diff --git a/class/defaults.yml b/class/defaults.yml index 38e4492fef..87da8f8b5b 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -36,6 +36,9 @@ parameters: source: https://cloudnative-pg.io/charts/ version: 0.3.1 chartName: cluster + openbao: + source: https://openbao.github.io/openbao-helm + version: 0.19.3 images: provider-kubernetes: registry: ghcr.io @@ -72,7 +75,7 @@ parameters: appcat: registry: ghcr.io repository: vshn/appcat - tag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + tag: feat/openbao_poc functionAppcat: registry: ${appcat:images:appcat:registry} repository: ${appcat:images:appcat:repository} @@ -502,6 +505,8 @@ parameters: uptime: ${appcat:slos:uptimeDefaults} Forgejo: uptime: ${appcat:slos:uptimeDefaults} + OpenBao: + uptime: ${appcat:slos:uptimeDefaults} providers: cloudscale: @@ -1189,6 +1194,76 @@ parameters: cpu: "1" memory: "4Gi" disk: 50Gi + openbao: + enabled: true + billing: true + additionalInputs: + kubectl_image: ${appcat:images:kubectl:registry}/${appcat:images:kubectl:image}:${appcat:images:kubectl:tag} + serviceName: VSHNOpenBao + compFunctionsOnly: true + connectionSecretKeys: + - ca.crt + - tls.crt + - tls.key + - REDIS_HOST + - REDIS_PORT + - REDIS_USERNAME + - REDIS_PASSWORD + - REDIS_URL + - SENTINEL_HOSTS + mode: standalone + offered: true + restoreSA: openbaorestoreaccount + restoreRoleRules: ${appcat:defaultRestoreRoleRules} + openshiftTemplate: + serviceName: redisbyvshn + description: "The open source, in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker." + message: 'Your Redis by VSHN instance is being provisioned, please see \${SECRET_NAME} for access.' + url: https://vs.hn/vshn-redis + tags: "database,nosql" + icon: "icon-redis" + defaultVersion: "7.2" + enableNetworkPolicy: true + secretNamespace: ${appcat:services:vshn:secretNamespace} + helmChartVersion: ${appcat:charts:redis:version} + imageRegistry: ${appcat:images:redis:registry} + imageRepositoryPrefix: ${appcat:images:redis:repositoryPrefix} + maintenanceURL: "${appcat:images:redis:maintenanceURL}" + grpcEndpoint: ${appcat:grpcEndpoint} + proxyFunction: ${appcat:proxyFunction} + defaultPlan: standard-1 + sla: 99.25 + plans: + standard-512m: + size: + enabled: true + cpu: "125m" + memory: "512Mi" + disk: 16Gi + standard-1: + size: + enabled: true + cpu: "250m" + memory: "1Gi" + disk: 16Gi + standard-2: + size: + enabled: true + cpu: "500m" + memory: "2Gi" + disk: 16Gi + standard-4: + size: + enabled: true + cpu: "1" + memory: "4Gi" + disk: 16Gi + standard-8: + size: + enabled: true + cpu: "2" + memory: "8Gi" + disk: 16Gi # Config for exoscale composites exoscale: enabled: false diff --git a/tests/golden/control-plane/appcat/appcat/10_function_appcat.yaml b/tests/golden/control-plane/appcat/appcat/10_function_appcat.yaml index 8d774542cd..21a9c458c7 100644 --- a/tests/golden/control-plane/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/control-plane/appcat/appcat/10_function_appcat.yaml @@ -4,9 +4,9 @@ metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: '-40' - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc spec: - package: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164-func + package: ghcr.io/vshn/appcat:feat_openbao_poc-func packagePullPolicy: IfNotPresent runtimeConfigRef: name: enable-proxy diff --git a/tests/golden/control-plane/appcat/appcat/21_composition_objectstorage_minio.yaml b/tests/golden/control-plane/appcat/appcat/21_composition_objectstorage_minio.yaml index 55e1fc60f7..1e2f118788 100644 --- a/tests/golden/control-plane/appcat/appcat/21_composition_objectstorage_minio.yaml +++ b/tests/golden/control-plane/appcat/appcat/21_composition_objectstorage_minio.yaml @@ -21,7 +21,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: diff --git a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_codey.yaml b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_codey.yaml index 5f7271d663..09fd421b93 100644 --- a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_codey.yaml +++ b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_codey.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-codey name: codey.io name: codey.io diff --git a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_forgejo.yaml b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_forgejo.yaml index c286b22515..66d54e9c9d 100644 --- a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_forgejo.yaml +++ b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_forgejo.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-forgejo name: vshnforgejo.vshn.appcat.vshn.io name: vshnforgejo.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -47,7 +47,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud ignoreNamespaceForBilling: vshn-test imageRegistry: code.forgejo.org - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc ingress_annotations: | cert-manager.io/cluster-issuer: letsencrypt-production isOpenshift: 'false' diff --git a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_keycloak.yaml b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_keycloak.yaml index 5d477bf0f3..857364bd84 100644 --- a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_keycloak.yaml +++ b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_keycloak.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-keycloak name: vshnkeycloak.vshn.appcat.vshn.io name: vshnkeycloak.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -48,7 +48,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud ignoreNamespaceForBilling: vshn-test imageRegistry: docker-registry.inventage.com:10121/keycloak-competence-center/keycloak-managed - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc ingress_annotations: | nginx.ingress.kubernetes.io/backend-protocol: HTTPS cert-manager.io/cluster-issuer: letsencrypt-staging diff --git a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_mariadb.yaml b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_mariadb.yaml index 4a8ce05799..5eb596d57e 100644 --- a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_mariadb.yaml +++ b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_mariadb.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-mariadb name: vshnmariadb.vshn.appcat.vshn.io name: vshnmariadb.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -47,7 +47,7 @@ spec: ignoreNamespaceForBilling: vshn-test imageRegistry: docker.io imageRepositoryPrefix: bitnamilegacy - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc isOpenshift: 'false' maintenanceSA: helm-based-service-maintenance maintenanceURL: https://hub.docker.com/v2/repositories/bitnamilegacy/mariadb-galera/tags/?page_size=100 diff --git a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_nextcloud.yaml b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_nextcloud.yaml index 13c5a4d31b..5e2f880155 100644 --- a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_nextcloud.yaml +++ b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_nextcloud.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-nextcloud name: vshnnextcloud.vshn.appcat.vshn.io name: vshnnextcloud.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -54,7 +54,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud ignoreNamespaceForBilling: vshn-test imageRegistry: docker.io - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc ingress_annotations: | cert-manager.io/cluster-issuer: letsencrypt-staging nginx.ingress.kubernetes.io/enable-cors: "true" diff --git a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_postgres.yaml b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_postgres.yaml index a4e382a73b..00e1b828e4 100644 --- a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_postgres.yaml +++ b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_postgres.yaml @@ -15,7 +15,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-postgresql name: vshnpostgres.vshn.appcat.vshn.io name: vshnpostgres.vshn.appcat.vshn.io @@ -26,7 +26,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -50,7 +50,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud externalDatabaseConnectionsEnabled: 'true' ignoreNamespaceForBilling: vshn-test - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc initContainers: '{"clusterReconciliationCycle": {"limits": {"cpu": "300m", "memory": "200Mi"}, "requests": {"cpu": "100m", "memory": "100Mi"}}, "pgbouncerAuthFile": {"limits": {"cpu": "300m", "memory": "500Mi"}, "requests": {"cpu": "100m", diff --git a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_postgrescnpg.yaml b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_postgrescnpg.yaml index c45c45ceed..0342cdb915 100644 --- a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_postgrescnpg.yaml +++ b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_postgrescnpg.yaml @@ -15,7 +15,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-postgresql name: vshnpostgrescnpg.vshn.appcat.vshn.io name: vshnpostgrescnpg.vshn.appcat.vshn.io @@ -26,7 +26,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -50,7 +50,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud externalDatabaseConnectionsEnabled: 'true' ignoreNamespaceForBilling: vshn-test - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc isOpenshift: 'false' kubectl_image: docker.io/bitnamilegacy/kubectl:1.25.15 loadbalancerAnnotations: | diff --git a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_redis.yaml b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_redis.yaml index 51fc0a8851..b5fff0f38f 100644 --- a/tests/golden/control-plane/appcat/appcat/21_composition_vshn_redis.yaml +++ b/tests/golden/control-plane/appcat/appcat/21_composition_vshn_redis.yaml @@ -17,7 +17,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-redis name: vshnredis.vshn.appcat.vshn.io name: vshnredis.vshn.appcat.vshn.io @@ -28,7 +28,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -51,7 +51,7 @@ spec: ignoreNamespaceForBilling: vshn-test imageRegistry: ghcr.io imageRepositoryPrefix: vshn - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc isOpenshift: 'false' kubectl_image: docker.io/bitnamilegacy/kubectl:1.25.15 maintenanceSA: helm-based-service-maintenance diff --git a/tests/golden/control-plane/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/control-plane/appcat/appcat/apiserver/30_deployment.yaml index a1035f6e40..c3d978a6df 100644 --- a/tests/golden/control-plane/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/control-plane/appcat/appcat/apiserver/30_deployment.yaml @@ -31,7 +31,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/golden/control-plane/appcat/appcat/controllers/appcat/30_deployment.yaml b/tests/golden/control-plane/appcat/appcat/controllers/appcat/30_deployment.yaml index 0bf384c646..87cafbe49e 100644 --- a/tests/golden/control-plane/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/tests/golden/control-plane/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -28,7 +28,7 @@ spec: env: - name: PLANS_NAMESPACE value: syn-appcat - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/control-plane/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml b/tests/golden/control-plane/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml index 5213d1d98b..beba166baa 100644 --- a/tests/golden/control-plane/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml +++ b/tests/golden/control-plane/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: template: metadata: annotations: - function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + function-revision: feat/openbao_poc labels: app: crossplane app.kubernetes.io/component: cloud-infrastructure-controller diff --git a/tests/golden/control-plane/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml b/tests/golden/control-plane/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml index 7c768e9cff..029ec13634 100644 --- a/tests/golden/control-plane/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml +++ b/tests/golden/control-plane/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml @@ -26,7 +26,7 @@ spec: template: