diff --git a/.github/workflows/test-chart.yml b/.github/workflows/test-chart.yml new file mode 100644 index 00000000..c43f0384 --- /dev/null +++ b/.github/workflows/test-chart.yml @@ -0,0 +1,56 @@ +name: Test Chart + +on: + push: + pull_request: + +jobs: + test-e2e: + name: Run on Ubuntu + runs-on: ubuntu-latest + steps: + - name: Clone the code + uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + + - name: Install kubebuilder + run: | + curl -L -o kubebuilder "https://go.kubebuilder.io/dl/latest/$(go env GOOS)/$(go env GOARCH)" + chmod +x kubebuilder + sudo mv kubebuilder /usr/local/bin/ + + - name: Install kind + run: | + curl -Lo ./kind https://kind.sigs.k8s.io/dl/latest/kind-linux-amd64 + chmod +x ./kind + sudo mv ./kind /usr/local/bin/kind + + - name: Create kind cluster + run: kind create cluster + + - name: Build and load operator image + run: | + go mod tidy + make manifests # Generate fresh manifests first + # Force Docker usage in CI (simpler than handling both runtimes) + make image-build CONTAINER_RUNTIME=docker + IMAGE_NAME="docker.io/persesdev/perses-operator:v$(cat VERSION)" + kind load docker-image "${IMAGE_NAME}" + + - name: Install Helm + run: | + curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + + - name: Test Helm chart + run: | + make helm-chart + helm lint dist/chart + make helm-install + + - name: Check Helm release + run: | + helm status perses-operator --namespace perses-operator-system diff --git a/.gitignore b/.gitignore index f18b129c..80ba59eb 100644 --- a/.gitignore +++ b/.gitignore @@ -26,8 +26,6 @@ Dockerfile.cross *~ .vscode -/dist - .goreleaser.yaml /.github/perses-ci/ diff --git a/Makefile b/Makefile index deabec21..b08a7136 100644 --- a/Makefile +++ b/Makefile @@ -488,3 +488,24 @@ generate-changelog: .PHONY: tag tag: ./scripts/release.sh --tag "${VERSION}" + +##@ Helm +.PHONY: helm-chart +helm-chart: manifests + kubebuilder edit --plugins=helm/v1-alpha + @echo "Helm chart updated in dist/chart/" + +.PHONY: helm-chart-force +helm-chart-force: manifests + kubebuilder edit --plugins=helm/v1-alpha --force + @echo "Helm chart forcibly updated in dist/chart/" + +.PHONY: helm-install +helm-install: helm-chart + helm upgrade --install perses-operator dist/chart \ + --create-namespace \ + --namespace perses-operator-system \ + --set image.repository=$(IMAGE_TAG_BASE) \ + --set image.tag=v$(VERSION) \ + --set metrics.enable=false \ + --force diff --git a/PROJECT b/PROJECT index 6145b33b..cecf8de9 100644 --- a/PROJECT +++ b/PROJECT @@ -6,6 +6,7 @@ domain: perses.dev layout: - go.kubebuilder.io/v4 plugins: + helm.kubebuilder.io/v1-alpha: {} manifests.sdk.operatorframework.io/v2: {} scorecard.sdk.operatorframework.io/v2: {} projectName: perses-operator @@ -16,7 +17,6 @@ resources: namespaced: true controller: true domain: perses.dev - group: kind: Perses path: github.com/perses/perses-operator/api/v1alpha1 version: v1alpha1 diff --git a/dist/chart/.helmignore b/dist/chart/.helmignore new file mode 100644 index 00000000..7d92f7fb --- /dev/null +++ b/dist/chart/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building Helm packages. +# Operating system files +.DS_Store + +# Version control directories +.git/ +.gitignore +.bzr/ +.hg/ +.hgignore +.svn/ + +# Backup and temporary files +*.swp +*.tmp +*.bak +*.orig +*~ + +# IDE and editor-related files +.idea/ +.vscode/ + +# Helm chart artifacts +dist/chart/*.tgz diff --git a/dist/chart/Chart.yaml b/dist/chart/Chart.yaml new file mode 100644 index 00000000..32c73dea --- /dev/null +++ b/dist/chart/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: perses-operator +description: A Helm chart to distribute the project perses-operator +type: application +version: 0.1.0 +appVersion: "0.1.0" +icon: "https://example.com/icon.png" diff --git a/dist/chart/templates/_helpers.tpl b/dist/chart/templates/_helpers.tpl new file mode 100644 index 00000000..bb7983e1 --- /dev/null +++ b/dist/chart/templates/_helpers.tpl @@ -0,0 +1,50 @@ +{{- define "chart.name" -}} +{{- if .Chart }} + {{- if .Chart.Name }} + {{- .Chart.Name | trunc 63 | trimSuffix "-" }} + {{- else if .Values.nameOverride }} + {{ .Values.nameOverride | trunc 63 | trimSuffix "-" }} + {{- else }} + perses-operator + {{- end }} +{{- else }} + perses-operator +{{- end }} +{{- end }} + + +{{- define "chart.labels" -}} +{{- if .Chart.AppVersion -}} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if .Chart.Version }} +helm.sh/chart: {{ .Chart.Version | quote }} +{{- end }} +app.kubernetes.io/name: {{ include "chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + + +{{- define "chart.selectorLabels" -}} +app.kubernetes.io/name: {{ include "chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + +{{- define "chart.hasMutatingWebhooks" -}} +{{- $hasMutating := false }} +{{- range . }} + {{- if eq .type "mutating" }} + $hasMutating = true }}{{- end }} +{{- end }} +{{ $hasMutating }}}}{{- end }} + + +{{- define "chart.hasValidatingWebhooks" -}} +{{- $hasValidating := false }} +{{- range . }} + {{- if eq .type "validating" }} + $hasValidating = true }}{{- end }} +{{- end }} +{{ $hasValidating }}}}{{- end }} diff --git a/dist/chart/templates/certmanager/certificate.yaml b/dist/chart/templates/certmanager/certificate.yaml new file mode 100644 index 00000000..3c314cb6 --- /dev/null +++ b/dist/chart/templates/certmanager/certificate.yaml @@ -0,0 +1,36 @@ +{{- if .Values.certmanager.enable }} +# Self-signed Issuer +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: selfsigned-issuer + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +{{- if .Values.metrics.enable }} +--- +# Certificate for the metrics +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + annotations: + {{- if .Values.crd.keep }} + "helm.sh/resource-policy": keep + {{- end }} + labels: + {{- include "chart.labels" . | nindent 4 }} + name: metrics-certs + namespace: {{ .Release.Namespace }} +spec: + dnsNames: + - perses-operator.{{ .Release.Namespace }}.svc + - perses-operator.{{ .Release.Namespace }}.svc.cluster.local + - perses-operator-metrics-service.{{ .Release.Namespace }}.svc + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: metrics-server-cert +{{- end }} +{{- end }} diff --git a/dist/chart/templates/crd/perses.dev_perses.yaml b/dist/chart/templates/crd/perses.dev_perses.yaml new file mode 100755 index 00000000..ebb6b59a --- /dev/null +++ b/dist/chart/templates/crd/perses.dev_perses.yaml @@ -0,0 +1,5483 @@ +{{- if .Values.crd.enable }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + {{- if .Values.crd.keep }} + "helm.sh/resource-policy": keep + {{- end }} + controller-gen.kubebuilder.io/version: v0.16.0 + name: perses.perses.dev +spec: + group: perses.dev + names: + kind: Perses + listKind: PersesList + plural: perses + shortNames: + - per + singular: perses + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Perses is the Schema for the perses API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PersesSpec defines the desired state of Perses + properties: + affinity: + description: Affinity is a group of affinity scheduling rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + description: Args extra arguments to pass to perses + items: + type: string + type: array + client: + description: Perses client configuration + properties: + basicAuth: + description: BasicAuth basic auth config for perses client + properties: + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + password_path: + description: Path to password + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + username: + description: Username for basic auth + type: string + required: + - password_path + - type + - username + type: object + kubernetesAuth: + description: KubernetesAuth configuration for perses client + properties: + enable: + description: Enable kubernetes auth for perses client + type: boolean + required: + - enable + type: object + oauth: + description: OAuth configuration for perses client + properties: + authStyle: + description: |- + AuthStyle optionally specifies how the endpoint wants the + client ID & client secret sent. The zero value means to + auto-detect. + type: integer + clientIDPath: + description: Path to client id + type: string + clientSecretPath: + description: Path to client secret + type: string + endpointParams: + additionalProperties: + items: + type: string + type: array + description: EndpointParams specifies additional parameters + for requests to the token endpoint. + type: object + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + scopes: + description: Scope specifies optional requested permissions. + items: + type: string + type: array + tokenURL: + description: |- + TokenURL is the resource server's token endpoint + URL. This is a constant specific to each server. + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - tokenURL + - type + type: object + tls: + description: TLS the equivalent to the tls_config for perses client + properties: + caCert: + description: CaCert to verify the perses certificate + properties: + certPath: + description: Path to Certificate + type: string + name: + description: Name of basic auth k8s resource (when type + is secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + privateKeyPath: + description: Path to Private key certificate + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - certPath + - type + type: object + enable: + description: Enable TLS connection to perses + type: boolean + insecureSkipVerify: + description: InsecureSkipVerify skip verify of perses certificate + type: boolean + userCert: + description: UserCert client cert/key for mTLS + properties: + certPath: + description: Path to Certificate + type: string + name: + description: Name of basic auth k8s resource (when type + is secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + privateKeyPath: + description: Path to Private key certificate + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - certPath + - type + type: object + required: + - enable + type: object + type: object + config: + properties: + api_prefix: + description: Use it in case you want to prefix the API path. + type: string + dashboard: + description: Dashboard contains the configuration for the dashboard + feature. + properties: + custom_lint_rules: + items: + properties: + assertion: + description: |- + Assertion is a CEL expression that validates the extracted value. + Refer to https://github.com/google/cel-spec/blob/master/doc/langdef.md for the syntax. + type: string + disable: + description: Disable is a flag to disable the rule. + type: boolean + message: + description: Message is displayed if the assertion fails. + type: string + name: + description: Name of the rule + type: string + target: + description: |- + Target is a JSONPath expression to extract the relevant portion of the dashboard data. + Refer to https://goessner.net/articles/JsonPath/ for the syntax. + type: string + required: + - assertion + - disable + - message + - name + - target + type: object + type: array + type: object + database: + description: Database contains the different configuration depending + on the database you want to use + properties: + file: + properties: + case_sensitive: + type: boolean + extension: + type: string + folder: + type: string + required: + - folder + type: object + sql: + properties: + addr: + description: Network address (requires Net) + type: string + allow_all_files: + description: Allow all files to be used with LOAD DATA + LOCAL INFILE + type: boolean + allow_cleartext_passwords: + description: Allows the cleartext client side plugin + type: boolean + allow_fallback_to_plaintext: + description: Allows fallback to unencrypted connection + if server does not support TLS + type: boolean + allow_native_passwords: + description: Allows the native password authentication + method + type: boolean + allow_old_passwords: + description: Allows the old insecure password method + type: boolean + case_sensitive: + type: boolean + check_conn_liveness: + description: Check connections for liveness before using + them + type: boolean + client_found_rows: + description: Return number of matching rows instead of + rows changed + type: boolean + collation: + description: Connection collation + type: string + columns_with_alias: + description: Prepend table alias to column names + type: boolean + db_name: + description: Database name + type: string + interpolate_params: + description: Interpolate placeholders into query string + type: boolean + loc: + description: Location for time.Time values + type: object + max_allowed_packet: + description: Max packet size allowed + type: integer + multi_statements: + description: Allow multiple statements in one query + type: boolean + net: + description: Network type + type: string + parse_time: + description: Parse time values to time.Time + type: boolean + password: + description: Password (requires User) + type: string + password_file: + description: PasswordFile is a path to a file that contains + a password + type: string + read_timeout: + description: I/O read timeout + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + reject_read_only: + description: Reject read-only connections + type: boolean + server_pub_key: + description: Server public key name + type: string + timeout: + description: Dial timeout + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + tls_config: + description: