1 type: string - server: - description: Consul server address. A valid string consisting - of a hostname or IP followed by an optional port number. + subscriptionID: + description: The subscription ID. Always required. minLength: 1 type: string - services: - description: A list of services for which targets are retrieved. - If omitted, all services are scraped. - items: - type: string - type: array - x-kubernetes-list-type: set - tagSeparator: - description: |- - The string by which Consul tags are joined into the tag label. - If unset, Prometheus uses its default value. + tenantID: + description: Optional tenant ID. Only required with the OAuth + authentication method. minLength: 1 type: string - tags: - description: |- - An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. - Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. - items: - type: string - type: array - x-kubernetes-list-type: set tlsConfig: - description: TLS configuration to connect to the Consul API. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -47318,48 +47333,83 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - tokenRef: - description: Consul ACL TokenRef, if not provided it will use - the ACL from the local Consul Agent. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic required: - - server + - subscriptionID type: object type: array - digitalOceanSDConfigs: - description: DigitalOceanSDConfigs defines a list of DigitalOcean - service discovery configurations. + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + consulSDConfigs: + description: ConsulSDConfigs defines a list of Consul service discovery + configurations. items: description: |- - DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. - This service discovery uses the public IPv4 address by default, by that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config + ConsulSDConfig defines a Consul service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#consul_sd_config properties: + allowStale: + description: |- + Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul. + If unset, Prometheus uses its default value. + type: boolean authorization: description: |- - Authorization header configuration to authenticate against the DigitalOcean API. - Cannot be set at the same time as `oauth2`. + Optional Authorization header configuration to authenticate against the Consul Server. + Cannot be set at the same time as `basicAuth`, or `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -47395,13 +47445,94 @@ spec: Default: "Bearer" type: string type: object + basicAuth: + description: |- + Optional BasicAuth information to authenticate against the Consul Server. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oauth2`. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + datacenter: + description: Consul Datacenter name, if not provided it will + use the local Consul Agent Datacenter. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: |- + Whether to enable HTTP2. + If unset, Prometheus uses its default value. type: boolean + filter: + description: |- + Filter expression used to filter the catalog results. + See https://www.consul.io/api-docs/catalog#list-services + It requires Prometheus >= 3.0.0. + minLength: 1 + type: string followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + If unset, Prometheus uses its default value. type: boolean + namespace: + description: |- + Namespaces are only supported in Consul Enterprise. + + It requires Prometheus >= 2.28.0. + minLength: 1 + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -47410,10 +47541,18 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string + nodeMeta: + additionalProperties: + type: string + description: |- + Node metadata key/value pairs to filter nodes for a given service. + Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. + type: object + x-kubernetes-map-type: atomic oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`. + Optional OAuth2.0 configuration. + Cannot be set at the same time as `basicAuth`, or `authorization`. properties: clientId: description: |- @@ -47738,12 +47877,17 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - format: int32 - maximum: 65535 - minimum: 0 - type: integer + partition: + description: Admin Partitions are only supported in Consul Enterprise. + minLength: 1 + type: string + pathPrefix: + description: |- + Prefix for URIs for when consul is behind an API gateway (reverse proxy). + + It requires Prometheus >= 2.45.0. + minLength: 1 + type: string proxyConnectHeader: additionalProperties: items: @@ -47789,11 +47933,46 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: |- + The time after which the provided names are refreshed. + On large setup it might be a good idea to increase this value because the catalog will change all the time. + If unset, Prometheus uses its default value. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string + scheme: + description: HTTP Scheme default "http" + enum: + - HTTP + - HTTPS + type: string + server: + description: Consul server address. A valid string consisting + of a hostname or IP followed by an optional port number. + minLength: 1 + type: string + services: + description: A list of services for which targets are retrieved. + If omitted, all services are scraped. + items: + type: string + type: array + x-kubernetes-list-type: set + tagSeparator: + description: |- + The string by which Consul tags are joined into the tag label. + If unset, Prometheus uses its default value. + minLength: 1 + type: string + tags: + description: |- + An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. + items: + type: string + type: array + x-kubernetes-list-type: set tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to connect to the Consul API. properties: ca: description: Certificate authority used when verifying server @@ -47954,69 +48133,47 @@ spec: description: Used to verify the hostname for the targets. type: string type: object - type: object - type: array - dnsSDConfigs: - description: DNSSDConfigs defines a list of DNS service discovery - configurations. - items: - description: |- - DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. - The DNS servers to be contacted are read from /etc/resolv.conf. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config - properties: - names: - description: A list of DNS domain names to be queried. - items: - minLength: 1 - type: string - minItems: 1 - type: array - port: - description: |- - The port number used if the query type is not SRV - Ignored for SRV records - format: int32 - maximum: 65535 - minimum: 0 - type: integer - refreshInterval: - description: |- - RefreshInterval configures the time after which the provided names are refreshed. - If not set, Prometheus uses its default value. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - type: - description: |- - The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. - If not set, Prometheus uses its default value. - - When set to NS, it requires Prometheus >= v2.49.0. - When set to MX, it requires Prometheus >= v2.38.0 - enum: - - A - - AAAA - - MX - - NS - - SRV - type: string + tokenRef: + description: Consul ACL TokenRef, if not provided it will use + the ACL from the local Consul Agent. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic required: - - names + - server type: object type: array - dockerSDConfigs: - description: DockerSDConfigs defines a list of Docker service discovery - configurations. + digitalOceanSDConfigs: + description: DigitalOceanSDConfigs defines a list of DigitalOcean + service discovery configurations. items: description: |- - Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. - This SD discovers "containers" and will create a target for each network IP and - port the container is configured to expose. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config + DigitalOceanSDConfig allow retrieving scrape targets from DigitalOcean's Droplets API. + This service discovery uses the public IPv4 address by default, by that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#digitalocean_sd_config properties: authorization: description: |- - Authorization header configuration to authenticate against the Docker API. + Authorization header configuration to authenticate against the DigitalOcean API. Cannot be set at the same time as `oauth2`. properties: credentials: @@ -48053,109 +48210,13 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: BasicAuth information to use on every scrape request. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object enableHTTP2: description: Whether to enable HTTP2. type: boolean - filters: - description: Optional filters to limit the discovery process - to a subset of the available resources. - items: - description: Filter name and value pairs to limit the discovery - process to a subset of available resources. - properties: - name: - description: Name of the Filter. - type: string - values: - description: Value to filter on. - items: - minLength: 1 - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - required: - - name - - values - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map followRedirects: description: Configure whether HTTP requests follow HTTP 3xx redirects. type: boolean - host: - description: Address of the docker daemon - minLength: 1 - type: string - hostNetworkingHost: - description: The host to use if the container is in host networking - mode. - type: string - matchFirstNetwork: - description: |- - Configure whether to match the first network if the container has multiple networks defined. - If unset, Prometheus uses true by default. - It requires Prometheus >= v2.54.1. - type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48494,6 +48555,9 @@ spec: type: object port: description: The port to scrape metrics from. + format: int32 + maximum: 65535 + minimum: 0 type: integer proxyConnectHeader: additionalProperties: @@ -48540,7 +48604,7 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Time after which the container is refreshed. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string tlsConfig: @@ -48705,21 +48769,70 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + type: object + type: array + dnsSDConfigs: + description: DNSSDConfigs defines a list of DNS service discovery + configurations. + items: + description: |- + DNSSDConfig allows specifying a set of DNS domain names which are periodically queried to discover a list of targets. + The DNS servers to be contacted are read from /etc/resolv.conf. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dns_sd_config + properties: + names: + description: A list of DNS domain names to be queried. + items: + minLength: 1 + type: string + minItems: 1 + type: array + port: + description: |- + The port number used if the query type is not SRV + Ignored for SRV records + format: int32 + maximum: 65535 + minimum: 0 + type: integer + refreshInterval: + description: |- + RefreshInterval configures the time after which the provided names are refreshed. + If not set, Prometheus uses its default value. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + type: + description: |- + The type of DNS query to perform. One of SRV, A, AAAA, MX or NS. + If not set, Prometheus uses its default value. + + When set to NS, it requires Prometheus >= v2.49.0. + When set to MX, it requires Prometheus >= v2.38.0 + enum: + - A + - AAAA + - MX + - NS + - SRV + type: string required: - - host + - names type: object type: array - dockerSwarmSDConfigs: - description: DockerswarmSDConfigs defines a list of Dockerswarm service - discovery configurations. + dockerSDConfigs: + description: DockerSDConfigs defines a list of Docker service discovery + configurations. items: description: |- - DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config + Docker SD configurations allow retrieving scrape targets from Docker Engine hosts. + This SD discovers "containers" and will create a target for each network IP and + port the container is configured to expose. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#docker_sd_config properties: authorization: - description: Authorization header configuration to authenticate - against the target HTTP endpoint. + description: |- + Authorization header configuration to authenticate against the Docker API. + Cannot be set at the same time as `oauth2`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -48756,7 +48869,7 @@ spec: type: string type: object basicAuth: - description: Optional HTTP basic authentication information. + description: BasicAuth information to use on every scrape request. properties: password: description: |- @@ -48815,13 +48928,8 @@ spec: description: Whether to enable HTTP2. type: boolean filters: - description: |- - Optional filters to limit the discovery process to a subset of available - resources. - The available filters are listed in the upstream documentation: - Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList - Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList - Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList + description: Optional filters to limit the discovery process + to a subset of the available resources. items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -48850,9 +48958,19 @@ spec: redirects. type: boolean host: - description: Address of the Docker daemon - pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + description: Address of the docker daemon + minLength: 1 + type: string + hostNetworkingHost: + description: The host to use if the container is in host networking + mode. type: string + matchFirstNetwork: + description: |- + Configure whether to match the first network if the container has multiple networks defined. + If unset, Prometheus uses true by default. + It requires Prometheus >= v2.54.1. + type: boolean noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -48864,7 +48982,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization`, or `basicAuth`. + Cannot be set at the same time as `authorization`. properties: clientId: description: |- @@ -49190,12 +49308,7 @@ spec: - tokenUrl type: object port: - description: |- - The port to scrape metrics from, when `role` is nodes, and for discovered - tasks and services that don't have published ports. - format: int32 - maximum: 65535 - minimum: 0 + description: The port to scrape metrics from. type: integer proxyConnectHeader: additionalProperties: @@ -49242,20 +49355,11 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the service discovery data - is refreshed. + description: Time after which the container is refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: Role of the targets to retrieve. Must be `Services`, - `Tasks`, or `Nodes`. - enum: - - Services - - Tasks - - Nodes - type: string tlsConfig: - description: TLS configuration to use on every scrape request + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49418,58 +49522,121 @@ spec: type: object required: - host - - role type: object type: array - ec2SDConfigs: - description: EC2SDConfigs defines a list of EC2 service discovery - configurations. + dockerSwarmSDConfigs: + description: DockerswarmSDConfigs defines a list of Dockerswarm service + discovery configurations. items: description: |- - EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. - The private IP address is used by default, but may be changed to the public IP address with relabeling. - The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config - - The EC2 service discovery requires AWS API keys or role ARN for authentication. - BasicAuth, Authorization and OAuth2 fields are not present on purpose. + DockerSwarmSDConfig configurations allow retrieving scrape targets from Docker Swarm engine. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#dockerswarm_sd_config properties: - accessKey: - description: AccessKey is the AWS API key. + authorization: + description: Authorization header configuration to authenticate + against the target HTTP endpoint. properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic + basicAuth: + description: Optional HTTP basic authentication information. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object enableHTTP2: - description: |- - Whether to enable HTTP2. - It requires Prometheus >= v2.41.0 + description: Whether to enable HTTP2. type: boolean filters: description: |- - Filters can be used optionally to filter the instance list by other criteria. - Available filter criteria can be found here: - https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html - Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html - It requires Prometheus >= v2.3.0 + Optional filters to limit the discovery process to a subset of available + resources. + The available filters are listed in the upstream documentation: + Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList + Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList + Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList items: description: Filter name and value pairs to limit the discovery process to a subset of available resources. @@ -49494,10 +49661,13 @@ spec: - name x-kubernetes-list-type: map followRedirects: - description: |- - Configure whether HTTP requests follow HTTP 3xx redirects. - It requires Prometheus >= v2.41.0 + description: Configure whether HTTP requests follow HTTP 3xx + redirects. type: boolean + host: + description: Address of the Docker daemon + pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$ + type: string noProxy: description: |- `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -49506,18 +49676,1366 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string - port: + oauth2: description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization`, or `basicAuth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + port: + description: |- + The port to scrape metrics from, when `role` is nodes, and for discovered + tasks and services that don't have published ports. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: The time after which the service discovery data + is refreshed. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + role: + description: Role of the targets to retrieve. Must be `Services`, + `Tasks`, or `Nodes`. + enum: + - Services + - Tasks + - Nodes + type: string + tlsConfig: + description: TLS configuration to use on every scrape request + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + - role + type: object + type: array + ec2SDConfigs: + description: EC2SDConfigs defines a list of EC2 service discovery + configurations. + items: + description: |- + EC2SDConfig allow retrieving scrape targets from AWS EC2 instances. + The private IP address is used by default, but may be changed to the public IP address with relabeling. + The IAM credentials used must have the ec2:DescribeInstances permission to discover scrape targets + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ec2_sd_config + + The EC2 service discovery requires AWS API keys or role ARN for authentication. + BasicAuth, Authorization and OAuth2 fields are not present on purpose. + properties: + accessKey: + description: AccessKey is the AWS API key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHTTP2: + description: |- + Whether to enable HTTP2. + It requires Prometheus >= v2.41.0 + type: boolean + filters: + description: |- + Filters can be used optionally to filter the instance list by other criteria. + Available filter criteria can be found here: + https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html + Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html + It requires Prometheus >= v2.3.0 + items: + description: Filter name and value pairs to limit the discovery + process to a subset of available resources. + properties: + name: + description: Name of the Filter. + type: string + values: + description: Value to filter on. + items: + minLength: 1 + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - name + - values + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + followRedirects: + description: |- + Configure whether HTTP requests follow HTTP 3xx redirects. + It requires Prometheus >= v2.41.0 + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to use.' + pattern: ^http(s)?://.+$ + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + region: + description: The AWS region. + minLength: 1 + type: string + roleARN: + description: AWS Role ARN, an alternative to using AWS API keys. + minLength: 1 + type: string + secretKey: + description: SecretKey is the AWS API secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tlsConfig: + description: |- + TLS configuration to connect to the AWS EC2 API. + It requires Prometheus >= v2.41.0 + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + enableCompression: + description: |- + When false, Prometheus will request uncompressed response from the scraped target. + + It requires Prometheus >= v2.49.0. + + If unset, Prometheus uses true by default. + type: boolean + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + eurekaSDConfigs: + description: EurekaSDConfigs defines a list of Eureka service discovery + configurations. + items: + description: |- + Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. + Prometheus will periodically check the REST endpoint and create a target for every app instance. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + properties: + authorization: + description: Authorization header to use on every scrape request. + properties: + credentials: + description: Selects a key of a Secret in the namespace + that contains the credentials for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Defines the authentication type. The value is case-insensitive. + + "Basic" is not a supported value. + + Default: "Bearer" + type: string + type: object + basicAuth: + description: BasicAuth information to use on every scrape request. + properties: + password: + description: |- + `password` specifies a key of a Secret containing the password for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + `username` specifies a key of a Secret containing the username for + authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + enableHTTP2: + description: Whether to enable HTTP2. + type: boolean + followRedirects: + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + oauth2: + description: |- + Optional OAuth 2.0 configuration. + Cannot be set at the same time as `authorization` or `basic_auth`. + properties: + clientId: + description: |- + `clientId` specifies a key of a Secret or ConfigMap containing the + OAuth2 client's ID. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: |- + `clientSecret` specifies a key of a Secret containing the OAuth2 + client's secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: |- + `endpointParams` configures the HTTP parameters to append to the token + URL. + type: object + noProxy: + description: |- + `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names + that should be excluded from proxying. IP and domain names can + contain port numbers. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: string + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + description: |- + ProxyConnectHeader optionally specifies headers to send to + proxies during CONNECT requests. + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: object + x-kubernetes-map-type: atomic + proxyFromEnvironment: + description: |- + Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). + + It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. + type: boolean + proxyUrl: + description: '`proxyURL` defines the HTTP proxy server to + use.' + pattern: ^http(s)?://.+$ + type: string + scopes: + description: '`scopes` defines the OAuth2 scopes used for + the token request.' + items: + type: string + type: array + tlsConfig: + description: |- + TLS configuration to use when connecting to the OAuth2 server. + It requires Prometheus >= v2.43.0. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for + the targets. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the + targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for + the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: |- + Maximum acceptable TLS version. + + It requires Prometheus >= v2.41.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + description: |- + Minimum acceptable TLS version. + + It requires Prometheus >= v2.35.0. + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + tokenUrl: + description: '`tokenURL` configures the URL to fetch the + token from.' + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyConnectHeader: + additionalProperties: + items: + description: SecretKeySelector selects a key of a Secret. properties: key: description: The key of the secret to select from. Must @@ -49559,46 +51077,15 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. + description: Refresh interval to re-read the instance list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - region: - description: The AWS region. - minLength: 1 - type: string - roleARN: - description: AWS Role ARN, an alternative to using AWS API keys. + server: + description: The URL to connect to the Eureka server. minLength: 1 type: string - secretKey: - description: SecretKey is the AWS API secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic tlsConfig: - description: |- - TLS configuration to connect to the AWS EC2 API. - It requires Prometheus >= v2.41.0 + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -49759,30 +51246,123 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + required: + - server type: object type: array - enableCompression: + fallbackScrapeProtocol: description: |- - When false, Prometheus will request uncompressed response from the scraped target. + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - It requires Prometheus >= v2.49.0. + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string + fileSDConfigs: + description: FileSDConfigs defines a list of file service discovery + configurations. + items: + description: |- + FileSDConfig defines a Prometheus file service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config + properties: + files: + description: |- + List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the + prometheus-operator project makes no guarantees about the working directory where the configuration file is + stored. + Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. + items: + description: SDFile represents a file used for service discovery + pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will reload the content of the files. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + required: + - files + type: object + type: array + gceSDConfigs: + description: GCESDConfigs defines a list of GCE service discovery + configurations. + items: + description: |- + GCESDConfig configures scrape targets from GCP GCE instances. + The private IP address is used by default, but may be changed to + the public IP address with relabeling. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - If unset, Prometheus uses true by default. - type: boolean - enableHTTP2: - description: Whether to enable HTTP2. - type: boolean - eurekaSDConfigs: - description: EurekaSDConfigs defines a list of Eureka service discovery + The GCE service discovery will load the Google Cloud credentials + from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. + See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform + + A pre-requisite for using GCESDConfig is that a Secret containing valid + Google Cloud credentials is mounted into the Prometheus or PrometheusAgent + pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS + environment variable is set to /etc/prometheus/secrets//. + properties: + filter: + description: |- + Filter can be used optionally to filter the instance list by other criteria + Syntax of this filter is described in the filter query parameter section: + https://cloud.google.com/compute/docs/reference/latest/instances/list + minLength: 1 + type: string + port: + description: |- + The port to scrape metrics from. If using the public IP address, this must + instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + project: + description: The Google Cloud Project ID + minLength: 1 + type: string + refreshInterval: + description: RefreshInterval configures the refresh interval + at which Prometheus will re-read the instance list. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + tagSeparator: + description: The tag separator is used to separate the tags + on concatenation + minLength: 1 + type: string + zone: + description: The zone of the scrape targets. If you need multiple + zones use multiple GCESDConfigs. + minLength: 1 + type: string + required: + - project + - zone + type: object + type: array + hetznerSDConfigs: + description: HetznerSDConfigs defines a list of Hetzner service discovery configurations. items: description: |- - Eureka SD configurations allow retrieving scrape targets using the Eureka REST API. - Prometheus will periodically check the REST endpoint and create a target for every app instance. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#eureka_sd_config + HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. + This service discovery uses the public IPv4 address by default, but that can be changed with relabeling + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config properties: authorization: - description: Authorization header to use on every scrape request. + description: |- + Authorization header configuration, required when role is hcloud. + Role robot does not support bearer token authentication. properties: credentials: description: Selects a key of a Secret in the namespace @@ -49819,7 +51399,9 @@ spec: type: string type: object basicAuth: - description: BasicAuth information to use on every scrape request. + description: |- + BasicAuth information to use on every scrape request, required when role is robot. + Role hcloud does not support basic auth. properties: password: description: |- @@ -49892,7 +51474,7 @@ spec: oauth2: description: |- Optional OAuth 2.0 configuration. - Cannot be set at the same time as `authorization` or `basic_auth`. + Cannot be used at the same time as `basic_auth` or `authorization`. properties: clientId: description: |- @@ -50217,6 +51799,9 @@ spec: - clientSecret - tokenUrl type: object + port: + description: The port to scrape metrics from. + type: integer proxyConnectHeader: additionalProperties: items: @@ -50262,15 +51847,19 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: Refresh interval to re-read the instance list. + description: The time after which the servers are refreshed. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - server: - description: The URL to connect to the Eureka server. - minLength: 1 + role: + description: The Hetzner role of entities that should be discovered. + enum: + - hcloud + - Hcloud + - robot + - Robot type: string tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. + description: TLS configuration to use on every scrape request. properties: ca: description: Certificate authority used when verifying server @@ -50432,117 +52021,29 @@ spec: type: string type: object required: - - server - type: object - type: array - fallbackScrapeProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string - fileSDConfigs: - description: FileSDConfigs defines a list of file service discovery - configurations. - items: - description: |- - FileSDConfig defines a Prometheus file service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#file_sd_config - properties: - files: - description: |- - List of files to be used for file discovery. Recommendation: use absolute paths. While relative paths work, the - prometheus-operator project makes no guarantees about the working directory where the configuration file is - stored. - Files must be mounted using Prometheus.ConfigMaps or Prometheus.Secrets. - items: - description: SDFile represents a file used for service discovery - pattern: ^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$ - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will reload the content of the files. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - required: - - files - type: object - type: array - gceSDConfigs: - description: GCESDConfigs defines a list of GCE service discovery - configurations. - items: - description: |- - GCESDConfig configures scrape targets from GCP GCE instances. - The private IP address is used by default, but may be changed to - the public IP address with relabeling. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#gce_sd_config - - The GCE service discovery will load the Google Cloud credentials - from the file specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. - See https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform - - A pre-requisite for using GCESDConfig is that a Secret containing valid - Google Cloud credentials is mounted into the Prometheus or PrometheusAgent - pod via the `.spec.secrets` field and that the GOOGLE_APPLICATION_CREDENTIALS - environment variable is set to /etc/prometheus/secrets//. - properties: - filter: - description: |- - Filter can be used optionally to filter the instance list by other criteria - Syntax of this filter is described in the filter query parameter section: - https://cloud.google.com/compute/docs/reference/latest/instances/list - type: string - port: - description: |- - The port to scrape metrics from. If using the public IP address, this must - instead be specified in the relabeling rule. - type: integer - project: - description: The Google Cloud Project ID - minLength: 1 - type: string - refreshInterval: - description: RefreshInterval configures the refresh interval - at which Prometheus will re-read the instance list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tagSeparator: - description: The tag separator is used to separate the tags - on concatenation - type: string - zone: - description: The zone of the scrape targets. If you need multiple - zones use multiple GCESDConfigs. - minLength: 1 - type: string - required: - - project - - zone + - role type: object type: array - hetznerSDConfigs: - description: HetznerSDConfigs defines a list of Hetzner service discovery + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + httpSDConfigs: + description: HTTPSDConfigs defines a list of HTTP service discovery configurations. items: description: |- - HetznerSDConfig allow retrieving scrape targets from Hetzner Cloud API and Robot API. - This service discovery uses the public IPv4 address by default, but that can be changed with relabeling - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#hetzner_sd_config + HTTPSDConfig defines a prometheus HTTP service discovery configuration + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config properties: authorization: description: |- - Authorization header configuration, required when role is hcloud. - Role robot does not support bearer token authentication. + Authorization header configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `oAuth2`, or `basicAuth`. properties: credentials: description: Selects a key of a Secret in the namespace @@ -50580,8 +52081,9 @@ spec: type: object basicAuth: description: |- - BasicAuth information to use on every scrape request, required when role is robot. - Role hcloud does not support basic auth. + BasicAuth information to authenticate against the target HTTP endpoint. + More info: https://prometheus.io/docs/operating/configuration/#endpoints + Cannot be set at the same time as `authorization`, or `oAuth2`. properties: password: description: |- @@ -50653,8 +52155,8 @@ spec: type: string oauth2: description: |- - Optional OAuth 2.0 configuration. - Cannot be used at the same time as `basic_auth` or `authorization`. + Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. + Cannot be set at the same time as `authorization`, or `basicAuth`. properties: clientId: description: |- @@ -50979,9 +52481,6 @@ spec: - clientSecret - tokenUrl type: object - port: - description: The port to scrape metrics from. - type: integer proxyConnectHeader: additionalProperties: items: @@ -51027,19 +52526,13 @@ spec: pattern: ^http(s)?://.