metadata: annotations: - function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + function-revision: feat/openbao_poc labels: app: crossplane-rbac-manager app.kubernetes.io/component: cloud-infrastructure-controller diff --git a/tests/golden/control-plane/appcat/appcat/sla_reporter/01_cronjob.yaml b/tests/golden/control-plane/appcat/appcat/sla_reporter/01_cronjob.yaml index 20122a9792..f312afebea 100644 --- a/tests/golden/control-plane/appcat/appcat/sla_reporter/01_cronjob.yaml +++ b/tests/golden/control-plane/appcat/appcat/sla_reporter/01_cronjob.yaml @@ -30,7 +30,7 @@ spec: envFrom: - secretRef: name: appcat-sla-reports-creds - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc name: sla-reporter resources: limits: diff --git a/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml b/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml index ad8412e558..f0e400acc8 100644 --- a/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml @@ -4,9 +4,9 @@ metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: '-40' - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc spec: - package: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164-func + package: ghcr.io/vshn/appcat:feat_openbao_poc-func packagePullPolicy: IfNotPresent runtimeConfigRef: name: function-appcat diff --git a/tests/golden/defaults/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/defaults/appcat/appcat/apiserver/30_deployment.yaml index bfee34588f..3479f17316 100644 --- a/tests/golden/defaults/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/defaults/appcat/appcat/apiserver/30_deployment.yaml @@ -31,7 +31,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/golden/defaults/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml b/tests/golden/defaults/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml index 5213d1d98b..beba166baa 100644 --- a/tests/golden/defaults/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml +++ b/tests/golden/defaults/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: template: metadata: annotations: - function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + function-revision: feat/openbao_poc labels: app: crossplane app.kubernetes.io/component: cloud-infrastructure-controller diff --git a/tests/golden/defaults/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml b/tests/golden/defaults/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml index 7c768e9cff..029ec13634 100644 --- a/tests/golden/defaults/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml +++ b/tests/golden/defaults/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml @@ -26,7 +26,7 @@ spec: template: metadata: annotations: - function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + function-revision: feat/openbao_poc labels: app: crossplane-rbac-manager app.kubernetes.io/component: cloud-infrastructure-controller diff --git a/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index ad3a652664..fe1c8f0f82 100644 --- a/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -25,7 +25,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 env: [] - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/dev/appcat/appcat/10_appcat_backup_monitoring.yaml b/tests/golden/dev/appcat/appcat/10_appcat_backup_monitoring.yaml index 1333075c6a..e5a067b45e 100644 --- a/tests/golden/dev/appcat/appcat/10_appcat_backup_monitoring.yaml +++ b/tests/golden/dev/appcat/appcat/10_appcat_backup_monitoring.yaml @@ -13,7 +13,7 @@ spec: }} has failed. runbook_url: https://kb.vshn.ch/app-catalog/how-tos/appcat/AppCatBackupJobError.html summary: AppCat service backup failed. - expr: kube_job_failed{job_name=~".*backup.*", namespace=~"vshn-(codey|forgejo|keycloak|mariadb|nextcloud|postgresql|redis)-.*"} + expr: kube_job_failed{job_name=~".*backup.*", namespace=~"vshn-(codey|forgejo|keycloak|mariadb|nextcloud|openbao|postgresql|redis)-.*"} > 0 for: 1m labels: diff --git a/tests/golden/dev/appcat/appcat/10_appcat_ha_monitoring.yaml b/tests/golden/dev/appcat/appcat/10_appcat_ha_monitoring.yaml index 5c64cc3b23..1f744742e2 100644 --- a/tests/golden/dev/appcat/appcat/10_appcat_ha_monitoring.yaml +++ b/tests/golden/dev/appcat/appcat/10_appcat_ha_monitoring.yaml @@ -13,9 +13,9 @@ spec: }} has less replicas than expected. runbook_url: https://kb.vshn.ch/app-catalog/how-tos/appcat/vshn/AppCatHighAvailableDeploymentWarning.html summary: AppCat service instance has unavailable pods. - expr: kube_deployment_status_replicas{namespace=~"vshn-(codey|forgejo|keycloak|mariadb|nextcloud|postgresql|redis)-.*"} - > 1 AND kube_deployment_status_replicas{namespace=~"vshn-(codey|forgejo|keycloak|mariadb|nextcloud|postgresql|redis)-.*"} - - kube_deployment_status_replicas_ready{namespace=~"vshn-(codey|forgejo|keycloak|mariadb|nextcloud|postgresql|redis)-.*"} + expr: kube_deployment_status_replicas{namespace=~"vshn-(codey|forgejo|keycloak|mariadb|nextcloud|openbao|postgresql|redis)-.*"} + > 1 AND kube_deployment_status_replicas{namespace=~"vshn-(codey|forgejo|keycloak|mariadb|nextcloud|openbao|postgresql|redis)-.*"} + - kube_deployment_status_replicas_ready{namespace=~"vshn-(codey|forgejo|keycloak|mariadb|nextcloud|openbao|postgresql|redis)-.*"} > 0 for: 1m labels: @@ -27,9 +27,9 @@ spec: $labels.namespace }} has less replicas than expected. runbook_url: https://kb.vshn.ch/app-catalog/how-tos/appcat/vshn/AppCatHighAvailableStatefulsetWarning.html summary: AppCat service instance has unavailable pods. - expr: kube_statefulset_status_replicas{namespace=~"vshn-(codey|forgejo|keycloak|mariadb|nextcloud|postgresql|redis)-.*"} - > 1 AND kube_statefulset_status_replicas{namespace=~"vshn-(codey|forgejo|keycloak|mariadb|nextcloud|postgresql|redis)-.*"} - - kube_statefulset_status_replicas_ready{namespace=~"vshn-(codey|forgejo|keycloak|mariadb|nextcloud|postgresql|redis)-.*"} + expr: kube_statefulset_status_replicas{namespace=~"vshn-(codey|forgejo|keycloak|mariadb|nextcloud|openbao|postgresql|redis)-.*"} + > 1 AND kube_statefulset_status_replicas{namespace=~"vshn-(codey|forgejo|keycloak|mariadb|nextcloud|openbao|postgresql|redis)-.*"} + - kube_statefulset_status_replicas_ready{namespace=~"vshn-(codey|forgejo|keycloak|mariadb|nextcloud|openbao|postgresql|redis)-.*"} > 0 for: 1m labels: diff --git a/tests/golden/dev/appcat/appcat/10_function_appcat.yaml b/tests/golden/dev/appcat/appcat/10_function_appcat.yaml index 5e9e6e23b5..261bf7ba7c 100644 --- a/tests/golden/dev/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/dev/appcat/appcat/10_function_appcat.yaml @@ -4,9 +4,9 @@ metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: '-40' - name: function-appcat-debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-debug-feat-openbao-poc spec: - package: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164-func + package: ghcr.io/vshn/appcat:feat_openbao_poc-func packagePullPolicy: Always runtimeConfigRef: name: enable-proxy diff --git a/tests/golden/dev/appcat/appcat/20_plans_vshn_openbao.yaml b/tests/golden/dev/appcat/appcat/20_plans_vshn_openbao.yaml new file mode 100644 index 0000000000..12db6edb03 --- /dev/null +++ b/tests/golden/dev/appcat/appcat/20_plans_vshn_openbao.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + plans: '{"standard-1": {"size": {"cpu": "250m", "disk": "16Gi", "enabled": true, + "memory": "1Gi"}}, "standard-2": {"size": {"cpu": "500m", "disk": "16Gi", "enabled": + true, "memory": "2Gi"}}, "standard-4": {"size": {"cpu": "1", "disk": "16Gi", "enabled": + true, "memory": "4Gi"}}, "standard-512m": {"size": {"cpu": "125m", "disk": "16Gi", + "enabled": true, "memory": "512Mi"}}, "standard-8": {"size": {"cpu": "2", "disk": + "16Gi", "enabled": true, "memory": "8Gi"}}}' +kind: ConfigMap +metadata: + annotations: {} + labels: + name: vshnopenbaoplans + name: vshnopenbaoplans + namespace: syn-appcat diff --git a/tests/golden/dev/appcat/appcat/20_rbac_vshn_openbao.yaml b/tests/golden/dev/appcat/appcat/20_rbac_vshn_openbao.yaml new file mode 100644 index 0000000000..b30892cf4c --- /dev/null +++ b/tests/golden/dev/appcat/appcat/20_rbac_vshn_openbao.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + argocd.argoproj.io/sync-wave: '-100' + labels: + rbac.authorization.k8s.io/aggregate-to-view: 'true' + name: appcat:composite:xvshnopenbaos.vshn.appcat.vshn.io:claim-view +rules: + - apiGroups: + - vshn.appcat.vshn.io + resources: + - vshnopenbaos + - vshnopenbaos/status + - vshnopenbaos/finalizers + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + argocd.argoproj.io/sync-wave: '-100' + labels: + rbac.authorization.k8s.io/aggregate-to-admin: 'true' + rbac.authorization.k8s.io/aggregate-to-edit: 'true' + name: appcat:composite:xvshnopenbaos.vshn.appcat.vshn.io:claim-edit +rules: + - apiGroups: + - vshn.appcat.vshn.io + resources: + - vshnopenbaos + - vshnopenbaos/status + - vshnopenbaos/finalizers + verbs: + - '*' diff --git a/tests/golden/dev/appcat/appcat/20_role_vshn_openbao_restore.yaml b/tests/golden/dev/appcat/appcat/20_role_vshn_openbao_restore.yaml new file mode 100644 index 0000000000..c25b9d50f9 --- /dev/null +++ b/tests/golden/dev/appcat/appcat/20_role_vshn_openbao_restore.yaml @@ -0,0 +1,84 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + argocd.argoproj.io/sync-wave: '-100' + labels: + name: crossplane-appcat-job-openbao-restorejob + name: crossplane:appcat:job:openbao:restorejob +rules: + - apiGroups: + - vshn.appcat.vshn.io + resources: + - '*' + verbs: + - get + - apiGroups: + - k8up.io + resources: + - snapshots + verbs: + - get + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - list + - create + - delete + - apiGroups: + - apps + resources: + - statefulsets/scale + verbs: + - update + - patch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - apiGroups: + - '' + resources: + - events + verbs: + - get + - create + - patch +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + argocd.argoproj.io/sync-wave: '-100' + labels: + name: openbaorestoreaccount + name: openbaorestoreaccount + namespace: syn-appcat-control +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + argocd.argoproj.io/sync-wave: '-100' + labels: + name: appcat-job-openbao-restorejob + name: appcat:job:openbao:restorejob +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: crossplane:appcat:job:openbao:restorejob +subjects: + - kind: ServiceAccount + name: openbaorestoreaccount + namespace: syn-appcat-control diff --git a/tests/golden/dev/appcat/appcat/20_xrd_vshn_openbao.yaml b/tests/golden/dev/appcat/appcat/20_xrd_vshn_openbao.yaml new file mode 100644 index 0000000000..ee12b7caaf --- /dev/null +++ b/tests/golden/dev/appcat/appcat/20_xrd_vshn_openbao.yaml @@ -0,0 +1,5839 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: '-70' + labels: + metadata.appcat.vshn.io/serviceID: vshn-openbao + name: xvshnopenbaos.vshn.appcat.vshn.io + name: xvshnopenbaos.vshn.appcat.vshn.io +spec: + claimNames: + kind: VSHNOpenBao + plural: vshnopenbaos + connectionSecretKeys: + - ca.crt + - tls.crt + - tls.key + - REDIS_HOST + - REDIS_PORT + - REDIS_USERNAME + - REDIS_PASSWORD + - REDIS_URL + - SENTINEL_HOSTS + defaultCompositionRef: + name: vshnopenbao.vshn.appcat.vshn.io + defaultCompositionUpdatePolicy: Automatic + group: vshn.appcat.vshn.io + names: + kind: XVSHNOpenBao + plural: xvshnopenbaos + versions: + - name: v1 + referenceable: true + schema: + openAPIV3Schema: + description: VSHNOpenBao is the API for creating OpenBao instances. + properties: + spec: + description: Spec defines the desired state of a VSHNOpenBao. + properties: + parameters: + default: {} + description: Parameters are the configurable fields of a VSHNOpenBao. + properties: + backup: + default: {} + description: Backup contains settings to control how the instance + should get backed up. + properties: + enabled: + default: true + description: |- + Enabled specifies if automatic backups are enabled for the instance. + If disabled, no backup bucket, repository password, or K8up schedule will be deployed. + type: boolean + retention: + description: K8upRetentionPolicy describes the retention + configuration for a K8up