TLS configuration + properties: + ca: + description: Text of the CA cert to use for the targets. + type: string + ca_file: + description: The CA cert to use for the targets. + type: string + ca_ref: + description: |- + CARef is the name of the secret within the secret manager to use as the CA cert for the + targets. + type: string + cert: + description: Text of the client cert file for the + targets. + type: string + cert_file: + description: The client cert file for the targets. + type: string + cert_ref: + description: |- + CertRef is the name of the secret within the secret manager to use as the client cert for + the targets. + type: string + insecure_skip_verify: + description: Disable target certificate validation. + type: boolean + key: + description: Text of the client key file for the targets. + type: string + key_file: + description: The client key file for the targets. + type: string + key_ref: + description: |- + KeyRef is the name of the secret within the secret manager to use as the client key for + the targets. + type: string + max_version: + description: Maximum TLS version. + type: integer + min_version: + description: Minimum TLS version. + type: integer + server_name: + description: Used to verify the hostname for the targets. + type: string + required: + - insecure_skip_verify + type: object + user: + description: Username + type: string + write_timeout: + description: I/O write timeout + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + required: + - allow_all_files + - allow_cleartext_passwords + - allow_fallback_to_plaintext + - allow_native_passwords + - allow_old_passwords + - case_sensitive + - check_conn_liveness + - client_found_rows + - columns_with_alias + - db_name + - interpolate_params + - max_allowed_packet + - multi_statements + - parse_time + - read_timeout + - reject_read_only + - server_pub_key + - timeout + - write_timeout + type: object + type: object + datasource: + description: Datasource contains the configuration for the datasource. + properties: + disable_local: + description: |- + DisableLocal when used is preventing the possibility to add a datasource directly in the dashboard spec. + It will also disable the associated proxy. + type: boolean + global: + properties: + disable: + description: |- + Disable is used to disable the global datasource feature. + It will also remove the associated proxy. + Also, since the global variable depends on the global datasource, it will also disable the global variable feature. + type: boolean + discovery: + description: |- + Discovery is the configuration that helps to generate a list of global datasource based on the discovery chosen. + Be careful: the data coming from the discovery will totally override what exists in the database. + Note that this is an experimental feature. Behavior and config may change in the future. + items: + properties: + http_sd: + description: |- + HTTP-based service discovery provides a more generic way to generate a set of global datasource and serves as an interface to plug in custom service discovery mechanisms. + It fetches an HTTP endpoint containing a list of zero or more global datasources. + The target must reply with an HTTP 200 response. + The HTTP header Content-Type must be application/json, and the body must be valid array of JSON. + properties: + authorization: + description: The HTTP authorization credentials + for the targets. + properties: + credentials: + type: string + credentialsFile: + type: string + type: + type: string + type: object + basic_auth: + properties: + password: + type: string + passwordFile: + description: PasswordFile is a path to a + file that contains a password + type: string + username: + type: string + required: + - username + type: object + headers: + additionalProperties: + type: string + type: object + native_auth: + properties: + login: + type: string + password: + type: string + required: + - login + - password + type: object + oauth: + properties: + authStyle: + description: |- + AuthStyle optionally specifies how the endpoint wants the + client ID & client secret sent. The zero value means to + auto-detect. + type: integer + clientID: + description: ClientID is the application's + ID. + type: string + clientSecret: + description: ClientSecret is the application's + secret. + type: string + clientSecretFile: + type: string + endpointParams: + additionalProperties: + items: + type: string + type: array + description: EndpointParams specifies additional + parameters for requests to the token endpoint. + type: object + scopes: + description: Scope specifies optional requested + permissions. + items: + type: string + type: array + tokenURL: + description: |- + TokenURL is the resource server's token endpoint + URL. This is a constant specific to each server. + type: string + required: + - authStyle + - clientID + - clientSecret + - clientSecretFile + - endpointParams + - scopes + - tokenURL + type: object + tls_config: + description: TLSConfig to use to connect to + the targets. + properties: + ca: + description: Text of the CA cert to use + for the targets. + type: string + caFile: + description: The CA cert to use for the + targets. + type: string + cert: + description: Text of the client cert file + for the targets. + type: string + certFile: + description: The client cert file for the + targets. + type: string + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + key: + description: Text of the client key file + for the targets. + type: string + keyFile: + description: The client key file for the + targets. + type: string + maxVersion: + description: |- + Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default maximum version, which is TLS 1.3. + See MaxVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + minVersion: + description: |- + Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default minimum version, which is TLS 1.2. + See MinVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + serverName: + description: Used to verify the hostname + for the targets. + type: string + type: object + url: + format: uri + type: string + required: + - url + type: object + kubernetes_sd: + description: |- + Kubernetes SD configurations allow retrieving global datasource from Kubernetes' REST API + and always staying synchronized with the cluster state. + properties: + datasource_plugin_kind: + description: DatasourcePluginKind is the name + of the datasource plugin that should be filled + when creating datasources found. + type: string + labels: + additionalProperties: + type: string + description: The labels used to filter the list + of resource when contacting the Kubernetes + API. + type: object + namespace: + description: |- + Kubernetes namespace to constraint the query to only one namespace. + Leave empty if you are looking for datasource cross-namespace. + type: string + pod_configuration: + description: Configuration when you want to + discover the pods in Kubernetes + properties: + container_name: + description: Name of the container the target + address points to. + type: string + container_port_name: + description: Name of the container port. + type: string + container_port_number: + description: Number of the container port. + format: int32 + type: integer + enable: + description: If set to true, Perses server + will discovery the pod + type: boolean + type: object + service_configuration: + description: Configuration when you want to + discover the services in Kubernetes + properties: + enable: + description: If set to true, Perses server + will discovery the service + type: boolean + port_name: + description: Name of the service port for + the target. + type: string + port_number: + description: Number of the service port + for the target. + format: int32 + type: integer + service_type: + description: The type of the service. + type: string + type: object + required: + - datasource_plugin_kind + - namespace + type: object + name: + description: The name of the discovery config. It + is used for logging purposes only + type: string + refresh_interval: + description: Refresh interval to re-query the endpoint. + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + required: + - name + type: object + type: array + required: + - disable + type: object + project: + properties: + disable: + description: |- + Disable is used to disable the project datasource feature. + It will also remove the associated proxy. + type: boolean + required: + - disable + type: object + required: + - disable_local + - global + - project + type: object + ephemeral_dashboard: + description: EphemeralDashboard contains the config about the + ephemeral dashboard feature + properties: + cleanup_interval: + description: The interval at which to trigger the cleanup + of ephemeral dashboards, based on their TTLs. + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + enable: + description: When true user will be able to use the ephemeral + dashboard at project level. + type: boolean + required: + - cleanup_interval + - enable + type: object + ephemeral_dashboards_cleanup_interval: + description: |- + EphemeralDashboardsCleanupInterval is the interval at which the ephemeral dashboards are cleaned up + DEPRECATED. + Please use the config EphemeralDashboard instead. + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + frontend: + description: Frontend contains any config that will be used by + the frontend itself. + properties: + disable: + description: When it is true, Perses won't serve the frontend + anymore, and any other config set here will be ignored + type: boolean + explorer: + description: |- + Explorer is activating the different kind of explorer supported. + Be sure you have installed an associated plugin for each explorer type. + properties: + enable: + type: boolean + required: + - enable + type: object + important_dashboards: + description: ImportantDashboards contains important dashboard + selectors + items: + properties: + dashboard: + description: Dashboard is the name of the dashboard + (dashboard.metadata.name) + type: string + project: + description: Project is the name of the project (dashboard.metadata.project) + type: string + required: + - dashboard + - project + type: object + type: array + information: + description: Information contains markdown content to be display + on the home page + type: string + time_range: + description: TimeRange contains the time range configuration + for the dropdown + properties: + disable_custom: + type: boolean + disable_zoom: + type: boolean + options: + items: + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + type: array + required: + - disable_custom + - disable_zoom + type: object + required: + - disable + - explorer + type: object + plugin: + description: Plugin contains the config for runtime plugins. + properties: + archive_path: + description: |- + ArchivePath is the path to the directory containing the archived plugins + When Perses is starting, it will extract the content of the archive in the folder specified in the `folder` attribute. + type: string + enable_dev: + description: DevEnvironment is the configuration to use when + developing a plugin + type: boolean + path: + description: Path is the path to the directory containing + the runtime plugins + type: string + required: + - enable_dev + type: object + provisioning: + description: Provisioning contains the provisioning config that + can be used if you want to provide default resources. + properties: + folders: + items: + type: string + type: array + interval: + description: Interval is the refresh frequency + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + type: object + schemas: + description: |- + Schemas contain the configuration to get access to the CUE schemas + DEPRECATED. + Please remove it from your config. + properties: + datasources_path: + type: string + interval: + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + panels_path: + type: string + queries_path: + type: string + variables_path: + type: string + type: object + security: + description: Security contains any configuration that changes + the API behavior like the endpoints exposed or if the permissions + are activated. + properties: + authentication: + description: Authentication contains configuration regarding + management of access/refresh token + properties: + access_token_ttl: + description: AccessTokenTTL is the time to live of the + access token. By default, it is 15 minutes. + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + disable_sign_up: + description: |- + DisableSignUp deactivates the Sign-up page in the UI. + It also disables the endpoint that gives the possibility to create a user. + type: boolean + providers: + description: Providers configure the different authentication + providers + properties: + enable_native: + type: boolean + oauth: + items: + properties: + auth_url: + format: uri + type: string + client_credentials: + properties: + client_id: + description: Hidden special type for storing + secrets. + type: string + client_secret: + description: Hidden special type for storing + secrets. + type: string + scopes: + items: + type: string + type: array + required: + - client_id + - client_secret + - scopes + type: object + client_id: + description: Hidden special type for storing + secrets. + type: string + client_secret: + description: Hidden special type for storing + secrets. + type: string + custom_login_property: + type: string + device_auth_url: + format: uri + type: string + device_code: + properties: + client_id: + description: Hidden special type for storing + secrets. + type: string + client_secret: + description: Hidden special type for storing + secrets. + type: string + scopes: + items: + type: string + type: array + required: + - client_id + - client_secret + - scopes + type: object + http: + properties: + timeout: + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + tls_config: + properties: + ca: + description: Text of the CA cert to + use for the targets. + type: string + caFile: + description: The CA cert to use for + the targets. + type: string + cert: + description: Text of the client cert + file for the targets. + type: string + certFile: + description: The client cert file for + the targets. + type: string + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + key: + description: Text of the client key + file for the targets. + type: string + keyFile: + description: The client key file for + the targets. + type: string + maxVersion: + description: |- + Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default maximum version, which is TLS 1.3. + See MaxVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + minVersion: + description: |- + Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default minimum version, which is TLS 1.2. + See MinVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + serverName: + description: Used to verify the hostname + for the targets. + type: string + type: object + required: + - timeout + - tls_config + type: object + name: + type: string + redirect_uri: + format: uri + type: string + scopes: + items: + type: string + type: array + slug_id: + type: string + token_url: + format: uri + type: string + user_infos_url: + format: uri + type: string + required: + - auth_url + - client_id + - device_auth_url + - http + - name + - slug_id + - token_url + - user_infos_url + type: object + type: array + oidc: + items: + properties: + client_credentials: + properties: + client_id: + description: Hidden special type for storing + secrets. + type: string + client_secret: + description: Hidden special type for storing + secrets. + type: string + scopes: + items: + type: string + type: array + required: + - client_id + - client_secret + - scopes + type: object + client_id: + description: Hidden special type for storing + secrets. + type: string + client_secret: + description: Hidden special type for storing + secrets. + type: string + device_code: + properties: + client_id: + description: Hidden special type for storing + secrets. + type: string + client_secret: + description: Hidden special type for storing + secrets. + type: string + scopes: + items: + type: string + type: array + required: + - client_id + - client_secret + - scopes + type: object + disable_pkce: + type: boolean + discovery_url: + format: uri + type: string + http: + properties: + timeout: + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + tls_config: + properties: + ca: + description: Text of the CA cert to + use for the targets. + type: string + caFile: + description: The CA cert to use for + the targets. + type: string + cert: + description: Text of the client cert + file for the targets. + type: string + certFile: + description: The client cert file for + the targets. + type: string + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + key: + description: Text of the client key + file for the targets. + type: string + keyFile: + description: The client key file for + the targets. + type: string + maxVersion: + description: |- + Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default maximum version, which is TLS 1.3. + See MaxVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + minVersion: + description: |- + Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default minimum version, which is TLS 1.2. + See MinVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + serverName: + description: Used to verify the hostname + for the targets. + type: string + type: object + required: + - timeout + - tls_config + type: object + issuer: + format: uri + type: string + name: + type: string + redirect_uri: + format: uri + type: string + scopes: + items: + type: string + type: array + slug_id: + type: string + url_params: + additionalProperties: + type: string + type: object + required: + - client_id + - disable_pkce + - http + - issuer + - name + - slug_id + type: object + type: array + required: + - enable_native + type: object + refresh_token_ttl: + description: |- + RefreshTokenTTL is the time to live of the refresh token. + The refresh token is used to get a new access token when it is expired. + By default, it is 24 hours. + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + required: + - disable_sign_up + - providers + type: object + authorization: + description: Authorization contains all configs around rbac + (permissions and roles) + properties: + check_latest_update_interval: + description: CheckLatestUpdateInterval that checks if + the RBAC cache needs to be refreshed with db content. + Only for SQL database setup. + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + guest_permissions: + description: Default permissions for guest users (logged-in + users) + items: + properties: + actions: + description: Actions of the permission (read, create, + update, delete, ...) + items: + type: string + type: array + scopes: + description: |- + The list of kind targeted by the permission. For example: `Datasource`, `Dashboard`, ... + With Role, you can't target global kinds + items: + type: string + type: array + required: + - actions + - scopes + type: object + type: array + type: object + cookie: + description: Cookie configuration + properties: + same_site: + description: |- + Set the SameSite cookie attribute and prevents the browser from sending the cookie along with cross-site requests. + The main goal is to mitigate the risk of cross-origin information leakage. + This setting also provides some protection against cross-site request forgery attacks (CSRF) + type: integer + secure: + description: Set to true if you host Perses behind HTTPS. + Default is false + type: boolean + required: + - secure + type: object + cors: + description: Configuration for the CORS middleware. + properties: + allow_credentials: + type: boolean + allow_headers: + items: + type: string + type: array + allow_methods: + items: + type: string + type: array + allow_origins: + items: + type: string + type: array + enable: + type: boolean + expose_headers: + items: + type: string + type: array + max_age: + type: integer + required: + - enable + type: object + enable_auth: + description: |- + When it is true, the authentication and authorization config are considered. + And you will need a valid JWT token to contact most of the endpoints exposed by the API + type: boolean + encryption_key: + description: |- + EncryptionKey is the secret key used to encrypt and decrypt sensitive data + stored in the database such as the password of the basic auth for a datasource. + Note that if it is not provided, it will use a default value. + On a production instance, you should set this key. + Also note the key size must be exactly 32 bytes long as we are using AES-256 to encrypt the data. + type: string + encryption_key_file: + description: EncryptionKeyFile is the path to file containing + the secret key + type: string + readonly: + description: Readonly will deactivate any HTTP POST, PUT, + DELETE endpoint + type: boolean + required: + - cookie + - enable_auth + - readonly + type: object + variable: + description: Variable contains the configuration for the variable. + properties: + disable_local: + description: DisableLocal when used is preventing the possibility + to add a variable directly in the dashboard spec. + type: boolean + global: + properties: + disable: + description: |- + Disable is used to disable the global variable feature. + Note that if the global datasource is disabled, the global variable will also be disabled. + type: boolean + required: + - disable + type: object + project: + properties: + disable: + description: |- + Disable is used to disable the project variable feature. + Note that if the global datasource and the project datasource are disabled, + then the project variable will also be disabled. + type: boolean + required: + - disable + type: object + required: + - disable_local + - global + - project + type: object + type: object + containerPort: + format: int32 + type: integer + image: + description: Image specifies the container image that should be used + for the Perses deployment. + type: string + livenessProbe: + description: |- + Probe describes a health check to be performed against a container to determine whether it is + alive or ready to receive traffic. + properties: + exec: + description: Exec specifies a command to execute in the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number must + be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes a custom header to be + used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + metadata: + description: Metadata to add to deployed pods + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + nodeSelector: + additionalProperties: + type: string + type: object + readinessProbe: + description: |- + Probe describes a health check to be performed against a container to determine whether it is + alive or ready to receive traffic. + properties: + exec: + description: Exec specifies a command to execute in the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number must + be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes a custom header to be + used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + replicas: + format: int32 + type: integer + service: + description: service specifies the service configuration for the perses + instance + properties: + annotations: + additionalProperties: + type: string + type: object + name: + type: string + type: object + serviceAccountName: + description: ServiceAccountName is the name of the service account + to use for the perses deployment or statefulset. + type: string + storage: + default: + size: 1Gi + description: Storage configuration used by the StatefulSet + properties: + size: + anyOf: + - type: integer + - type: string + description: |- + Size of the storage. + cannot be decreased. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + description: |- + StorageClass to use for PVCs. + If not specified, will use the default storage class + type: string + type: object + tls: + description: tls specifies the tls configuration for the perses instance + properties: + caCert: + description: CaCert to verify the perses certificate + properties: + certPath: + description: Path to Certificate + type: string + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + privateKeyPath: + description: Path to Private key certificate + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - certPath + - type + type: object + enable: + description: Enable TLS connection to perses + type: boolean + insecureSkipVerify: + description: InsecureSkipVerify skip verify of perses certificate + type: boolean + userCert: + description: UserCert client cert/key for mTLS + properties: + certPath: + description: Path to Certificate + type: string + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + privateKeyPath: + description: Path to Private key certificate + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - certPath + - type + type: object + required: + - enable + type: object + tolerations: + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + status: + description: PersesStatus defines the observed state of Perses + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1alpha2 + schema: + openAPIV3Schema: + description: Perses is the Schema for the perses API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PersesSpec defines the desired state of Perses + properties: + affinity: + description: Affinity is a group of affinity scheduling rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + description: Args extra arguments to pass to perses + items: + type: string + type: array + client: + description: Perses client configuration + properties: + basicAuth: + description: BasicAuth basic auth config for perses client + properties: + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + password_path: + description: Path to password + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + username: + description: Username for basic auth + type: string + required: + - password_path + - type + - username + type: object + kubernetesAuth: + description: KubernetesAuth configuration for perses client + properties: + enable: + description: Enable kubernetes auth for perses client + type: boolean + required: + - enable + type: object + oauth: + description: OAuth configuration for perses client + properties: + authStyle: + description: |- + AuthStyle optionally specifies how the endpoint wants the + client ID & client secret sent. The zero value means to + auto-detect. + type: integer + clientIDPath: + description: Path to client id + type: string + clientSecretPath: + description: Path to client secret + type: string + endpointParams: + additionalProperties: + items: + type: string + type: array + description: EndpointParams specifies additional parameters + for requests to the token endpoint. + type: object + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + scopes: + description: Scope specifies optional requested permissions. + items: + type: string + type: array + tokenURL: + description: |- + TokenURL is the resource server's token endpoint + URL. This is a constant specific to each server. + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - tokenURL + - type + type: object + tls: + description: TLS the equivalent to the tls_config for perses client + properties: + caCert: + description: CaCert to verify the perses certificate + properties: + certPath: + description: Path to Certificate + type: string + name: + description: Name of basic auth k8s resource (when type + is secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + privateKeyPath: + description: Path to Private key certificate + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - certPath + - type + type: object + enable: + description: Enable TLS connection to perses + type: boolean + insecureSkipVerify: + description: InsecureSkipVerify skip verify of perses certificate + type: boolean + userCert: + description: UserCert client cert/key for mTLS + properties: + certPath: + description: Path to Certificate + type: string + name: + description: Name of basic auth k8s resource (when type + is secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + privateKeyPath: + description: Path to Private key certificate + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - certPath + - type + type: object + required: + - enable + type: object + type: object + config: + properties: + api_prefix: + description: Use it in case you want to prefix the API path. + type: string + dashboard: + description: Dashboard contains the configuration for the dashboard + feature. + properties: + custom_lint_rules: + items: + properties: + assertion: + description: |- + Assertion is a CEL expression that validates the extracted value. + Refer to https://github.com/google/cel-spec/blob/master/doc/langdef.md for the syntax. + type: string + disable: + description: Disable is a flag to disable the rule. + type: boolean + message: + description: Message is displayed if the assertion fails. + type: string + name: + description: Name of the rule + type: string + target: + description: |- + Target is a JSONPath expression to extract the relevant portion of the dashboard data. + Refer to https://goessner.net/articles/JsonPath/ for the syntax. + type: string + required: + - assertion + - disable + - message + - name + - target + type: object + type: array + type: object + database: + description: Database contains the different configuration depending + on the database you want to use + properties: + file: + properties: + case_sensitive: + type: boolean + extension: + type: string + folder: + type: string + required: + - folder + type: object + sql: + properties: + addr: + description: Network address (requires Net) + type: string + allow_all_files: + description: Allow all files to be used with LOAD DATA + LOCAL INFILE + type: boolean + allow_cleartext_passwords: + description: Allows the cleartext client side plugin + type: boolean + allow_fallback_to_plaintext: + description: Allows fallback to unencrypted connection + if server does not support TLS + type: boolean + allow_native_passwords: + description: Allows the native password authentication + method + type: boolean + allow_old_passwords: + description: Allows the old insecure password method + type: boolean + case_sensitive: + type: boolean + check_conn_liveness: + description: Check connections for liveness before using + them + type: boolean + client_found_rows: + description: Return number of matching rows instead of + rows changed + type: boolean + collation: + description: Connection collation + type: string + columns_with_alias: + description: Prepend table alias to column names + type: boolean + db_name: + description: Database name + type: string + interpolate_params: + description: Interpolate placeholders into query string + type: boolean + loc: + description: Location for time.Time values + type: object + max_allowed_packet: + description: Max packet size allowed + type: integer + multi_statements: + description: Allow multiple statements in one query + type: boolean + net: + description: Network type + type: string + parse_time: + description: Parse time values to time.Time + type: boolean + password: + description: Password (requires User) + type: string + password_file: + description: PasswordFile is a path to a file that contains + a password + type: string + read_timeout: + description: I/O read timeout + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + reject_read_only: + description: Reject read-only connections + type: boolean + server_pub_key: + description: Server public key name + type: string + timeout: + description: Dial timeout + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + tls_config: + description: TLS configuration + properties: + ca: + description: Text of the CA cert to use for the targets. + type: string + ca_file: + description: The CA cert to use for the targets. + type: string + ca_ref: + description: |- + CARef is the name of the secret within the secret manager to use as the CA cert for the + targets. + type: string + cert: + description: Text of the client cert file for the + targets. + type: string + cert_file: + description: The client cert file for the targets. + type: string + cert_ref: + description: |- + CertRef is the name of the secret within the secret manager to use as the client cert for + the targets. + type: string + insecure_skip_verify: + description: Disable target certificate validation. + type: boolean + key: + description: Text of the client key file for the targets. + type: string + key_file: + description: The client key file for the targets. + type: string + key_ref: + description: |- + KeyRef is the name of the secret within the secret manager to use as the client key for + the targets. + type: string + max_version: + description: Maximum TLS version. + type: integer + min_version: + description: Minimum TLS version. + type: integer + server_name: + description: Used to verify the hostname for the targets. + type: string + required: + - insecure_skip_verify + type: object + user: + description: Username + type: string + write_timeout: + description: I/O write timeout + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + required: + - allow_all_files + - allow_cleartext_passwords + - allow_fallback_to_plaintext + - allow_native_passwords + - allow_old_passwords + - case_sensitive + - check_conn_liveness + - client_found_rows + - columns_with_alias + - db_name + - interpolate_params + - max_allowed_packet + - multi_statements + - parse_time + - read_timeout + - reject_read_only + - server_pub_key + - timeout + - write_timeout + type: object + type: object + datasource: + description: Datasource contains the configuration for the datasource. + properties: + disable_local: + description: |- + DisableLocal when used is preventing the possibility to add a datasource directly in the dashboard spec. + It will also disable the associated proxy. + type: boolean + global: + properties: + disable: + description: |- + Disable is used to disable the global datasource feature. + It will also remove the associated proxy. + Also, since the global variable depends on the global datasource, it will also disable the global variable feature. + type: boolean + discovery: + description: |- + Discovery is the configuration that helps to generate a list of global datasource based on the discovery chosen. + Be careful: the data coming from the discovery will totally override what exists in the database. + Note that this is an experimental feature. Behavior and config may change in the future. + items: + properties: + http_sd: + description: |- + HTTP-based service discovery provides a more generic way to generate a set of global datasource and serves as an interface to plug in custom service discovery mechanisms. + It fetches an HTTP endpoint containing a list of zero or more global datasources. + The target must reply with an HTTP 200 response. + The HTTP header Content-Type must be application/json, and the body must be valid array of JSON. + properties: + authorization: + description: The HTTP authorization credentials + for the targets. + properties: + credentials: + type: string + credentialsFile: + type: string + type: + type: string + type: object + basic_auth: + properties: + password: + type: string + passwordFile: + description: PasswordFile is a path to a + file that contains a password + type: string + username: + type: string + required: + - username + type: object + headers: + additionalProperties: + type: string + type: object + native_auth: + properties: + login: + type: string + password: + type: string + required: + - login + - password + type: object + oauth: + properties: + authStyle: + description: |- + AuthStyle optionally specifies how the endpoint wants the + client ID & client secret sent. The zero value means to + auto-detect. + type: integer + clientID: + description: ClientID is the application's + ID. + type: string + clientSecret: + description: ClientSecret is the application's + secret. + type: string + clientSecretFile: + type: string + endpointParams: + additionalProperties: + items: + type: string + type: array + description: EndpointParams specifies additional + parameters for requests to the token endpoint. + type: object + scopes: + description: Scope specifies optional requested + permissions. + items: + type: string + type: array + tokenURL: + description: |- + TokenURL is the resource server's token endpoint + URL. This is a constant specific to each server. + type: string + required: + - authStyle + - clientID + - clientSecret + - clientSecretFile + - endpointParams + - scopes + - tokenURL + type: object + tls_config: + description: TLSConfig to use to connect to + the targets. + properties: + ca: + description: Text of the CA cert to use + for the targets. + type: string + caFile: + description: The CA cert to use for the + targets. + type: string + cert: + description: Text of the client cert file + for the targets. + type: string + certFile: + description: The client cert file for the + targets. + type: string + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + key: + description: Text of the client key file + for the targets. + type: string + keyFile: + description: The client key file for the + targets. + type: string + maxVersion: + description: |- + Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default maximum version, which is TLS 1.3. + See MaxVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + minVersion: + description: |- + Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default minimum version, which is TLS 1.2. + See MinVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + serverName: + description: Used to verify the hostname + for the targets. + type: string + type: object + url: + format: uri + type: string + required: + - url + type: object + kubernetes_sd: + description: |- + Kubernetes SD configurations allow retrieving global datasource from Kubernetes' REST API + and always staying synchronized with the cluster state. + properties: + datasource_plugin_kind: + description: DatasourcePluginKind is the name + of the datasource plugin that should be filled + when creating datasources found. + type: string + labels: + additionalProperties: + type: string + description: The labels used to filter the list + of resource when contacting the Kubernetes + API. + type: object + namespace: + description: |- + Kubernetes namespace to constraint the query to only one namespace. + Leave empty if you are looking for datasource cross-namespace. + type: string + pod_configuration: + description: Configuration when you want to + discover the pods in Kubernetes + properties: + container_name: + description: Name of the container the target + address points to. + type: string + container_port_name: + description: Name of the container port. + type: string + container_port_number: + description: Number of the container port. + format: int32 + type: integer + enable: + description: If set to true, Perses server + will discovery the pod + type: boolean + type: object + service_configuration: + description: Configuration when you want to + discover the services in Kubernetes + properties: + enable: + description: If set to true, Perses server + will discovery the service + type: boolean + port_name: + description: Name of the service port for + the target. + type: string + port_number: + description: Number of the service port + for the target. + format: int32 + type: integer + service_type: + description: The type of the service. + type: string + type: object + required: + - datasource_plugin_kind + - namespace + type: object + name: + description: The name of the discovery config. It + is used for logging purposes only + type: string + refresh_interval: + description: Refresh interval to re-query the endpoint. + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + required: + - name + type: object + type: array + required: + - disable + type: object + project: + properties: + disable: + description: |- + Disable is used to disable