+$ type: string refreshInterval: - description: The time after which the servers are refreshed. + description: |- + RefreshInterval configures the refresh interval at which Prometheus will re-query the + endpoint to update the target list. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string - role: - description: The Hetzner role of entities that should be discovered. - enum: - - hcloud - - Hcloud - - robot - - Robot - type: string tlsConfig: - description: TLS configuration to use on every scrape request. + description: TLS configuration applying to the target HTTP endpoint. properties: ca: description: Certificate authority used when verifying server @@ -51200,30 +52693,26 @@ spec: description: Used to verify the hostname for the targets. type: string type: object + url: + description: URL from which the targets are fetched. + minLength: 1 + pattern: ^http(s)?://.+$ + type: string required: - - role + - url type: object type: array - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. - type: boolean - httpSDConfigs: - description: HTTPSDConfigs defines a list of HTTP service discovery + ionosSDConfigs: + description: IonosSDConfigs defines a list of IONOS service discovery configurations. items: description: |- - HTTPSDConfig defines a prometheus HTTP service discovery configuration - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config + IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. + See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config properties: authorization: - description: |- - Authorization header configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `oAuth2`, or `basicAuth`. + description: Authorization` header configuration, required when + using IONOS. properties: credentials: description: Selects a key of a Secret in the namespace @@ -51259,71 +52748,16 @@ spec: Default: "Bearer" type: string type: object - basicAuth: - description: |- - BasicAuth information to authenticate against the target HTTP endpoint. - More info: https://prometheus.io/docs/operating/configuration/#endpoints - Cannot be set at the same time as `authorization`, or `oAuth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object + datacenterID: + description: The unique ID of the IONOS data center. + minLength: 1 + type: string enableHTTP2: - description: Whether to enable HTTP2. + description: Configure whether to enable HTTP2. type: boolean followRedirects: - description: Configure whether HTTP requests follow HTTP 3xx - redirects. + description: Configure whether the HTTP requests should follow + HTTP 3xx redirects. type: boolean noProxy: description: |- @@ -51334,9 +52768,7 @@ spec: It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. type: string oauth2: - description: |- - Optional OAuth 2.0 configuration to authenticate against the target HTTP endpoint. - Cannot be set at the same time as `authorization`, or `basicAuth`. + description: Configure whether to enable OAuth2. properties: clientId: description: |- @@ -51661,292 +53093,6 @@ spec: - clientSecret - tokenUrl type: object - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to use.' - pattern: ^http(s)?://.+$ - type: string - refreshInterval: - description: |- - RefreshInterval configures the refresh interval at which Prometheus will re-query the - endpoint to update the target list. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - tlsConfig: - description: TLS configuration applying to the target HTTP endpoint. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: URL from which the targets are fetched. - minLength: 1 - pattern: ^http(s)?://.+$ - type: string - required: - - url - type: object - type: array - ionosSDConfigs: - description: IonosSDConfigs defines a list of IONOS service discovery - configurations. - items: - description: |- - IonosSDConfig configurations allow retrieving scrape targets from IONOS resources. - See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#ionos_sd_config - properties: - authorization: - description: Authorization` header configuration, required when - using IONOS. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - datacenterID: - description: The unique ID of the IONOS data center. - minLength: 1 - type: string - enableHTTP2: - description: Configure whether to enable HTTP2. - type: boolean - followRedirects: - description: Configure whether the HTTP requests should follow - HTTP 3xx redirects. - type: boolean - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string port: description: Port to scrape the metrics from. format: int32 @@ -56101,6 +57247,7 @@ spec: required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password. + minLength: 1 type: string applicationCredentialSecret: description: |- @@ -56140,16 +57287,19 @@ spec: type: string domainID: description: DomainID + minLength: 1 type: string domainName: description: |- At most one of domainId and domainName must be provided if using username with Identity V3. Otherwise, either are optional. + minLength: 1 type: string identityEndpoint: description: |- IdentityEndpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. + pattern: ^http(s)?:\/\/.+$ type: string password: description: |- @@ -56181,9 +57331,13 @@ spec: description: |- The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. + format: int32 + maximum: 65535 + minimum: 0 type: integer projectID: description: ' ProjectID' + minLength: 1 type: string projectName: description: |- @@ -56191,6 +57345,7 @@ spec: Some providers allow you to specify a ProjectName instead of the ProjectId. Some require both. Your provider's authentication policies will determine how these fields influence authentication. + minLength: 1 type: string refreshInterval: description: Refresh interval to re-read the instance list. @@ -56372,6 +57527,7 @@ spec: type: object userid: description: UserID + minLength: 1 type: string username: description: |- @@ -56379,6 +57535,7 @@ spec: control panel to discover your account's username. In Identity V3, either userid or a combination of username and domainId or domainName are needed + minLength: 1 type: string required: - region @@ -57663,8 +58820,9 @@ spec: type: array x-kubernetes-list-type: set scrapeTimeout: - description: ScrapeTimeout is the number of seconds to wait until - a scrape request times out. + description: |- + ScrapeTimeout is the number of seconds to wait until a scrape request times out. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string staticConfigs: @@ -57879,8 +59037,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -58692,6 +59850,7 @@ spec: If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + The value cannot be greater than the scrape interval otherwise the operator will reject the resource. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: @@ -59108,8 +60267,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.2 + controller-gen.kubebuilder.io/version: v0.17.1 + operator.prometheus.io/version: 0.80.0 name: thanosrulers.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -66942,7 +68101,12 @@ spec: description: Defines the TLS parameters for HTTPS. properties: cert: - description: Contains the TLS certificate for the server. + description: |- + Secret or ConfigMap containing the TLS certificate for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `certFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -66995,20 +68159,28 @@ spec: type: object certFile: description: |- - Path to the TLS certificate file in the Prometheus container for the server. - Mutually exclusive with `cert`. + Path to the TLS certificate file in the container for the web server. + + Either `keySecret` or `keyFile` must be defined. + + It is mutually exclusive with `cert`. type: string cipherSuites: description: |- - List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - Go default cipher suites are used. Available cipher suites are documented - in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + List of supported cipher suites for TLS versions up to TLS 1.2. + + If not defined, the Go default cipher suites are used. + Available cipher suites are documented in the Go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants items: type: string type: array client_ca: - description: Contains the CA certificate for client certificate + description: |- + Secret or ConfigMap containing the CA certificate for client certificate authentication to the server. + + It is mutually exclusive with `clientCAFile`. properties: configMap: description: ConfigMap containing data to use for the @@ -67061,30 +68233,43 @@ spec: type: object clientAuthType: description: |- - Server policy for client authentication. Maps to ClientAuth Policies. + The server policy for client TLS authentication. + For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType type: string clientCAFile: description: |- - Path to the CA certificate file for client certificate authentication to the server. - Mutually exclusive with `client_ca`. + Path to the CA certificate file for client certificate authentication to + the server. + + It is mutually exclusive with `client_ca`. type: string curvePreferences: description: |- Elliptic curves that will be used in an ECDHE handshake, in preference - order. Available curves are documented in the go documentation: + order. + + Available curves are documented in the Go documentation: https://golang.org/pkg/crypto/tls/#CurveID items: type: string type: array keyFile: description: |- - Path to the TLS key file in the Prometheus container for the server. - Mutually exclusive with `keySecret`. + Path to the TLS private key file in the container for the web server. + + If defined, either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keySecret`. type: string keySecret: - description: Secret containing the TLS key for the server. + description: |- + Secret containing the TLS private key for the web server. + + Either `cert` or `certFile` must be defined. + + It is mutually exclusive with `keyFile`. properties: key: description: The key of the secret to select from. Must @@ -67108,18 +68293,17 @@ spec: type: object x-kubernetes-map-type: atomic maxVersion: - description: Maximum TLS version that is acceptable. Defaults - to TLS13. + description: Maximum TLS version that is acceptable. type: string minVersion: - description: Minimum TLS version that is acceptable. Defaults - to TLS12. + description: Minimum TLS version that is acceptable. type: string preferServerCipherSuites: description: |- - Controls whether the server selects the - client's most preferred cipher suite, or the server's most preferred - cipher suite. If true then the server's preference, as expressed in + Controls whether the server selects the client's most preferred cipher + suite, or the server's most preferred cipher suite. + + If true then the server's preference, as expressed in the order of elements in cipherSuites, is used. type: boolean type: object @@ -68946,34 +70130,34 @@ spec: name: k8smon-alloy --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagerconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-alertmanagers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-podmonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-probes.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusagents.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheuses.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-prometheusrules.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-scrapeconfigs.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-servicemonitors.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- # Source: k8s-monitoring/charts/prometheus-operator-crds/charts/crds/templates/crd-thanosrulers.yaml -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.80.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- # Source: k8s-monitoring/templates/hooks/validate-configuration.yaml apiVersion: v1