backup. + properties: + keepDaily: + default: 6 + type: integer + keepHourly: + type: integer + keepLast: + type: integer + keepMonthly: + type: integer + keepWeekly: + type: integer + keepYearly: + type: integer + type: object + schedule: + pattern: ^(\*|([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])|\*\/([0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-9]|5[0-9])) + (\*|([0-9]|1[0-9]|2[0-3])|\*\/([0-9]|1[0-9]|2[0-3])) (\*|([1-9]|1[0-9]|2[0-9]|3[0-1])|\*\/([1-9]|1[0-9]|2[0-9]|3[0-1])) + (\*|([1-9]|1[0-2])|\*\/([1-9]|1[0-2])) (\*|([0-6])|\*\/([0-6]))$ + type: string + type: object + instances: + description: Instances defines the number of instances to run. + type: integer + maintenance: + description: Maintenance contains settings to control the maintenance + of an instance. + properties: + dayOfWeek: + description: |- + DayOfWeek specifies at which weekday the maintenance is held place. + Allowed values are [monday, tuesday, wednesday, thursday, friday, saturday, sunday] + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + timeOfDay: + description: |- + TimeOfDay for installing updates in UTC. + Format: "hh:mm:ss". + pattern: ^([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$ + type: string + type: object + monitoring: + description: Monitoring contains settings to control the monitoring + of a service. + properties: + alertmanagerConfigRef: + description: |- + AlertmanagerConfigRef contains the name of the AlertmanagerConfig that should be copied over to the + namespace of the instance. + type: string + alertmanagerConfigSecretRef: + description: |- + AlertmanagerConfigSecretRef contains the name of the secret that is used + in the referenced AlertmanagerConfig + type: string + alertmanagerConfigTemplate: + description: |- + AlertmanagerConfigSpecTemplate takes an AlertmanagerConfigSpec object. + This takes precedence over the AlertmanagerConfigRef. + properties: + inhibitRules: + description: |- + List of inhibition rules. The rules will only apply to alerts matching + the resource's namespace. + items: + description: |- + InhibitRule defines an inhibition rule that allows to mute alerts when other + alerts are already firing. + See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule + properties: + equal: + description: |- + Labels that must have an equal value in the source and target alert for + the inhibition to take effect. + items: + type: string + type: array + sourceMatch: + description: |- + Matchers for which one or more alerts have to exist for the inhibition + to take effect. The operator enforces that the alert matches the + resource's namespace. + items: + description: Matcher defines how to match on + alert's labels. + properties: + matchType: + description: |- + Match operation available with AlertManager >= v0.22.0 and + takes precedence over Regex (deprecated) if non-empty. + enum: + - '!=' + - '=' + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: |- + Whether to match on equality (false) or regular-expression (true). + Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + targetMatch: + description: |- + Matchers that have to be fulfilled in the alerts to be muted. The + operator enforces that the alert matches the resource's namespace. + items: + description: Matcher defines how to match on + alert's labels. + properties: + matchType: + description: |- + Match operation available with AlertManager >= v0.22.0 and + takes precedence over Regex (deprecated) if non-empty. + enum: + - '!=' + - '=' + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: |- + Whether to match on equality (false) or regular-expression (true). + Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + type: object + type: array + muteTimeIntervals: + description: List of MuteTimeInterval specifying when + the routes should be muted. + items: + description: MuteTimeInterval specifies the periods + in time when notifications will be muted + properties: + name: + description: Name of the time interval + type: string + timeIntervals: + description: TimeIntervals is a list of TimeInterval + items: + description: TimeInterval describes intervals + of time + properties: + daysOfMonth: + description: DaysOfMonth is a list of DayOfMonthRange + items: + description: DayOfMonthRange is an inclusive + range of days of the month beginning + at 1 + properties: + end: + description: End of the inclusive + range + maximum: 31 + minimum: -31 + type: integer + start: + description: Start of the inclusive + range + maximum: 31 + minimum: -31 + type: integer + type: object + type: array + months: + description: Months is a list of MonthRange + items: + description: |- + MonthRange is an inclusive range of months of the year beginning in January + Months can be specified by name (e.g 'January') by numerical month (e.g '1') or as an inclusive range (e.g 'January:March', '1:3', '1:March') + pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12]))$)|$) + type: string + type: array + times: + description: Times is a list of TimeRange + items: + description: TimeRange defines a start + and end time in 24hr format + properties: + endTime: + description: EndTime is the end time + in 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + startTime: + description: StartTime is the start + time in 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + type: object + type: array + weekdays: + description: Weekdays is a list of WeekdayRange + items: + description: |- + WeekdayRange is an inclusive range of days of the week beginning on Sunday + Days can be specified by name (e.g 'Sunday') or as an inclusive range (e.g 'Monday:Friday') + pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$) + type: string + type: array + years: + description: Years is a list of YearRange + items: + description: YearRange is an inclusive + range of years + pattern: ^2\d{3}(?::2\d{3}|$) + type: string + type: array + type: object + type: array + required: + - name + type: object + type: array + receivers: + description: List of receivers. + items: + description: Receiver defines one or more notification + integrations. + properties: + emailConfigs: + description: List of Email configurations. + items: + description: EmailConfig configures notifications + via Email. + properties: + authIdentity: + description: The identity to use for authentication. + type: string + authPassword: + description: |- + The secret's key that contains the password to use for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authSecret: + description: |- + The secret's key that contains the CRAM-MD5 secret. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + authUsername: + description: The username to use for authentication. + type: string + from: + description: The sender address. + type: string + headers: + description: |- + Further headers email header key/value pairs. Overrides any headers + previously set by the notification implementation. + items: + description: KeyValue defines a (key, + value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + hello: + description: The hostname to identify to + the SMTP server. + type: string + html: + description: The HTML body of the email + notification. + type: string + requireTLS: + description: |- + The SMTP TLS requirement. + Note that Go does not support unencrypted connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + smarthost: + description: The SMTP host and port through + which emails are sent. E.g. example.com:25 + type: string + text: + description: The text body of the email + notification. + type: string + tlsConfig: + description: TLS configuration + properties: + ca: + description: Certificate authority used + when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data + to use for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present + when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data + to use for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the client + key file for the targets. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname + for the targets. + type: string + type: object + to: + description: The email address to send notifications + to. + type: string + type: object + type: array + name: + description: Name of the receiver. Must be unique + across all items from the list. + minLength: 1 + type: string + opsgenieConfigs: + description: List of OpsGenie configurations. + items: + description: |- + OpsGenieConfig configures notifications via OpsGenie. + See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + actions: + description: Comma separated list of actions + that will be available for the alert. + type: string + apiKey: + description: |- + The secret's key that contains the OpsGenie API key. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: The URL to send OpsGenie API + requests to. + type: string + description: + description: Description of the incident. + type: string + details: + description: A set of arbitrary key/value + pairs that provide further detail about + the incident. + items: + description: KeyValue defines a (key, + value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entity: + description: Optional field that can be + used to specify which domain alert is + related to. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: Alert text limited to 130 characters. + type: string + note: + description: Additional alert note. + type: string + priority: + description: Priority level of alert. Possible + values are P1, P2, P3, P4, and P5. + type: string + responders: + description: List of responders responsible + for notifications. + items: + description: |- + OpsGenieConfigResponder defines a responder to an incident. + One of `id`, `name` or `username` has to be defined. + properties: + id: + description: ID of the responder. + type: string + name: + description: Name of the responder. + type: string + type: + description: Type of responder. + enum: + - team + - teams + - user + - escalation + - schedule + minLength: 1 + type: string + username: + description: Username of the responder. + type: string + required: + - type + type: object + type: array + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + source: + description: Backlink to the sender of the + notification. + type: string + tags: + description: Comma separated list of tags + attached to the notifications. + type: string + updateAlerts: + description: |- + Whether to update message and description of the alert in OpsGenie if it already exists + By default, the alert is never updated in OpsGenie, the new message only appears in activity log. + type: boolean + type: object + type: array + pagerdutyConfigs: + description: List of PagerDuty configurations. + items: + description: |- + PagerDutyConfig configures notifications via PagerDuty. + See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config + properties: + class: + description: The class/type of the event. + type: string + client: + description: Client identification. + type: string + clientURL: + description: Backlink to the sender of notification. + type: string + component: + description: The part or component of the + affected system that is broken. + type: string + description: + description: Description of the incident. + type: string + details: + description: Arbitrary key/value pairs that + provide further detail about the incident. + items: + description: KeyValue defines a (key, + value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + group: + description: A cluster or grouping of sources. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + pagerDutyImageConfigs: + description: A list of image details to + attach that provide further detail about + an incident. + items: + description: PagerDutyImageConfig attaches + images to an incident + properties: + alt: + description: Alt is the optional alternative + text for the image. + type: string + href: + description: Optional URL; makes the + image a clickable link. + type: string + src: + description: Src of the image being + attached to the incident + type: string + type: object + type: array + pagerDutyLinkConfigs: + description: A list of link details to attach + that provide further detail about an incident. + items: + description: PagerDutyLinkConfig attaches + text links to an incident + properties: + alt: + description: Text that describes the + purpose of the link, and can be + used as the link's text. + type: string + href: + description: Href is the URL of the + link to be attached + type: string + type: object + type: array + routingKey: + description: |- + The secret's key that contains the PagerDuty integration key (when using + Events API v2). Either this field or `serviceKey` needs to be defined. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + serviceKey: + description: |- + The secret's key that contains the PagerDuty service key (when using + integration type "Prometheus"). Either this field or `routingKey` needs to + be defined. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + severity: + description: Severity of the incident. + type: string + url: + description: The URL to send requests to. + type: string + type: object + type: array + pushoverConfigs: + description: List of Pushover configurations. + items: + description: |- + PushoverConfig configures notifications via Pushover. + See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + properties: + expire: + description: |- + How long your notification will continue to be retried for, unless the user + acknowledges the notification. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + html: + description: Whether notification message + is HTML or plain text. + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: Notification message. + type: string + priority: + description: Priority, see https://pushover.net/api#priority + type: string + retry: + description: |- + How often the Pushover servers will send the same notification to the user. + Must be at least 30 seconds. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + sound: + description: The name of one of the sounds + supported by device clients to override + the user's default sound choice + type: string + title: + description: Notification title. + type: string + token: + description: |- + The secret's key that contains the registered application's API token, see https://pushover.net/apps. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + url: + description: A supplementary URL shown alongside + the message. + type: string + urlTitle: + description: A title for supplementary URL, + otherwise just the URL is shown + type: string + userKey: + description: |- + The secret's key that contains the recipient user's user key. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - token + - userKey + type: object + type: array + slackConfigs: + description: List of Slack configurations. + items: + description: |- + SlackConfig configures notifications via Slack. + See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + properties: + actions: + description: A list of Slack actions that + are sent with each notification. + items: + description: |- + SlackAction configures a single Slack action that is sent with each + notification. + See https://api.slack.com/docs/message-attachments#action_fields and + https://api.slack.com/docs/message-buttons for more information. + properties: + confirm: + description: |- + SlackConfirmationField protect users from destructive actions or + particularly distinguished decisions by asking them to confirm their button + click one more time. + See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields + for more information. + properties: + dismissText: + type: string + okText: + type: string + text: + minLength: 1 + type: string + title: + type: string + required: + - text + type: object + name: + type: string + style: + type: string + text: + minLength: 1 + type: string + type: + minLength: 1 + type: string + url: + type: string + value: + type: string + required: + - text + - type + type: object + type: array + apiURL: + description: |- + The secret's key that contains the Slack webhook URL. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + callbackId: + type: string + channel: + description: The channel or user to send + notifications to. + type: string + color: + type: string + fallback: + type: string + fields: + description: A list of Slack fields that + are sent with each notification. + items: + description: |- + SlackField configures a single Slack field that is sent with each notification. + Each field must contain a title, value, and optionally, a boolean value to indicate if the field + is short enough to be displayed next to other fields designated as short. + See https://api.slack.com/docs/message-attachments#fields for more information. + properties: + short: + type: boolean + title: + minLength: 1 + type: string + value: + minLength: 1 + type: string + required: + - title + - value + type: object + type: array + footer: + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + iconEmoji: + type: string + iconURL: + type: string + imageURL: + type: string + linkNames: + type: boolean + mrkdwnIn: + items: + type: string + type: array + pretext: + type: string + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + shortFields: + type: boolean + text: + type: string + thumbURL: + type: string + title: + type: string + titleLink: + type: string + username: + type: string + type: object + type: array + snsConfigs: + description: List of SNS configurations + items: + description: |- + SNSConfig configures notifications via AWS SNS. + See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs + properties: + apiURL: + description: |- + The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. + If not specified, the SNS API URL from the SNS SDK will be used. + type: string + attributes: + additionalProperties: + type: string + description: SNS message attributes. + type: object + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: The message content of the + SNS notification. + type: string + phoneNumber: + description: |- + Phone number if message is delivered via SMS in E.164 format. + If you don't specify this value, you must specify a value for the TopicARN or TargetARN. + type: string + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + sigv4: + description: Configures AWS's Signature + Verification 4 signing process to sign + requests. + properties: + accessKey: + description: AccessKey is the AWS API + key. If blank, the environment variable + `AWS_ACCESS_KEY_ID` is used. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: Profile is the named AWS + profile used to authenticate. + type: string + region: + description: Region is the AWS region. + If blank, the region from the default + credentials chain used. + type: string + roleArn: + description: RoleArn is the named AWS + profile used to authenticate. + type: string + secretKey: + description: SecretKey is the AWS API + secret. If blank, the environment + variable `AWS_SECRET_ACCESS_KEY` is + used. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + subject: + description: Subject line when the message + is delivered to email endpoints. + type: string + targetARN: + description: |- + The mobile platform endpoint ARN if message is delivered via mobile notifications. + If you don't specify this value, you must specify a value for the topic_arn or PhoneNumber. + type: string + topicARN: + description: |- + SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic + If you don't specify this value, you must specify a value for the PhoneNumber or TargetARN. + type: string + type: object + type: array + telegramConfigs: + description: List of Telegram configurations. + items: + description: |- + TelegramConfig configures notifications via Telegram. + See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config + properties: + apiURL: + description: |- + The Telegram API URL i.e. https://api.telegram.org. + If not specified, default API URL will be used. + type: string + botToken: + description: |- + Telegram bot token + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + chatID: + description: The Telegram chat ID. + format: int64 + type: integer + disableNotifications: + description: Disable telegram notifications + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: Message template + type: string + parseMode: + description: Parse mode for telegram message + enum: + - MarkdownV2 + - Markdown + - HTML + type: string + sendResolved: + description: Whether to notify about resolved + alerts. + type: boolean + type: object + type: array + victoropsConfigs: + description: List of VictorOps configurations. + items: + description: |- + VictorOpsConfig configures notifications via VictorOps. + See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: |- + The secret's key that contains the API key to use when talking to the VictorOps API. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiUrl: + description: The VictorOps API URL. + type: string + customFields: + description: Additional custom fields for + notification. + items: + description: KeyValue defines a (key, + value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entityDisplayName: + description: Contains summary of the alerted + problem. + type: string + httpConfig: + description: The HTTP client's configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + messageType: + description: Describes the behavior of the + alert (CRITICAL, WARNING, INFO). + type: string + monitoringTool: + description: The monitoring tool the state + message is from. + type: string + routingKey: + description: A key used to map the alert + to a team. + type: string + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + stateMessage: + description: Contains long explanation of + the alerted problem. + type: string + type: object + type: array + webhookConfigs: + description: List of webhook configurations. + items: + description: |- + WebhookConfig configures notifications via a generic receiver supporting the webhook payload. + See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + maxAlerts: + description: Maximum number of alerts to + be sent per webhook message. When 0, all + alerts are included. + format: int32 + minimum: 0 + type: integer + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + url: + description: |- + The URL to send HTTP POST requests to. `urlSecret` takes precedence over + `url`. One of `urlSecret` and `url` should be defined. + type: string + urlSecret: + description: |- + The secret's key that contains the webhook URL to send HTTP requests to. + `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` + should be defined. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + wechatConfigs: + description: List of WeChat configurations. + items: + description: |- + WeChatConfig configures notifications via WeChat. + See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config + properties: + agentID: + type: string + apiSecret: + description: |- + The secret's key that contains the WeChat API key. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + apiURL: + description: The WeChat API URL. + type: string + corpID: + description: The corp id for authentication. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: |- + Authorization header configuration for the client. + This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that + contains the credentials of the + request + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: |- + Set the authentication type. Defaults to Bearer, Basic will cause an + error + type: string + type: object + basicAuth: + description: |- + BasicAuth for the client. + This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence. + properties: + password: + description: |- + The secret in the service monitor namespace that contains the password + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: |- + The secret in the service monitor namespace that contains the username + for authentication. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: |- + The secret's key that contains the bearer token to be used by the client + for authentication. + The secret needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies + whether the client should follow HTTP + 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials + used to fetch a token for the targets. + properties: + clientId: + description: The secret or configmap + containing the OAuth2 client id + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing + the OAuth2 client secret + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append + to the token URL + type: object + scopes: + description: OAuth2 scopes used + for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the + token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the + client. + properties: + ca: + description: Certificate authority + used when verifying server certificates. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate + to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing + data to use for the targets. + properties: + key: + description: The key to + select. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing + data to use for the targets. + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + keySecret: + description: Secret containing the + client key file for the targets. + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + default: '' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the + hostname for the targets. + type: string + type: object + type: object + message: + description: API request data as defined + by the WeChat API. + type: string + messageType: + type: string + sendResolved: + description: Whether or not to notify about + resolved alerts. + type: boolean + toParty: + type: string + toTag: + type: string + toUser: + type: string + type: object + type: array + required: + - name + type: object + type: array + route: + description: |- + The Alertmanager route definition for alerts matching the resource's + namespace. If present, it will be added to the generated Alertmanager + configuration as a first-level route. + properties: + activeTimeIntervals: + description: ActiveTimeIntervals is a list of MuteTimeInterval + names when this route should be active. + items: + type: string + type: array + continue: + description: |- + Boolean indicating whether an alert should continue matching subsequent + sibling nodes. It will always be overridden to true for the first-level + route by the Prometheus operator. + type: boolean + groupBy: + description: |- + List of labels to group by. + Labels must not be repeated (unique list). + Special label "..." (aggregate by all possible labels), if provided, must be the only element in the list. + items: + type: string + type: array + groupInterval: + description: |- + How long to wait before sending an updated notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "5m" + type: string + groupWait: + description: |- + How long to wait before sending the initial notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "30s" + type: string + matchers: + description: |- + List of matchers that the alert's labels should match. For the first + level route, the operator removes any existing equality and regexp + matcher on the `namespace` label and adds a `namespace: ` matcher. + items: + description: Matcher defines how to match on alert's + labels. + properties: + matchType: + description: |- + Match operation available with AlertManager >= v0.22.0 and + takes precedence over Regex (deprecated) if non-empty. + enum: + - '!=' + - '=' + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: |- + Whether to match on equality (false) or regular-expression (true). + Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + muteTimeIntervals: + description: |- + Note: this comment applies to the field definition above but appears + below otherwise it gets included in the generated manifest. + CRD schema doesn't support self-referential types for now (see + https://github.com/kubernetes/kubernetes/issues/62872). We have to use + an alternative type to circumvent the limitation. The downside is that + the Kube API can't validate the data beyond the fact that it is a valid + JSON representation. + MuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched, + items: + type: string + type: array + receiver: + description: |- + Name of the receiver for this route. If not empty, it should be listed in + the `receivers` field. + type: string + repeatInterval: + description: |- + How long to wait before repeating the last notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "4h" + type: string + routes: + description: Child routes. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + email: + description: Email necessary to send alerts via email + type: string + type: object + scheduling: + description: Scheduling contains settings to control the scheduling + of an instance. + properties: + nodeSelector: + additionalProperties: + type: string + description: "NodeSelector is a selector which must match\ + \ a node\u2019s labels for the pod to be scheduled on\ + \ that node" + type: object + type: object + security: + default: {} + description: Security contains settings to control the security + of a service. + properties: + allowAllNamespaces: + default: false + description: AllowAllNamespaces allows the service to be + accessible from all namespaces, this supersedes the AllowedNamespaces + field + type: boolean + allowedGroups: + description: AllowedGroups defines a list of Groups that + have limited access to the instance namespace + items: + type: string + type: array + allowedNamespaces: + description: AllowedNamespaces defines a list of namespaces + from where the service can be reached in the claim namespace + items: + type: string + type: array + allowedUsers: + description: AllowedUsers defines a list of Users that have + limited access to instance namespace. + items: + type: string + type: array + deletionProtection: + default: true + description: DeletionProtection blocks the deletion of the + instance if it is enabled (enabled by default) + type: boolean + type: object + service: + default: {} + description: Service contains OpenBao DBaaS specific properties + properties: + openBaoSettings: + description: OpenBaoSettings contains additional OpenBao + settings. + properties: + version: + description: AutoUnseal configures various auto unseal + methods. + properties: + awsKmsSecretRef: + description: AWSKmsSecretRef references to secret + containing AWS KMS credentials and configuration + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + type: string + type: object + x-kubernetes-map-type: atomic + azureKeyVaultSecretRef: + description: AzureKeyVaultSecretRef references to + secret containing Azure Key Vault credentials + and configuration + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + type: string + type: object + x-kubernetes-map-type: atomic + gcpKmsSecretRef: + description: GCPKmsSecretRef references to secret + containing GCP KMS credentials and configuration + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + type: string + type: object + x-kubernetes-map-type: atomic + transitSecretRef: + description: TransitSecretRef references to secret + containing Transit auto-unseal configuration + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + serviceLevel: + default: besteffort + description: ServiceLevel defines the service level of this + service. For this cluster only 'besteffort' is allowed. + enum: + - besteffort + type: string + version: + default: + description: |- + Version contains supported version of OpenBao. + Multiple versions are supported. The latest version is the default version. + enum: + - + type: string + type: object + size: + default: {} + description: Size contains settings to control the sizing of + a service. + properties: + cpu: + description: CPU defines the amount of Kubernetes CPUs for + an instance. + type: string + disk: + description: Disk defines the amount of disk space for an + instance. + type: string + memory: + description: Memory defines the amount of memory in units + of bytes for an instance. + type: string + plan: + default: standard-1 + description: | + Plan is the name of the resource plan that defines the compute resources. + + The following plans are available: + + standard-1 - CPU: 250m; Memory: 1Gi; Disk: 16Gi + + standard-2 - CPU: 500m; Memory: 2Gi; Disk: 16Gi + + standard-4 - CPU: 1; Memory: 4Gi; Disk: 16Gi + + standard-512m - CPU: 125m; Memory: 512Mi; Disk: 16Gi + + standard-8 - CPU: 2; Memory: 8Gi; Disk: 16Gi + enum: + - standard-1 + - standard-2 + - standard-4 + - standard-512m + - standard-8 + type: string + requests: + description: Requests defines CPU and memory requests for + an instance + properties: + cpu: + description: CPU defines the amount of Kubernetes CPUs + for an instance. + type: string + memory: + description: Memory defines the amount of memory in + units of bytes for an instance. + type: string + type: object + type: object + type: object + type: object + status: + description: Status reflects the observed state of a VSHNOpenBao. + properties: + caCertificateConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - 'True' + - 'False' + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + clientCertificateConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - 'True' + - 'False' + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + instanceNamespace: + description: InstanceNamespace contains the name of the namespace + where the instance resides + type: string + localCAConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - 'True' + - 'False' + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + namespaceConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - 'True' + - 'False' + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + schedules: + description: |- + Schedules keeps track of random generated schedules, is overwriten by + schedules set in the service's spec. + properties: + backup: + description: Backup keeps track of the backup schedule. + type: string + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition + from one status to another. + type: string + status: + description: Status of this condition; is it currently + True, False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + maintenance: + description: Maintenance keeps track of the maintenance schedule. + properties: + dayOfWeek: + description: |- + DayOfWeek specifies at which weekday the maintenance is held place. + Allowed values are [monday, tuesday, wednesday, thursday, friday, saturday, sunday] + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + timeOfDay: + description: |- + TimeOfDay for installing updates in UTC. + Format: "hh:mm:ss". + pattern: ^([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$ + type: string + type: object + observedGeneration: + description: |- + ObservedGeneration is the latest metadata.generation + which resulted in either a ready state, or stalled due to error + it can not recover from without human intervention. + format: int64 + type: integer + type: object + selfSignedIssuerConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - 'True' + - 'False' + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + serverCertificateConditions: + items: + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the transition. + maxLength: 32768 + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: Reason contains a programmatic identifier indicating + the reason for the condition's last transition. + maxLength: 1024 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + enum: + - 'True' + - 'False' + - Unknown + type: string + type: + description: Type of condition. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true diff --git a/tests/golden/dev/appcat/appcat/21_composition_objectstorage_minio.yaml b/tests/golden/dev/appcat/appcat/21_composition_objectstorage_minio.yaml index d52aad3056..74f5bb33ac 100644 --- a/tests/golden/dev/appcat/appcat/21_composition_objectstorage_minio.yaml +++ b/tests/golden/dev/appcat/appcat/21_composition_objectstorage_minio.yaml @@ -21,7 +21,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-debug-feat-openbao-poc input: apiVersion: v1 data: diff --git a/tests/golden/dev/appcat/appcat/21_composition_vshn_codey.yaml b/tests/golden/dev/appcat/appcat/21_composition_vshn_codey.yaml index f5fac9c081..106865eadd 100644 --- a/tests/golden/dev/appcat/appcat/21_composition_vshn_codey.yaml +++ b/tests/golden/dev/appcat/appcat/21_composition_vshn_codey.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: lpg labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: debug-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-codey name: codey.io name: codey.io diff --git a/tests/golden/dev/appcat/appcat/21_composition_vshn_forgejo.yaml b/tests/golden/dev/appcat/appcat/21_composition_vshn_forgejo.yaml index f6fcbb6759..02a85f50af 100644 --- a/tests/golden/dev/appcat/appcat/21_composition_vshn_forgejo.yaml +++ b/tests/golden/dev/appcat/appcat/21_composition_vshn_forgejo.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: lpg labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: debug-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-forgejo name: vshnforgejo.vshn.appcat.vshn.io name: vshnforgejo.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-debug-feat-openbao-poc input: apiVersion: v1 data: @@ -47,7 +47,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud ignoreNamespaceForBilling: vshn-test imageRegistry: code.forgejo.org - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc ingress_annotations: | cert-manager.io/cluster-issuer: letsencrypt-production isOpenshift: 'false' diff --git a/tests/golden/dev/appcat/appcat/21_composition_vshn_keycloak.yaml b/tests/golden/dev/appcat/appcat/21_composition_vshn_keycloak.yaml index f36fc3033b..2f8a46cc54 100644 --- a/tests/golden/dev/appcat/appcat/21_composition_vshn_keycloak.yaml +++ b/tests/golden/dev/appcat/appcat/21_composition_vshn_keycloak.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: lpg labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: debug-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-keycloak name: vshnkeycloak.vshn.appcat.vshn.io name: vshnkeycloak.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-debug-feat-openbao-poc input: apiVersion: v1 data: @@ -48,7 +48,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud ignoreNamespaceForBilling: vshn-test imageRegistry: docker-registry.inventage.com:10121/keycloak-competence-center/keycloak-managed - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc ingress_annotations: | nginx.ingress.kubernetes.io/backend-protocol: HTTPS cert-manager.io/cluster-issuer: letsencrypt-staging diff --git a/tests/golden/dev/appcat/appcat/21_composition_vshn_mariadb.yaml b/tests/golden/dev/appcat/appcat/21_composition_vshn_mariadb.yaml index 01bcaccfc2..0237c6f427 100644 --- a/tests/golden/dev/appcat/appcat/21_composition_vshn_mariadb.yaml +++ b/tests/golden/dev/appcat/appcat/21_composition_vshn_mariadb.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: lpg labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: debug-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-mariadb name: vshnmariadb.vshn.appcat.vshn.io name: vshnmariadb.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-debug-feat-openbao-poc input: apiVersion: v1 data: @@ -47,7 +47,7 @@ spec: ignoreNamespaceForBilling: vshn-test imageRegistry: docker.io imageRepositoryPrefix: bitnamilegacy - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc isOpenshift: 'false' maintenanceSA: helm-based-service-maintenance maintenanceURL: https://hub.docker.com/v2/repositories/bitnamilegacy/mariadb-galera/tags/?page_size=100 diff --git a/tests/golden/dev/appcat/appcat/21_composition_vshn_nextcloud.yaml b/tests/golden/dev/appcat/appcat/21_composition_vshn_nextcloud.yaml index 18b2dcaa65..d6bd01267c 100644 --- a/tests/golden/dev/appcat/appcat/21_composition_vshn_nextcloud.yaml +++ b/tests/golden/dev/appcat/appcat/21_composition_vshn_nextcloud.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: lpg labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: debug-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-nextcloud name: vshnnextcloud.vshn.appcat.vshn.io name: vshnnextcloud.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-debug-feat-openbao-poc input: apiVersion: v1 data: @@ -54,7 +54,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud ignoreNamespaceForBilling: vshn-test imageRegistry: dockerhub.vshn.net - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc ingress_annotations: | cert-manager.io/cluster-issuer: letsencrypt-staging isOpenshift: 'false' diff --git a/tests/golden/dev/appcat/appcat/21_composition_vshn_openbao.yaml b/tests/golden/dev/appcat/appcat/21_composition_vshn_openbao.yaml new file mode 100644 index 0000000000..f37468bca1 --- /dev/null +++ b/tests/golden/dev/appcat/appcat/21_composition_vshn_openbao.yaml @@ -0,0 +1,82 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: '-60' + metadata.appcat.vshn.io/description: Openbao instances by VSHN + metadata.appcat.vshn.io/displayname: Openbao by VSHN + metadata.appcat.vshn.io/end-user-docs-url: https://vs.hn/vshn-openbao + metadata.appcat.vshn.io/flavor: standalone + metadata.appcat.vshn.io/plans: '{"standard-1":{"size":{"cpu":"250m","disk":"16Gi","enabled":true,"memory":"1Gi"}},"standard-2":{"size":{"cpu":"500m","disk":"16Gi","enabled":true,"memory":"2Gi"}},"standard-4":{"size":{"cpu":"1","disk":"16Gi","enabled":true,"memory":"4Gi"}},"standard-512m":{"size":{"cpu":"125m","disk":"16Gi","enabled":true,"memory":"512Mi"}},"standard-8":{"size":{"cpu":"2","disk":"16Gi","enabled":true,"memory":"8Gi"}}}' + metadata.appcat.vshn.io/product-description: https://products.docs.vshn.ch/products/appcat/openbao.html + metadata.appcat.vshn.io/zone: lpg + labels: + metadata.appcat.vshn.io/offered: 'true' + metadata.appcat.vshn.io/revision: debug-feat_openbao_poc + metadata.appcat.vshn.io/serviceID: vshn-openbao + name: vshnopenbao.vshn.appcat.vshn.io + name: vshnopenbao.vshn.appcat.vshn.io +spec: + compositeTypeRef: + apiVersion: vshn.appcat.vshn.io/v1 + kind: XVSHNOpenBao + mode: Pipeline + pipeline: + - functionRef: + name: function-appcat-debug-feat-openbao-poc + input: + apiVersion: v1 + data: + billingEnabled: 'false' + billingUnitID: uom_uom_45_1e112771 + bucketRegion: rma + chartRepository: https://openbao.github.io/openbao-helm + chartVersion: 0.19.3 + clusterName: c-green-test-1234 + controlNamespace: syn-appcat-control + crDeletionAfter: '180' + crossplaneNamespace: syn-crossplane + defaultPlan: standard-1 + emailAlertingEnabled: 'true' + emailAlertingSecretName: mailgun-smtp-credentials + emailAlertingSecretNamespace: syn-appcat + emailAlertingSmtpFromAddress: appcat@appuio.cloud + emailAlertingSmtpHost: smtp.eu.mailgun.org:465 + emailAlertingSmtpUsername: appcat@appuio.cloud + ignoreNamespaceForBilling: vshn-test + imageRegistry: ghcr.io + imageRepositoryPrefix: vshn + imageTag: feat_openbao_poc + isOpenshift: 'false' + kubectl_image: docker.io/bitnamilegacy/kubectl:1.25.15 + maintenanceSA: helm-based-service-maintenance + maintenanceURL: https://ghcr.io/v2/vshn/redis/tags/list?page_size=100 + minimumRevisionAge: 168h + mode: standalone + ocpDefaultAppsDomain: apps.lab-cloudscale-rma-0.appuio.cloud + ownerGroup: vshn.appcat.vshn.io + ownerKind: XVSHNOpenBao + ownerVersion: v1 + plans: '{"standard-1": {"size": {"cpu": "250m", "disk": "16Gi", "enabled": + true, "memory": "1Gi"}}, "standard-2": {"size": {"cpu": "500m", "disk": + "16Gi", "enabled": true, "memory": "2Gi"}}, "standard-4": {"size": {"cpu": + "1", "disk": "16Gi", "enabled": true, "memory": "4Gi"}}, "standard-512m": + {"size": {"cpu": "125m", "disk": "16Gi", "enabled": true, "memory": "512Mi"}}, + "standard-8": {"size": {"cpu": "2", "disk": "16Gi", "enabled": true, "memory": + "8Gi"}}}' + proxyEndpoint: 172.18.0.1:9443 + quotasEnabled: 'false' + releaseManagementEnabled: 'false' + restoreSA: openbaorestoreaccount + salesOrder: '' + serviceID: vshn-openbao + serviceName: openbao + sliNamespace: syn-appcat-slos + kind: ConfigMap + metadata: + labels: + name: xfn-config + name: xfn-config + step: openbao-func + writeConnectionSecretsToNamespace: syn-crossplane diff --git a/tests/golden/dev/appcat/appcat/21_composition_vshn_postgres.yaml b/tests/golden/dev/appcat/appcat/21_composition_vshn_postgres.yaml index 058db27dd1..4daf8264a0 100644 --- a/tests/golden/dev/appcat/appcat/21_composition_vshn_postgres.yaml +++ b/tests/golden/dev/appcat/appcat/21_composition_vshn_postgres.yaml @@ -15,7 +15,7 @@ metadata: metadata.appcat.vshn.io/zone: lpg labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: debug-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-postgresql name: vshnpostgres.vshn.appcat.vshn.io name: vshnpostgres.vshn.appcat.vshn.io @@ -26,7 +26,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-debug-feat-openbao-poc input: apiVersion: v1 data: @@ -50,7 +50,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud externalDatabaseConnectionsEnabled: 'true' ignoreNamespaceForBilling: vshn-test - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc initContainers: '{"clusterReconciliationCycle": {"limits": {"cpu": "300m", "memory": "200Mi"}, "requests": {"cpu": "100m", "memory": "100Mi"}}, "pgbouncerAuthFile": {"limits": {"cpu": "300m", "memory": "500Mi"}, "requests": {"cpu": "100m", diff --git a/tests/golden/dev/appcat/appcat/21_composition_vshn_postgrescnpg.yaml b/tests/golden/dev/appcat/appcat/21_composition_vshn_postgrescnpg.yaml index 7f4b13face..ede5a2abf7 100644 --- a/tests/golden/dev/appcat/appcat/21_composition_vshn_postgrescnpg.yaml +++ b/tests/golden/dev/appcat/appcat/21_composition_vshn_postgrescnpg.yaml @@ -15,7 +15,7 @@ metadata: metadata.appcat.vshn.io/zone: lpg labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: debug-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-postgresql name: vshnpostgrescnpg.vshn.appcat.vshn.io name: vshnpostgrescnpg.vshn.appcat.vshn.io @@ -26,7 +26,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-debug-feat-openbao-poc input: apiVersion: v1 data: @@ -50,7 +50,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud externalDatabaseConnectionsEnabled: 'true' ignoreNamespaceForBilling: vshn-test - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc isOpenshift: 'false' kubectl_image: docker.io/bitnamilegacy/kubectl:1.25.15 loadbalancerAnnotations: | diff --git a/tests/golden/dev/appcat/appcat/21_composition_vshn_redis.yaml b/tests/golden/dev/appcat/appcat/21_composition_vshn_redis.yaml index 7754622e8c..76e0280b8b 100644 --- a/tests/golden/dev/appcat/appcat/21_composition_vshn_redis.yaml +++ b/tests/golden/dev/appcat/appcat/21_composition_vshn_redis.yaml @@ -17,7 +17,7 @@ metadata: metadata.appcat.vshn.io/zone: lpg labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: debug-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-redis name: vshnredis.vshn.appcat.vshn.io name: vshnredis.vshn.appcat.vshn.io @@ -28,7 +28,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-debug-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-debug-feat-openbao-poc input: apiVersion: v1 data: @@ -51,7 +51,7 @@ spec: ignoreNamespaceForBilling: vshn-test imageRegistry: ghcr.io imageRepositoryPrefix: vshn - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc isOpenshift: 'false' kubectl_image: docker.io/bitnamilegacy/kubectl:1.25.15 maintenanceSA: helm-based-service-maintenance diff --git a/tests/golden/dev/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/dev/appcat/appcat/apiserver/30_deployment.yaml index df799ee1ae..80066d9b8a 100644 --- a/tests/golden/dev/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/dev/appcat/appcat/apiserver/30_deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - metadata.appcat.vshn.io/enabled-services-hash: 3d50aeee31a67654c31bb6df8f0b8981 + metadata.appcat.vshn.io/enabled-services-hash: 97a600d43c8e32dc425f7ef4164f8f03 labels: api: appcat apiserver: 'true' @@ -31,7 +31,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: Always livenessProbe: failureThreshold: 3 diff --git a/tests/golden/dev/appcat/appcat/controllers/appcat/30_deployment.yaml b/tests/golden/dev/appcat/appcat/controllers/appcat/30_deployment.yaml index 1d4394995d..1ba2075a81 100644 --- a/tests/golden/dev/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/tests/golden/dev/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - metadata.appcat.vshn.io/enabled-services-hash: 3d50aeee31a67654c31bb6df8f0b8981 + metadata.appcat.vshn.io/enabled-services-hash: 97a600d43c8e32dc425f7ef4164f8f03 labels: appcat-controller: appcat-controller name: appcat-controller @@ -28,7 +28,7 @@ spec: env: - name: PLANS_NAMESPACE value: syn-appcat - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: Always livenessProbe: httpGet: diff --git a/tests/golden/dev/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml b/tests/golden/dev/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml index 15c59f1f16..18a53b2849 100644 --- a/tests/golden/dev/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml +++ b/tests/golden/dev/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: template: metadata: annotations: - function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + function-revision: feat/openbao_poc labels: app: crossplane app.kubernetes.io/component: cloud-infrastructure-controller diff --git a/tests/golden/dev/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml b/tests/golden/dev/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml index f285dd1a75..40fb3d7537 100644 --- a/tests/golden/dev/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml +++ b/tests/golden/dev/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml @@ -26,7 +26,7 @@ spec: template: metadata: annotations: - function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + function-revision: feat/openbao_poc labels: app: crossplane-rbac-manager app.kubernetes.io/component: cloud-infrastructure-controller diff --git a/tests/golden/dev/appcat/appcat/sla_reporter/01_cronjob.yaml b/tests/golden/dev/appcat/appcat/sla_reporter/01_cronjob.yaml index 20122a9792..f312afebea 100644 --- a/tests/golden/dev/appcat/appcat/sla_reporter/01_cronjob.yaml +++ b/tests/golden/dev/appcat/appcat/sla_reporter/01_cronjob.yaml @@ -30,7 +30,7 @@ spec: envFrom: - secretRef: name: appcat-sla-reports-creds - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc name: sla-reporter resources: limits: diff --git a/tests/golden/dev/appcat/appcat/sli_exporter/70_slo_vshn_openbao.yaml b/tests/golden/dev/appcat/appcat/sli_exporter/70_slo_vshn_openbao.yaml new file mode 100644 index 0000000000..9315457bf7 --- /dev/null +++ b/tests/golden/dev/appcat/appcat/sli_exporter/70_slo_vshn_openbao.yaml @@ -0,0 +1,193 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + name: vshn-openbao + name: vshn-openbao + namespace: syn-appcat-slos +spec: + groups: + - name: sloth-slo-sli-recordings-appcat-vshn-openbao-uptime + rules: + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", ha="false", maintenance="false"}[5m]) or 0*rate(appcat_probes_seconds_count{service="VSHNOpenBao"}[5m])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNOpenBao", ha="false"}[5m])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + sloth_window: 5m + record: slo:sli_error:ratio_rate5m + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", ha="false", maintenance="false"}[30m]) or 0*rate(appcat_probes_seconds_count{service="VSHNOpenBao"}[30m])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNOpenBao", ha="false"}[30m])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + sloth_window: 30m + record: slo:sli_error:ratio_rate30m + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", ha="false", maintenance="false"}[1h]) or 0*rate(appcat_probes_seconds_count{service="VSHNOpenBao"}[1h])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNOpenBao", ha="false"}[1h])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + sloth_window: 1h + record: slo:sli_error:ratio_rate1h + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", ha="false", maintenance="false"}[2h]) or 0*rate(appcat_probes_seconds_count{service="VSHNOpenBao"}[2h])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNOpenBao", ha="false"}[2h])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + sloth_window: 2h + record: slo:sli_error:ratio_rate2h + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", ha="false", maintenance="false"}[6h]) or 0*rate(appcat_probes_seconds_count{service="VSHNOpenBao"}[6h])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNOpenBao", ha="false"}[6h])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + sloth_window: 6h + record: slo:sli_error:ratio_rate6h + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", ha="false", maintenance="false"}[1d]) or 0*rate(appcat_probes_seconds_count{service="VSHNOpenBao"}[1d])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNOpenBao", ha="false"}[1d])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + sloth_window: 1d + record: slo:sli_error:ratio_rate1d + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", ha="false", maintenance="false"}[3d]) or 0*rate(appcat_probes_seconds_count{service="VSHNOpenBao"}[3d])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNOpenBao", ha="false"}[3d])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + sloth_window: 3d + record: slo:sli_error:ratio_rate3d + - expr: | + sum_over_time(slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-openbao-uptime", sloth_service="appcat-vshn-openbao", sloth_slo="uptime"}[30d]) + / ignoring (sloth_window) + count_over_time(slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-openbao-uptime", sloth_service="appcat-vshn-openbao", sloth_slo="uptime"}[30d]) + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + sloth_window: 30d + record: slo:sli_error:ratio_rate30d + - name: sloth-slo-meta-recordings-appcat-vshn-openbao-uptime + rules: + - expr: vector(0.9990000000000001) + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + record: slo:objective:ratio + - expr: vector(1-0.9990000000000001) + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + record: slo:error_budget:ratio + - expr: vector(30) + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + record: slo:time_period:days + - expr: | + slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-openbao-uptime", sloth_service="appcat-vshn-openbao", sloth_slo="uptime"} + / on(sloth_id, sloth_slo, sloth_service) group_left + slo:error_budget:ratio{sloth_id="appcat-vshn-openbao-uptime", sloth_service="appcat-vshn-openbao", sloth_slo="uptime"} + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + record: slo:current_burn_rate:ratio + - expr: | + slo:sli_error:ratio_rate30d{sloth_id="appcat-vshn-openbao-uptime", sloth_service="appcat-vshn-openbao", sloth_slo="uptime"} + / on(sloth_id, sloth_slo, sloth_service) group_left + slo:error_budget:ratio{sloth_id="appcat-vshn-openbao-uptime", sloth_service="appcat-vshn-openbao", sloth_slo="uptime"} + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + record: slo:period_burn_rate:ratio + - expr: 1 - slo:period_burn_rate:ratio{sloth_id="appcat-vshn-openbao-uptime", + sloth_service="appcat-vshn-openbao", sloth_slo="uptime"} + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + record: slo:period_error_budget_remaining:ratio + - expr: vector(1) + labels: + sloth_id: appcat-vshn-openbao-uptime + sloth_mode: cli-gen-prom + sloth_objective: '99.9' + sloth_service: appcat-vshn-openbao + sloth_slo: uptime + sloth_spec: prometheus/v1 + sloth_version: v0.11.0 + record: sloth_slo_info + - name: sloth-slo-alerts-appcat-vshn-openbao-uptime + rules: + - alert: SLO_AppCat_VSHNOpenBaoUptime + annotations: + for: 6m + summary: Probes to OpenBao by VSHN instance fail + title: (page) {{$labels.sloth_service}} {{$labels.sloth_slo}} SLO error + budget burn rate is too fast. + expr: | + ( + max(slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-openbao-uptime", sloth_service="appcat-vshn-openbao", sloth_slo="uptime"} > (14.4 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate1h{sloth_id="appcat-vshn-openbao-uptime", sloth_service="appcat-vshn-openbao", sloth_slo="uptime"} > (14.4 * 0.0009999999999999432)) without (sloth_window) + ) + or + ( + max(slo:sli_error:ratio_rate30m{sloth_id="appcat-vshn-openbao-uptime", sloth_service="appcat-vshn-openbao", sloth_slo="uptime"} > (6 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate6h{sloth_id="appcat-vshn-openbao-uptime", sloth_service="appcat-vshn-openbao", sloth_slo="uptime"} > (6 * 0.0009999999999999432)) without (sloth_window) + ) + for: 6m + labels: + service: VSHNOpenBao + severity: critical + sloth_severity: page + - alert: SLO_AppCat_VSHNOpenBaoUptime + annotations: + runbook_url: https://hub.syn.tools/appcat/runbooks/vshn-openbao.html#uptime + summary: Probes to OpenBao by VSHN instance fail + title: (ticket) {{$labels.sloth_service}} {{$labels.sloth_slo}} SLO error + budget burn rate is too fast. + expr: | + ( + max(slo:sli_error:ratio_rate2h{sloth_id="appcat-vshn-openbao-uptime", sloth_service="appcat-vshn-openbao", sloth_slo="uptime"} > (3 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate1d{sloth_id="appcat-vshn-openbao-uptime", sloth_service="appcat-vshn-openbao", sloth_slo="uptime"} > (3 * 0.0009999999999999432)) without (sloth_window) + ) + or + ( + max(slo:sli_error:ratio_rate6h{sloth_id="appcat-vshn-openbao-uptime", sloth_service="appcat-vshn-openbao", sloth_slo="uptime"} > (1 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate3d{sloth_id="appcat-vshn-openbao-uptime", sloth_service="appcat-vshn-openbao", sloth_slo="uptime"} > (1 * 0.0009999999999999432)) without (sloth_window) + ) + labels: + service: VSHNOpenBao + severity: warning + sloth_severity: ticket diff --git a/tests/golden/dev/appcat/appcat/sli_exporter/80_slo_vshn_openbao_ha.yaml b/tests/golden/dev/appcat/appcat/sli_exporter/80_slo_vshn_openbao_ha.yaml new file mode 100644 index 0000000000..08dc38cf91 --- /dev/null +++ b/tests/golden/dev/appcat/appcat/sli_exporter/80_slo_vshn_openbao_ha.yaml @@ -0,0 +1,193 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + name: vshn-openbao-ha + name: vshn-openbao-ha + namespace: syn-appcat-slos +spec: + groups: + - name: sloth-slo-sli-recordings-appcat-vshn-openbao-ha-uptime + rules: + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", ha="true"}[5m]) or 0*rate(appcat_probes_seconds_count{service="VSHNOpenBao"}[5m])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNOpenBao", ha="true"}[5m])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + sloth_window: 5m + record: slo:sli_error:ratio_rate5m + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", ha="true"}[30m]) or 0*rate(appcat_probes_seconds_count{service="VSHNOpenBao"}[30m])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNOpenBao", ha="true"}[30m])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + sloth_window: 30m + record: slo:sli_error:ratio_rate30m + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", ha="true"}[1h]) or 0*rate(appcat_probes_seconds_count{service="VSHNOpenBao"}[1h])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNOpenBao", ha="true"}[1h])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + sloth_window: 1h + record: slo:sli_error:ratio_rate1h + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", ha="true"}[2h]) or 0*rate(appcat_probes_seconds_count{service="VSHNOpenBao"}[2h])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNOpenBao", ha="true"}[2h])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + sloth_window: 2h + record: slo:sli_error:ratio_rate2h + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", ha="true"}[6h]) or 0*rate(appcat_probes_seconds_count{service="VSHNOpenBao"}[6h])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNOpenBao", ha="true"}[6h])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + sloth_window: 6h + record: slo:sli_error:ratio_rate6h + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", ha="true"}[1d]) or 