the project datasource feature. + It will also remove the associated proxy. + type: boolean + required: + - disable + type: object + required: + - disable_local + - global + - project + type: object + ephemeral_dashboard: + description: EphemeralDashboard contains the config about the + ephemeral dashboard feature + properties: + cleanup_interval: + description: The interval at which to trigger the cleanup + of ephemeral dashboards, based on their TTLs. + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + enable: + description: When true user will be able to use the ephemeral + dashboard at project level. + type: boolean + required: + - cleanup_interval + - enable + type: object + ephemeral_dashboards_cleanup_interval: + description: |- + EphemeralDashboardsCleanupInterval is the interval at which the ephemeral dashboards are cleaned up + DEPRECATED. + Please use the config EphemeralDashboard instead. + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + frontend: + description: Frontend contains any config that will be used by + the frontend itself. + properties: + disable: + description: When it is true, Perses won't serve the frontend + anymore, and any other config set here will be ignored + type: boolean + explorer: + description: |- + Explorer is activating the different kind of explorer supported. + Be sure you have installed an associated plugin for each explorer type. + properties: + enable: + type: boolean + required: + - enable + type: object + important_dashboards: + description: ImportantDashboards contains important dashboard + selectors + items: + properties: + dashboard: + description: Dashboard is the name of the dashboard + (dashboard.metadata.name) + type: string + project: + description: Project is the name of the project (dashboard.metadata.project) + type: string + required: + - dashboard + - project + type: object + type: array + information: + description: Information contains markdown content to be display + on the home page + type: string + time_range: + description: TimeRange contains the time range configuration + for the dropdown + properties: + disable_custom: + type: boolean + disable_zoom: + type: boolean + options: + items: + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + type: array + required: + - disable_custom + - disable_zoom + type: object + required: + - disable + - explorer + type: object + plugin: + description: Plugin contains the config for runtime plugins. + properties: + archive_path: + description: |- + ArchivePath is the path to the directory containing the archived plugins + When Perses is starting, it will extract the content of the archive in the folder specified in the `folder` attribute. + type: string + enable_dev: + description: DevEnvironment is the configuration to use when + developing a plugin + type: boolean + path: + description: Path is the path to the directory containing + the runtime plugins + type: string + required: + - enable_dev + type: object + provisioning: + description: Provisioning contains the provisioning config that + can be used if you want to provide default resources. + properties: + folders: + items: + type: string + type: array + interval: + description: Interval is the refresh frequency + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + type: object + schemas: + description: |- + Schemas contain the configuration to get access to the CUE schemas + DEPRECATED. + Please remove it from your config. + properties: + datasources_path: + type: string + interval: + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + panels_path: + type: string + queries_path: + type: string + variables_path: + type: string + type: object + security: + description: Security contains any configuration that changes + the API behavior like the endpoints exposed or if the permissions + are activated. + properties: + authentication: + description: Authentication contains configuration regarding + management of access/refresh token + properties: + access_token_ttl: + description: AccessTokenTTL is the time to live of the + access token. By default, it is 15 minutes. + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + disable_sign_up: + description: |- + DisableSignUp deactivates the Sign-up page in the UI. + It also disables the endpoint that gives the possibility to create a user. + type: boolean + providers: + description: Providers configure the different authentication + providers + properties: + enable_native: + type: boolean + oauth: + items: + properties: + auth_url: + format: uri + type: string + client_credentials: + properties: + client_id: + description: Hidden special type for storing + secrets. + type: string + client_secret: + description: Hidden special type for storing + secrets. + type: string + scopes: + items: + type: string + type: array + required: + - client_id + - client_secret + - scopes + type: object + client_id: + description: Hidden special type for storing + secrets. + type: string + client_secret: + description: Hidden special type for storing + secrets. + type: string + custom_login_property: + type: string + device_auth_url: + format: uri + type: string + device_code: + properties: + client_id: + description: Hidden special type for storing + secrets. + type: string + client_secret: + description: Hidden special type for storing + secrets. + type: string + scopes: + items: + type: string + type: array + required: + - client_id + - client_secret + - scopes + type: object + http: + properties: + timeout: + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + tls_config: + properties: + ca: + description: Text of the CA cert to + use for the targets. + type: string + caFile: + description: The CA cert to use for + the targets. + type: string + cert: + description: Text of the client cert + file for the targets. + type: string + certFile: + description: The client cert file for + the targets. + type: string + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + key: + description: Text of the client key + file for the targets. + type: string + keyFile: + description: The client key file for + the targets. + type: string + maxVersion: + description: |- + Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default maximum version, which is TLS 1.3. + See MaxVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + minVersion: + description: |- + Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default minimum version, which is TLS 1.2. + See MinVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + serverName: + description: Used to verify the hostname + for the targets. + type: string + type: object + required: + - timeout + - tls_config + type: object + name: + type: string + redirect_uri: + format: uri + type: string + scopes: + items: + type: string + type: array + slug_id: + type: string + token_url: + format: uri + type: string + user_infos_url: + format: uri + type: string + required: + - auth_url + - client_id + - device_auth_url + - http + - name + - slug_id + - token_url + - user_infos_url + type: object + type: array + oidc: + items: + properties: + client_credentials: + properties: + client_id: + description: Hidden special type for storing + secrets. + type: string + client_secret: + description: Hidden special type for storing + secrets. + type: string + scopes: + items: + type: string + type: array + required: + - client_id + - client_secret + - scopes + type: object + client_id: + description: Hidden special type for storing + secrets. + type: string + client_secret: + description: Hidden special type for storing + secrets. + type: string + device_code: + properties: + client_id: + description: Hidden special type for storing + secrets. + type: string + client_secret: + description: Hidden special type for storing + secrets. + type: string + scopes: + items: + type: string + type: array + required: + - client_id + - client_secret + - scopes + type: object + disable_pkce: + type: boolean + discovery_url: + format: uri + type: string + http: + properties: + timeout: + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + tls_config: + properties: + ca: + description: Text of the CA cert to + use for the targets. + type: string + caFile: + description: The CA cert to use for + the targets. + type: string + cert: + description: Text of the client cert + file for the targets. + type: string + certFile: + description: The client cert file for + the targets. + type: string + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + key: + description: Text of the client key + file for the targets. + type: string + keyFile: + description: The client key file for + the targets. + type: string + maxVersion: + description: |- + Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default maximum version, which is TLS 1.3. + See MaxVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + minVersion: + description: |- + Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default minimum version, which is TLS 1.2. + See MinVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + serverName: + description: Used to verify the hostname + for the targets. + type: string + type: object + required: + - timeout + - tls_config + type: object + issuer: + format: uri + type: string + name: + type: string + redirect_uri: + format: uri + type: string + scopes: + items: + type: string + type: array + slug_id: + type: string + url_params: + additionalProperties: + type: string + type: object + required: + - client_id + - disable_pkce + - http + - issuer + - name + - slug_id + type: object + type: array + required: + - enable_native + type: object + refresh_token_ttl: + description: |- + RefreshTokenTTL is the time to live of the refresh token. + The refresh token is used to get a new access token when it is expired. + By default, it is 24 hours. + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + required: + - disable_sign_up + - providers + type: object + authorization: + description: Authorization contains all configs around rbac + (permissions and roles) + properties: + check_latest_update_interval: + description: CheckLatestUpdateInterval that checks if + the RBAC cache needs to be refreshed with db content. + Only for SQL database setup. + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + guest_permissions: + description: Default permissions for guest users (logged-in + users) + items: + properties: + actions: + description: Actions of the permission (read, create, + update, delete, ...) + items: + type: string + type: array + scopes: + description: |- + The list of kind targeted by the permission. For example: `Datasource`, `Dashboard`, ... + With Role, you can't target global kinds + items: + type: string + type: array + required: + - actions + - scopes + type: object + type: array + type: object + cookie: + description: Cookie configuration + properties: + same_site: + description: |- + Set the SameSite cookie attribute and prevents the browser from sending the cookie along with cross-site requests. + The main goal is to mitigate the risk of cross-origin information leakage. + This setting also provides some protection against cross-site request forgery attacks (CSRF) + type: integer + secure: + description: Set to true if you host Perses behind HTTPS. + Default is false + type: boolean + required: + - secure + type: object + cors: + description: Configuration for the CORS middleware. + properties: + allow_credentials: + type: boolean + allow_headers: + items: + type: string + type: array + allow_methods: + items: + type: string + type: array + allow_origins: + items: + type: string + type: array + enable: + type: boolean + expose_headers: + items: + type: string + type: array + max_age: + type: integer + required: + - enable + type: object + enable_auth: + description: |- + When it is true, the authentication and authorization config are considered. + And you will need a valid JWT token to contact most of the endpoints exposed by the API + type: boolean + encryption_key: + description: |- + EncryptionKey is the secret key used to encrypt and decrypt sensitive data + stored in the database such as the password of the basic auth for a datasource. + Note that if it is not provided, it will use a default value. + On a production instance, you should set this key. + Also note the key size must be exactly 32 bytes long as we are using AES-256 to encrypt the data. + type: string + encryption_key_file: + description: EncryptionKeyFile is the path to file containing + the secret key + type: string + readonly: + description: Readonly will deactivate any HTTP POST, PUT, + DELETE endpoint + type: boolean + required: + - cookie + - enable_auth + - readonly + type: object + variable: + description: Variable contains the configuration for the variable. + properties: + disable_local: + description: DisableLocal when used is preventing the possibility + to add a variable directly in the dashboard spec. + type: boolean + global: + properties: + disable: + description: |- + Disable is used to disable the global variable feature. + Note that if the global datasource is disabled, the global variable will also be disabled. + type: boolean + required: + - disable + type: object + project: + properties: + disable: + description: |- + Disable is used to disable the project variable feature. + Note that if the global datasource and the project datasource are disabled, + then the project variable will also be disabled. + type: boolean + required: + - disable + type: object + required: + - disable_local + - global + - project + type: object + type: object + containerPort: + format: int32 + type: integer + image: + description: Image specifies the container image that should be used + for the Perses deployment. + type: string + livenessProbe: + description: |- + Probe describes a health check to be performed against a container to determine whether it is + alive or ready to receive traffic. + properties: + exec: + description: Exec specifies a command to execute in the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number must + be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes a custom header to be + used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + metadata: + description: Metadata to add to deployed pods + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + nodeSelector: + additionalProperties: + type: string + type: object + readinessProbe: + description: |- + Probe describes a health check to be performed against a container to determine whether it is + alive or ready to receive traffic. + properties: + exec: + description: Exec specifies a command to execute in the container. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + properties: + port: + description: Port number of the gRPC service. Number must + be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes a custom header to be + used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + replicas: + format: int32 + type: integer + service: + description: service specifies the service configuration for the perses + instance + properties: + annotations: + additionalProperties: + type: string + type: object + name: + type: string + type: object + serviceAccountName: + description: ServiceAccountName is the name of the service account + to use for the perses deployment or statefulset. + type: string + storage: + default: + size: 1Gi + description: Storage configuration used by the StatefulSet + properties: + size: + anyOf: + - type: integer + - type: string + description: |- + Size of the storage. + cannot be decreased. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + description: |- + StorageClass to use for PVCs. + If not specified, will use the default storage class + type: string + type: object + tls: + description: tls specifies the tls configuration for the perses instance + properties: + caCert: + description: CaCert to verify the perses certificate + properties: + certPath: + description: Path to Certificate + type: string + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + privateKeyPath: + description: Path to Private key certificate + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - certPath + - type + type: object + enable: + description: Enable TLS connection to perses + type: boolean + insecureSkipVerify: + description: InsecureSkipVerify skip verify of perses certificate + type: boolean + userCert: + description: UserCert client cert/key for mTLS + properties: + certPath: + description: Path to Certificate + type: string + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + privateKeyPath: + description: Path to Private key certificate + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - certPath + - type + type: object + required: + - enable + type: object + tolerations: + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + status: + description: PersesStatus defines the observed state of Perses + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/dist/chart/templates/crd/perses.dev_persesdashboards.yaml b/dist/chart/templates/crd/perses.dev_persesdashboards.yaml new file mode 100755 index 00000000..ce7dd949 --- /dev/null +++ b/dist/chart/templates/crd/perses.dev_persesdashboards.yaml @@ -0,0 +1,573 @@ +{{- if .Values.crd.enable }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + {{- if .Values.crd.keep }} + "helm.sh/resource-policy": keep + {{- end }} + controller-gen.kubebuilder.io/version: v0.16.0 + name: persesdashboards.perses.dev +spec: + group: perses.dev + names: + kind: PersesDashboard + listKind: PersesDashboardList + plural: persesdashboards + shortNames: + - perdb + singular: persesdashboard + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: PersesDashboard is the Schema for the persesdashboards API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + datasources: + additionalProperties: + properties: + default: + type: boolean + display: + properties: + description: + type: string + name: + type: string + type: object + plugin: + description: |- + Plugin will contain the datasource configuration. + The data typed is available in Cue. + properties: + kind: + type: string + spec: + x-kubernetes-preserve-unknown-fields: true + required: + - kind + - spec + type: object + required: + - default + - plugin + type: object + description: Datasources is an optional list of datasource definition. + type: object + display: + properties: + description: + type: string + name: + type: string + type: object + duration: + description: Duration is the default time range to use when getting + data to fill the dashboard + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + layouts: + items: + properties: + kind: + type: string + spec: + x-kubernetes-preserve-unknown-fields: true + required: + - kind + - spec + type: object + type: array + panels: + additionalProperties: + properties: + kind: + type: string + spec: + properties: + display: + properties: + description: + type: string + name: + type: string + required: + - name + type: object + links: + items: + properties: + name: + type: string + renderVariables: + type: boolean + targetBlank: + type: boolean + tooltip: + type: string + url: + type: string + required: + - url + type: object + type: array + plugin: + properties: + kind: + type: string + spec: + x-kubernetes-preserve-unknown-fields: true + required: + - kind + - spec + type: object + queries: + items: + properties: + kind: + type: string + spec: + properties: + plugin: + properties: + kind: + type: string + spec: + x-kubernetes-preserve-unknown-fields: true + required: + - kind + - spec + type: object + required: + - plugin + type: object + required: + - kind + - spec + type: object + type: array + required: + - display + - plugin + type: object + required: + - kind + - spec + type: object + type: object + refreshInterval: + description: RefreshInterval is the default refresh interval to use + when landing on the dashboard + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + variables: + items: + properties: + kind: + description: Kind is the type of the variable. Depending on + the value of Kind, it will change the content of Spec. + type: string + spec: + x-kubernetes-preserve-unknown-fields: true + required: + - kind + - spec + type: object + type: array + required: + - duration + - layouts + - panels + type: object + status: + description: PersesDashboardStatus defines the observed state of PersesDashboard + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1alpha2 + schema: + openAPIV3Schema: + description: PersesDashboard is the Schema for the persesdashboards API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + config: + properties: + datasources: + additionalProperties: + properties: + default: + type: boolean + display: + properties: + description: + type: string + name: + type: string + type: object + plugin: + description: |- + Plugin will contain the datasource configuration. + The data typed is available in Cue. + properties: + kind: + type: string + spec: + x-kubernetes-preserve-unknown-fields: true + required: + - kind + - spec + type: object + required: + - default + - plugin + type: object + description: Datasources is an optional list of datasource definition. + type: object + display: + properties: + description: + type: string + name: + type: string + type: object + duration: + description: Duration is the default time range to use when getting + data to fill the dashboard + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + layouts: + items: + properties: + kind: + type: string + spec: + x-kubernetes-preserve-unknown-fields: true + required: + - kind + - spec + type: object + type: array + panels: + additionalProperties: + properties: + kind: + type: string + spec: + properties: + display: + properties: + description: + type: string + name: + type: string + required: + - name + type: object + links: + items: + properties: + name: + type: string + renderVariables: + type: boolean + targetBlank: + type: boolean + tooltip: + type: string + url: + type: string + required: + - url + type: object + type: array + plugin: + properties: + kind: + type: string + spec: + x-kubernetes-preserve-unknown-fields: true + required: + - kind + - spec + type: object + queries: + items: + properties: + kind: + type: string + spec: + properties: + plugin: + properties: + kind: + type: string + spec: + x-kubernetes-preserve-unknown-fields: true + required: + - kind + - spec + type: object + required: + - plugin + type: object + required: + - kind + - spec + type: object + type: array + required: + - display + - plugin + type: object + required: + - kind + - spec + type: object + type: object + refreshInterval: + description: RefreshInterval is the default refresh interval to + use when landing on the dashboard + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + variables: + items: + properties: + kind: + description: Kind is the type of the variable. Depending + on the value of Kind, it will change the content of Spec. + type: string + spec: + x-kubernetes-preserve-unknown-fields: true + required: + - kind + - spec + type: object + type: array + required: + - duration + - layouts + - panels + type: object + instanceSelector: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - config + type: object + status: + description: PersesDashboardStatus defines the observed state of PersesDashboard + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/dist/chart/templates/crd/perses.dev_persesdatasources.yaml b/dist/chart/templates/crd/perses.dev_persesdatasources.yaml new file mode 100755 index 00000000..88389e9a --- /dev/null +++ b/dist/chart/templates/crd/perses.dev_persesdatasources.yaml @@ -0,0 +1,634 @@ +{{- if .Values.crd.enable }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + {{- if .Values.crd.keep }} + "helm.sh/resource-policy": keep + {{- end }} + controller-gen.kubebuilder.io/version: v0.16.0 + name: persesdatasources.perses.dev +spec: + group: perses.dev + names: + kind: PersesDatasource + listKind: PersesDatasourceList + plural: persesdatasources + shortNames: + - perds + singular: persesdatasource + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: PersesDatasource is the Schema for the PersesDatasources API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + client: + properties: + basicAuth: + description: BasicAuth basic auth config for perses client + properties: + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + password_path: + description: Path to password + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + username: + description: Username for basic auth + type: string + required: + - password_path + - type + - username + type: object + kubernetesAuth: + description: KubernetesAuth configuration for perses client + properties: + enable: + description: Enable kubernetes auth for perses client + type: boolean + required: + - enable + type: object + oauth: + description: OAuth configuration for perses client + properties: + authStyle: + description: |- + AuthStyle optionally specifies how the endpoint wants the + client ID & client secret sent. The zero value means to + auto-detect. + type: integer + clientIDPath: + description: Path to client id + type: string + clientSecretPath: + description: Path to client secret + type: string + endpointParams: + additionalProperties: + items: + type: string + type: array + description: EndpointParams specifies additional parameters + for requests to the token endpoint. + type: object + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + scopes: + description: Scope specifies optional requested permissions. + items: + type: string + type: array + tokenURL: + description: |- + TokenURL is the resource server's token endpoint + URL. This is a constant specific to each server. + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - tokenURL + - type + type: object + tls: + description: TLS the equivalent to the tls_config for perses client + properties: + caCert: + description: CaCert to verify the perses certificate + properties: + certPath: + description: Path to Certificate + type: string + name: + description: Name of basic auth k8s resource (when type + is secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + privateKeyPath: + description: Path to Private key certificate + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - certPath + - type + type: object + enable: + description: Enable TLS connection to perses + type: boolean + insecureSkipVerify: + description: InsecureSkipVerify skip verify of perses certificate + type: boolean + userCert: + description: UserCert client cert/key for mTLS + properties: + certPath: + description: Path to Certificate + type: string + name: + description: Name of basic auth k8s resource (when type + is secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + privateKeyPath: + description: Path to Private key certificate + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - certPath + - type + type: object + required: + - enable + type: object + type: object + config: + properties: + default: + type: boolean + display: + properties: + description: + type: string + name: + type: string + type: object + plugin: + description: |- + Plugin will contain the datasource configuration. + The data typed is available in Cue. + properties: + kind: + type: string + spec: + x-kubernetes-preserve-unknown-fields: true + required: + - kind + - spec + type: object + required: + - default + - plugin + type: object + type: object + status: + description: PersesDatasourceStatus defines the observed state of PersesDatasource + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1alpha2 + schema: + openAPIV3Schema: + description: PersesDatasource is the Schema for the PersesDatasources API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + client: + properties: + basicAuth: + description: BasicAuth basic auth config for perses client + properties: + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + password_path: + description: Path to password + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + username: + description: Username for basic auth + type: string + required: + - password_path + - type + - username + type: object + kubernetesAuth: + description: KubernetesAuth configuration for perses client + properties: + enable: + description: Enable kubernetes auth for perses client + type: boolean + required: + - enable + type: object + oauth: + description: OAuth configuration for perses client + properties: + authStyle: + description: |- + AuthStyle optionally specifies how the endpoint wants the + client ID & client secret sent. The zero value means to + auto-detect. + type: integer + clientIDPath: + description: Path to client id + type: string + clientSecretPath: + description: Path to client secret + type: string + endpointParams: + additionalProperties: + items: + type: string + type: array + description: EndpointParams specifies additional parameters + for requests to the token endpoint. + type: object + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + scopes: + description: Scope specifies optional requested permissions. + items: + type: string + type: array + tokenURL: + description: |- + TokenURL is the resource server's token endpoint + URL. This is a constant specific to each server. + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - tokenURL + - type + type: object + tls: + description: TLS the equivalent to the tls_config for perses client + properties: + caCert: + description: CaCert to verify the perses certificate + properties: + certPath: + description: Path to Certificate + type: string + name: + description: Name of basic auth k8s resource (when type + is secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + privateKeyPath: + description: Path to Private key certificate + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - certPath + - type + type: object + enable: + description: Enable TLS connection to perses + type: boolean + insecureSkipVerify: + description: InsecureSkipVerify skip verify of perses certificate + type: boolean + userCert: + description: UserCert client cert/key for mTLS + properties: + certPath: + description: Path to Certificate + type: string + name: + description: Name of basic auth k8s resource (when type + is secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + privateKeyPath: + description: Path to Private key certificate + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - certPath + - type + type: object + required: + - enable + type: object + type: object + config: + properties: + default: + type: boolean + display: + properties: + description: + type: string + name: + type: string + type: object + plugin: + description: |- + Plugin will contain the datasource configuration. + The data typed is available in Cue. + properties: + kind: + type: string + spec: + x-kubernetes-preserve-unknown-fields: true + required: + - kind + - spec + type: object + required: + - default + - plugin + type: object + instanceSelector: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - config + type: object + status: + description: PersesDatasourceStatus defines the observed state of PersesDatasource + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/dist/chart/templates/crd/perses.dev_persesglobaldatasources.yaml b/dist/chart/templates/crd/perses.dev_persesglobaldatasources.yaml new file mode 100755 index 00000000..0b7e5797 --- /dev/null +++ b/dist/chart/templates/crd/perses.dev_persesglobaldatasources.yaml @@ -0,0 +1,357 @@ +{{- if .Values.crd.enable }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + {{- if .Values.crd.keep }} + "helm.sh/resource-policy": keep + {{- end }} + controller-gen.kubebuilder.io/version: v0.16.0 + name: persesglobaldatasources.perses.dev +spec: + group: perses.dev + names: + kind: PersesGlobalDatasource + listKind: PersesGlobalDatasourceList + plural: persesglobaldatasources + shortNames: + - pergds + singular: persesglobaldatasource + scope: Namespaced + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: PersesGlobalDatasource is the Schema for the PersesGlobalDatasources + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + client: + properties: + basicAuth: + description: BasicAuth basic auth config for perses client + properties: + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + password_path: + description: Path to password + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + username: + description: Username for basic auth + type: string + required: + - password_path + - type + - username + type: object + kubernetesAuth: + description: KubernetesAuth configuration for perses client + properties: + enable: + description: Enable kubernetes auth for perses client + type: boolean + required: + - enable + type: object + oauth: + description: OAuth configuration for perses client + properties: + authStyle: + description: |- + AuthStyle optionally specifies how the endpoint wants the + client ID & client secret sent. The zero value means to + auto-detect. + type: integer + clientIDPath: + description: Path to client id + type: string + clientSecretPath: + description: Path to client secret + type: string + endpointParams: + additionalProperties: + items: + type: string + type: array + description: EndpointParams specifies additional parameters + for requests to the token endpoint. + type: object + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + scopes: + description: Scope specifies optional requested permissions. + items: + type: string + type: array + tokenURL: + description: |- + TokenURL is the resource server's token endpoint + URL. This is a constant specific to each server. + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - tokenURL + - type + type: object + tls: + description: TLS the equivalent to the tls_config for perses client + properties: + caCert: + description: CaCert to verify the perses certificate + properties: + certPath: + description: Path to Certificate + type: string + name: + description: Name of basic auth k8s resource (when type + is secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + privateKeyPath: + description: Path to Private key certificate + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - certPath + - type + type: object + enable: + description: Enable TLS connection to perses + type: boolean + insecureSkipVerify: + description: InsecureSkipVerify skip verify of perses certificate + type: boolean + userCert: + description: UserCert client cert/key for mTLS + properties: + certPath: + description: Path to Certificate + type: string + name: + description: Name of basic auth k8s resource (when type + is secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + privateKeyPath: + description: Path to Private key certificate + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - certPath + - type + type: object + required: + - enable + type: object + type: object + config: + properties: + default: + type: boolean + display: + properties: + description: + type: string + name: + type: string + type: object + plugin: + description: |- + Plugin will contain the datasource configuration. + The data typed is available in Cue. + properties: + kind: + type: string + spec: + x-kubernetes-preserve-unknown-fields: true + required: + - kind + - spec + type: object + required: + - default + - plugin + type: object + instanceSelector: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - config + type: object + status: + description: PersesGlobalDatasourceStatus defines the observed state of + PersesGlobalDatasource + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/dist/chart/templates/manager/manager.yaml b/dist/chart/templates/manager/manager.yaml new file mode 100644 index 00000000..86fb0968 --- /dev/null +++ b/dist/chart/templates/manager/manager.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: perses-operator-controller-manager + namespace: {{ .Release.Namespace }} + labels: + {{- include "chart.labels" . | nindent 4 }} + control-plane: controller-manager +spec: + replicas: {{ .Values.controllerManager.replicas }} + selector: + matchLabels: + {{- include "chart.selectorLabels" . | nindent 6 }} + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + {{- include "chart.labels" . | nindent 8 }} + control-plane: controller-manager + {{- if and .Values.controllerManager.pod .Values.controllerManager.pod.labels }} + {{- range $key, $value := .Values.controllerManager.pod.labels }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + containers: + - name: manager + args: + {{- range .Values.controllerManager.container.args }} + - {{ . }} + {{- end }} + command: + - /manager + image: {{ .Values.controllerManager.container.image.repository }}:{{ .Values.controllerManager.container.image.tag }} + {{- if .Values.controllerManager.container.env }} + env: + {{- range $key, $value := .Values.controllerManager.container.env }} + - name: {{ $key }} + value: {{ $value }} + {{- end }} + {{- end }} + livenessProbe: + {{- toYaml .Values.controllerManager.container.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.controllerManager.container.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.controllerManager.container.resources | nindent 12 }} + securityContext: + {{- toYaml .Values.controllerManager.container.securityContext | nindent 12 }} + {{- if and .Values.certmanager.enable .Values.metrics.enable }} + volumeMounts: + {{- if and .Values.metrics.enable .Values.certmanager.enable }} + - name: metrics-certs + mountPath: /tmp/k8s-metrics-server/metrics-certs + readOnly: true + {{- end }} + {{- end }} + securityContext: + {{- toYaml .Values.controllerManager.securityContext | nindent 8 }} + serviceAccountName: {{ .Values.controllerManager.serviceAccountName }} + terminationGracePeriodSeconds: {{ .Values.controllerManager.terminationGracePeriodSeconds }} + {{- if and .Values.certmanager.enable .Values.metrics.enable }} + volumes: + {{- if and .Values.metrics.enable .Values.certmanager.enable }} + - name: metrics-certs + secret: + secretName: metrics-server-cert + {{- end }} + {{- end }} diff --git a/dist/chart/templates/metrics/metrics-service.yaml b/dist/chart/templates/metrics/metrics-service.yaml new file mode 100644 index 00000000..3a32d1ff --- /dev/null +++ b/dist/chart/templates/metrics/metrics-service.yaml @@ -0,0 +1,18 @@ +{{- if .Values.metrics.enable }} +apiVersion: v1 +kind: Service +metadata: + name: perses-operator-controller-manager-metrics-service + namespace: {{ .Release.Namespace }} + labels: + {{- include "chart.labels" . | nindent 4 }} + control-plane: controller-manager +spec: + ports: + - port: 8443 + targetPort: 8443 + protocol: TCP + name: https + selector: + control-plane: controller-manager +{{- end }} diff --git a/dist/chart/templates/network-policy/allow-webhook-traffic.yaml b/dist/chart/templates/network-policy/allow-webhook-traffic.yaml new file mode 100755 index 00000000..2f333729 --- /dev/null +++ b/dist/chart/templates/network-policy/allow-webhook-traffic.yaml @@ -0,0 +1,27 @@ +{{- if .Values.networkPolicy.enable }} +# This NetworkPolicy allows ingress traffic to your webhook server running +# as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks +# will only work when applied in namespaces labeled with 'webhook: enabled' +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: allow-webhook-traffic + namespace: {{ .Release.Namespace }} +spec: + podSelector: + matchLabels: + control-plane: controller-manager + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label webhook: enabled + - from: + - namespaceSelector: + matchLabels: + webhook: enabled # Only from namespaces with this label + ports: + - port: 443 + protocol: TCP +{{- end -}} diff --git a/dist/chart/templates/prometheus/monitor.yaml b/dist/chart/templates/prometheus/monitor.yaml new file mode 100644 index 00000000..c4eb0fa8 --- /dev/null +++ b/dist/chart/templates/prometheus/monitor.yaml @@ -0,0 +1,40 @@ +# To integrate with Prometheus. +{{- if .Values.prometheus.enable }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + control-plane: controller-manager + name: perses-operator-controller-manager-metrics-monitor + namespace: {{ .Release.Namespace }} +spec: + endpoints: + - path: /metrics + port: https + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + {{- if .Values.certmanager.enable }} + serverName: perses-operator-controller-manager-metrics-service.{{ .Release.Namespace }}.svc + # Apply secure TLS configuration with cert-manager + insecureSkipVerify: false + ca: + secret: + name: metrics-server-cert + key: ca.crt + cert: + secret: + name: metrics-server-cert + key: tls.crt + keySecret: + name: metrics-server-cert + key: tls.key + {{- else }} + # Development/Test mode (insecure configuration) + insecureSkipVerify: true + {{- end }} + selector: + matchLabels: + control-plane: controller-manager +{{- end }} diff --git a/dist/chart/templates/rbac/auth_proxy_client_clusterrole.yaml b/dist/chart/templates/rbac/auth_proxy_client_clusterrole.yaml new file mode 100755 index 00000000..7947fc4c --- /dev/null +++ b/dist/chart/templates/rbac/auth_proxy_client_clusterrole.yaml @@ -0,0 +1,13 @@ +{{- if .Values.rbac.enable }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: perses-operator-metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get +{{- end -}} diff --git a/dist/chart/templates/rbac/auth_proxy_role.yaml b/dist/chart/templates/rbac/auth_proxy_role.yaml new file mode 100755 index 00000000..2bb72f41 --- /dev/null +++ b/dist/chart/templates/rbac/auth_proxy_role.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.enable }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +{{- end -}} diff --git a/dist/chart/templates/rbac/auth_proxy_role_binding.yaml b/dist/chart/templates/rbac/auth_proxy_role_binding.yaml new file mode 100755 index 00000000..493b38a4 --- /dev/null +++ b/dist/chart/templates/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.enable }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: {{ .Values.controllerManager.serviceAccountName }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/dist/chart/templates/rbac/auth_proxy_service.yaml b/dist/chart/templates/rbac/auth_proxy_service.yaml new file mode 100755 index 00000000..b665f0dc --- /dev/null +++ b/dist/chart/templates/rbac/auth_proxy_service.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rbac.enable }} +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: {{ .Values.controllerManager.serviceAccountName }}-metrics-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +{{- end -}} diff --git a/dist/chart/templates/rbac/leader_election_role.yaml b/dist/chart/templates/rbac/leader_election_role.yaml new file mode 100755 index 00000000..67f2bc6c --- /dev/null +++ b/dist/chart/templates/rbac/leader_election_role.yaml @@ -0,0 +1,42 @@ +{{- if .Values.rbac.enable }} +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} + name: perses-operator-leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +{{- end -}} diff --git a/dist/chart/templates/rbac/leader_election_role_binding.yaml b/dist/chart/templates/rbac/leader_election_role_binding.yaml new file mode 100755 index 00000000..bba2455f --- /dev/null +++ b/dist/chart/templates/rbac/leader_election_role_binding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rbac.enable }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} + name: perses-operator-leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: perses-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: {{ .Values.controllerManager.serviceAccountName }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/dist/chart/templates/rbac/perses_editor_role.yaml b/dist/chart/templates/rbac/perses_editor_role.yaml new file mode 100755 index 00000000..7047ac57 --- /dev/null +++ b/dist/chart/templates/rbac/perses_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.enable }} +# permissions for end users to edit perses. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: perses-editor-role +rules: + - apiGroups: + - perses.dev + resources: + - perses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - perses.dev + resources: + - perses/status + verbs: + - get +{{- end -}} diff --git a/dist/chart/templates/rbac/perses_viewer_role.yaml b/dist/chart/templates/rbac/perses_viewer_role.yaml new file mode 100755 index 00000000..c52a46e2 --- /dev/null +++ b/dist/chart/templates/rbac/perses_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.enable }} +# permissions for end users to view perses. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: perses-viewer-role +rules: + - apiGroups: + - perses.dev + resources: + - perses + verbs: + - get + - list + - watch + - apiGroups: + - perses.dev + resources: + - perses/status + verbs: + - get +{{- end -}} diff --git a/dist/chart/templates/rbac/persesdashboard_editor_role.yaml b/dist/chart/templates/rbac/persesdashboard_editor_role.yaml new file mode 100755 index 00000000..1198769f --- /dev/null +++ b/dist/chart/templates/rbac/persesdashboard_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.enable }} +# permissions for end users to edit persesdashboards. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: persesdashboard-editor-role +rules: + - apiGroups: + - perses.dev + resources: + - persesdashboards + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - perses.dev + resources: + - persesdashboards/status + verbs: + - get +{{- end -}} diff --git a/dist/chart/templates/rbac/persesdashboard_viewer_role.yaml b/dist/chart/templates/rbac/persesdashboard_viewer_role.yaml new file mode 100755 index 00000000..acfa051d --- /dev/null +++ b/dist/chart/templates/rbac/persesdashboard_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.enable }} +# permissions for end users to view persesdashboards. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: persesdashboard-viewer-role +rules: + - apiGroups: + - perses.dev + resources: + - persesdashboards + verbs: + - get + - list + - watch + - apiGroups: + - perses.dev + resources: + - persesdashboards/status + verbs: + - get +{{- end -}} diff --git a/dist/chart/templates/rbac/persesdatasource_editor_role.yaml b/dist/chart/templates/rbac/persesdatasource_editor_role.yaml new file mode 100755 index 00000000..1b11350e --- /dev/null +++ b/dist/chart/templates/rbac/persesdatasource_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.enable }} +# permissions for end users to edit persesdatasources. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: persesdatasource-editor-role +rules: + - apiGroups: + - perses.dev + resources: + - persesdatasources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - perses.dev + resources: + - persesdatasources/status + verbs: + - get +{{- end -}} diff --git a/dist/chart/templates/rbac/persesdatasource_viewer_role.yaml b/dist/chart/templates/rbac/persesdatasource_viewer_role.yaml new file mode 100755 index 00000000..7d065fbe --- /dev/null +++ b/dist/chart/templates/rbac/persesdatasource_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.enable }} +# permissions for end users to view persesdatasources. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: persesdatasource-viewer-role +rules: + - apiGroups: + - perses.dev + resources: + - persesdatasources + verbs: + - get + - list + - watch + - apiGroups: + - perses.dev + resources: + - persesdatasources/status + verbs: + - get +{{- end -}} diff --git a/dist/chart/templates/rbac/persesglobaldatasource_editor_role.yaml b/dist/chart/templates/rbac/persesglobaldatasource_editor_role.yaml new file mode 100755 index 00000000..22833c03 --- /dev/null +++ b/dist/chart/templates/rbac/persesglobaldatasource_editor_role.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.enable }} +# permissions for end users to edit persesglobaldatasources. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: persesglobaldatasource-editor-role +rules: + - apiGroups: + - perses.dev + resources: + - persesglobaldatasources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - perses.dev + resources: + - persesglobaldatasources/status + verbs: + - get +{{- end -}} diff --git a/dist/chart/templates/rbac/persesglobaldatasource_viewer_role.yaml b/dist/chart/templates/rbac/persesglobaldatasource_viewer_role.yaml new file mode 100755 index 00000000..e5cdabfb --- /dev/null +++ b/dist/chart/templates/rbac/persesglobaldatasource_viewer_role.yaml @@ -0,0 +1,24 @@ +{{- if .Values.rbac.enable }} +# permissions for end users to view persesglobaldatasources. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: persesglobaldatasource-viewer-role +rules: + - apiGroups: + - perses.dev + resources: + - persesglobaldatasources + verbs: + - get + - list + - watch + - apiGroups: + - perses.dev + resources: + - persesglobaldatasources/status + verbs: + - get +{{- end -}} diff --git a/dist/chart/templates/rbac/role.yaml b/dist/chart/templates/rbac/role.yaml new file mode 100755 index 00000000..5db5cc27 --- /dev/null +++ b/dist/chart/templates/rbac/role.yaml @@ -0,0 +1,150 @@ +{{- if .Values.rbac.enable }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + creationTimestamp: null + name: perses-operator-manager-role +rules: + - apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + - configmaps + - secrets + verbs: + - get + - patch + - update + - create + - delete + - list + - watch + - apiGroups: + - perses.dev + resources: + - perses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - perses.dev + resources: + - perses/finalizers + verbs: + - update + - apiGroups: + - perses.dev + resources: + - perses/status + verbs: + - get + - patch + - update + - apiGroups: + - perses.dev + resources: + - persesdashboards + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - perses.dev + resources: + - persesdashboards/finalizers + verbs: + - update + - apiGroups: + - perses.dev + resources: + - persesdashboards/status + verbs: + - get + - patch + - update + - apiGroups: + - perses.dev + resources: + - persesdatasources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - perses.dev + resources: + - persesdatasources/finalizers + verbs: + - update + - apiGroups: + - perses.dev + resources: + - persesdatasources/status + verbs: + - get + - patch + - update + - apiGroups: + - perses.dev + resources: + - persesglobaldatasources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - perses.dev + resources: + - persesglobaldatasources/finalizers + verbs: + - update + - apiGroups: + - perses.dev + resources: + - persesglobaldatasources/status + verbs: + - get + - patch + - update + +{{- end -}} diff --git a/dist/chart/templates/rbac/role_binding.yaml b/dist/chart/templates/rbac/role_binding.yaml new file mode 100755 index 00000000..09fe691d --- /dev/null +++ b/dist/chart/templates/rbac/role_binding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.enable }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: perses-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: perses-operator-manager-role +subjects: +- kind: ServiceAccount + name: {{ .Values.controllerManager.serviceAccountName }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/dist/chart/templates/rbac/service_account.yaml b/dist/chart/templates/rbac/service_account.yaml new file mode 100755 index 00000000..93e0a323 --- /dev/null +++ b/dist/chart/templates/rbac/service_account.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbac.enable }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + {{- if and .Values.controllerManager.serviceAccount .Values.controllerManager.serviceAccount.annotations }} + annotations: + {{- range $key, $value := .Values.controllerManager.serviceAccount.annotations }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + name: {{ .Values.controllerManager.serviceAccountName }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/dist/chart/values.yaml b/dist/chart/values.yaml new file mode 100644 index 00000000..6480cdc4 --- /dev/null +++ b/dist/chart/values.yaml @@ -0,0 +1,76 @@ +# [MANAGER]: Manager Deployment Configurations +controllerManager: + replicas: 1 + container: + image: + repository: controller + tag: latest + args: + - "--leader-elect" + - "--metrics-bind-address=:8443" + - "--health-probe-bind-address=:8081" + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 20 + httpGet: + path: /healthz + port: 8081 + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 10 + httpGet: + path: /readyz + port: 8081 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 10 + serviceAccountName: perses-operator-controller-manager + +# [RBAC]: To enable RBAC (Permissions) configurations +rbac: + enable: true + +# [CRDs]: To enable the CRDs +crd: + # This option determines whether the CRDs are included + # in the installation process. + enable: true + + # Enabling this option adds the "helm.sh/resource-policy": keep + # annotation to the CRD, ensuring it remains installed even when + # the Helm release is uninstalled. + # NOTE: Removing the CRDs will also remove all cert-manager CR(s) + # (Certificates, Issuers, ...) due to garbage collection. + keep: true + +# [METRICS]: Set to true to generate manifests for exporting metrics. +# To disable metrics export set false, and ensure that the +# ControllerManager argument "--metrics-bind-address=:8443" is removed. +metrics: + enable: true + +# [PROMETHEUS]: To enable a ServiceMonitor to export metrics to Prometheus set true +prometheus: + enable: false + +# [CERT-MANAGER]: To enable cert-manager injection to webhooks set true +certmanager: + enable: false + +# [NETWORK POLICIES]: To enable NetworkPolicies set true +networkPolicy: + enable: false