0*rate(appcat_probes_seconds_count{service="VSHNOpenBao"}[1d])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNOpenBao", ha="true"}[1d])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + sloth_window: 1d + record: slo:sli_error:ratio_rate1d + - expr: | + (sum(rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", ha="true"}[3d]) or 0*rate(appcat_probes_seconds_count{service="VSHNOpenBao"}[3d])) by (service, namespace, name, organization, sla)) + / + (sum(rate(appcat_probes_seconds_count{service="VSHNOpenBao", ha="true"}[3d])) by (service, namespace, name, organization, sla)) + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + sloth_window: 3d + record: slo:sli_error:ratio_rate3d + - expr: | + sum_over_time(slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-openbao-ha-uptime", sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"}[30d]) + / ignoring (sloth_window) + count_over_time(slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-openbao-ha-uptime", sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"}[30d]) + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + sloth_window: 30d + record: slo:sli_error:ratio_rate30d + - name: sloth-slo-meta-recordings-appcat-vshn-openbao-ha-uptime + rules: + - expr: vector(0.9990000000000001) + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + record: slo:objective:ratio + - expr: vector(1-0.9990000000000001) + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + record: slo:error_budget:ratio + - expr: vector(30) + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + record: slo:time_period:days + - expr: | + slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-openbao-ha-uptime", sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"} + / on(sloth_id, sloth_slo, sloth_service) group_left + slo:error_budget:ratio{sloth_id="appcat-vshn-openbao-ha-uptime", sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"} + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + record: slo:current_burn_rate:ratio + - expr: | + slo:sli_error:ratio_rate30d{sloth_id="appcat-vshn-openbao-ha-uptime", sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"} + / on(sloth_id, sloth_slo, sloth_service) group_left + slo:error_budget:ratio{sloth_id="appcat-vshn-openbao-ha-uptime", sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"} + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + record: slo:period_burn_rate:ratio + - expr: 1 - slo:period_burn_rate:ratio{sloth_id="appcat-vshn-openbao-ha-uptime", + sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"} + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + record: slo:period_error_budget_remaining:ratio + - expr: vector(1) + labels: + sloth_id: appcat-vshn-openbao-ha-uptime + sloth_mode: cli-gen-prom + sloth_objective: '99.9' + sloth_service: appcat-vshn-openbao-ha + sloth_slo: uptime + sloth_spec: prometheus/v1 + sloth_version: v0.11.0 + record: sloth_slo_info + - name: sloth-slo-alerts-appcat-vshn-openbao-ha-uptime + rules: + - alert: SLO_AppCat_HAVSHNOpenBaoUptime + annotations: + for: 6m + summary: Probes to HA OpenBao by VSHN instance fail + title: (page) {{$labels.sloth_service}} {{$labels.sloth_slo}} SLO error + budget burn rate is too fast. + expr: | + ( + max(slo:sli_error:ratio_rate5m{sloth_id="appcat-vshn-openbao-ha-uptime", sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"} > (14.4 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate1h{sloth_id="appcat-vshn-openbao-ha-uptime", sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"} > (14.4 * 0.0009999999999999432)) without (sloth_window) + ) + or + ( + max(slo:sli_error:ratio_rate30m{sloth_id="appcat-vshn-openbao-ha-uptime", sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"} > (6 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate6h{sloth_id="appcat-vshn-openbao-ha-uptime", sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"} > (6 * 0.0009999999999999432)) without (sloth_window) + ) + for: 6m + labels: + service: VSHNOpenBao + severity: critical + sloth_severity: page + - alert: SLO_AppCat_HAVSHNOpenBaoUptime + annotations: + runbook_url: https://hub.syn.tools/appcat/runbooks/vshn-openbao.html#uptime + summary: Probes to HA OpenBao by VSHN instance fail + title: (ticket) {{$labels.sloth_service}} {{$labels.sloth_slo}} SLO error + budget burn rate is too fast. + expr: | + ( + max(slo:sli_error:ratio_rate2h{sloth_id="appcat-vshn-openbao-ha-uptime", sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"} > (3 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate1d{sloth_id="appcat-vshn-openbao-ha-uptime", sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"} > (3 * 0.0009999999999999432)) without (sloth_window) + ) + or + ( + max(slo:sli_error:ratio_rate6h{sloth_id="appcat-vshn-openbao-ha-uptime", sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"} > (1 * 0.0009999999999999432)) without (sloth_window) + and + max(slo:sli_error:ratio_rate3d{sloth_id="appcat-vshn-openbao-ha-uptime", sloth_service="appcat-vshn-openbao-ha", sloth_slo="uptime"} > (1 * 0.0009999999999999432)) without (sloth_window) + ) + labels: + service: VSHNOpenBao + severity: warning + sloth_severity: ticket diff --git a/tests/golden/dev/appcat/appcat/sli_exporter/90_VSHNOpenBao_Opsgenie.yaml b/tests/golden/dev/appcat/appcat/sli_exporter/90_VSHNOpenBao_Opsgenie.yaml new file mode 100644 index 0000000000..fc082d303d --- /dev/null +++ b/tests/golden/dev/appcat/appcat/sli_exporter/90_VSHNOpenBao_Opsgenie.yaml @@ -0,0 +1,47 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: + syn: 'true' + syn_component: appcat + syn_team: schedar + name: vshn-vshnopenbao-sla + namespace: syn-appcat-slos +spec: + groups: + - name: appcat-vshnopenbao-sla-target + rules: + - alert: VSHNOpenBaoSla + annotations: + summary: '{{$labels.service}} {{$labels.name}} down in {{$labels.instance_namespace}}' + title: '{{$labels.service}} {{$labels.name}} down in {{$labels.instance_namespace}}' + expr: rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", + ha="false", maintenance="false"}[5m]) > 0.4 + labels: + OnCall: '{{ if eq $labels.sla "guaranteed" }}true{{ else }}false{{ end + }}' + runbook: https://kb.vshn.ch/app-catalog/how-tos/appcat/GuaranteedUptimeTarget.html + service: VSHNOpenBao + severity: critical + syn: 'true' + syn_component: appcat + syn_team: schedar + - alert: VSHNOpenBaoSlaHA + annotations: + summary: '{{$labels.service}} {{$labels.name}} down in {{$labels.instance_namespace}}' + title: '{{$labels.service}} {{$labels.name}} down in {{$labels.instance_namespace}}' + expr: rate(appcat_probes_seconds_count{reason!="success", service="VSHNOpenBao", + ha="true"}[5m]) > 0.4 + labels: + OnCall: '{{ if eq $labels.sla "guaranteed" }}true{{ else }}false{{ end + }}' + runbook: https://kb.vshn.ch/app-catalog/how-tos/appcat/GuaranteedUptimeTarget.html + service: VSHNOpenBao + severity: critical + syn: 'true' + syn_component: appcat + syn_team: schedar + - expr: vector(99.25) + labels: + service: VSHNOpenBao + record: sla:objective:ratio diff --git a/tests/golden/dev/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/dev/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 12a0156f1f..ac3df187bb 100644 --- a/tests/golden/dev/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/dev/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -25,7 +25,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 env: [] - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: Always livenessProbe: httpGet: diff --git a/tests/golden/exodev/appcat/appcat/10_function_appcat.yaml b/tests/golden/exodev/appcat/appcat/10_function_appcat.yaml index ad8412e558..f0e400acc8 100644 --- a/tests/golden/exodev/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/exodev/appcat/appcat/10_function_appcat.yaml @@ -4,9 +4,9 @@ metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: '-40' - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc spec: - package: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164-func + package: ghcr.io/vshn/appcat:feat_openbao_poc-func packagePullPolicy: IfNotPresent runtimeConfigRef: name: function-appcat diff --git a/tests/golden/exodev/appcat/appcat/21_composition_objectstorage_exoscale.yaml b/tests/golden/exodev/appcat/appcat/21_composition_objectstorage_exoscale.yaml index 129fdf4f04..4dd4037e83 100644 --- a/tests/golden/exodev/appcat/appcat/21_composition_objectstorage_exoscale.yaml +++ b/tests/golden/exodev/appcat/appcat/21_composition_objectstorage_exoscale.yaml @@ -22,7 +22,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: diff --git a/tests/golden/exodev/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/exodev/appcat/appcat/apiserver/30_deployment.yaml index 344885df2c..ece0428183 100644 --- a/tests/golden/exodev/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/exodev/appcat/appcat/apiserver/30_deployment.yaml @@ -31,7 +31,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/golden/exodev/appcat/appcat/controllers/appcat/30_deployment.yaml b/tests/golden/exodev/appcat/appcat/controllers/appcat/30_deployment.yaml index a09e02cad2..12fa5d6c8d 100644 --- a/tests/golden/exodev/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/tests/golden/exodev/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -28,7 +28,7 @@ spec: env: - name: PLANS_NAMESPACE value: syn-appcat - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/exodev/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml b/tests/golden/exodev/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml index 5213d1d98b..beba166baa 100644 --- a/tests/golden/exodev/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml +++ b/tests/golden/exodev/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: template: metadata: annotations: - function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + function-revision: feat/openbao_poc labels: app: crossplane app.kubernetes.io/component: cloud-infrastructure-controller diff --git a/tests/golden/exodev/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml b/tests/golden/exodev/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml index 7c768e9cff..029ec13634 100644 --- a/tests/golden/exodev/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml +++ b/tests/golden/exodev/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml @@ -26,7 +26,7 @@ spec: template: metadata: annotations: - function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + function-revision: feat/openbao_poc labels: app: crossplane-rbac-manager app.kubernetes.io/component: cloud-infrastructure-controller diff --git a/tests/golden/exodev/appcat/appcat/sla_reporter/01_cronjob.yaml b/tests/golden/exodev/appcat/appcat/sla_reporter/01_cronjob.yaml index 20122a9792..f312afebea 100644 --- a/tests/golden/exodev/appcat/appcat/sla_reporter/01_cronjob.yaml +++ b/tests/golden/exodev/appcat/appcat/sla_reporter/01_cronjob.yaml @@ -30,7 +30,7 @@ spec: envFrom: - secretRef: name: appcat-sla-reports-creds - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc name: sla-reporter resources: limits: diff --git a/tests/golden/service-cluster/appcat/appcat/controllers/appcat/30_deployment.yaml b/tests/golden/service-cluster/appcat/appcat/controllers/appcat/30_deployment.yaml index 3d1e9ef1b9..51b3d99b56 100644 --- a/tests/golden/service-cluster/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/tests/golden/service-cluster/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -33,7 +33,7 @@ spec: value: syn-appcat - name: CONTROL_PLANE_KUBECONFIG value: /config/config - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/service-cluster/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/service-cluster/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 18a6be2f44..dd359b5aa2 100644 --- a/tests/golden/service-cluster/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/service-cluster/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -27,7 +27,7 @@ spec: env: - name: KUBECONFIG value: /.kube/config - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/vshn-cloud/appcat/appcat/10_function_appcat.yaml b/tests/golden/vshn-cloud/appcat/appcat/10_function_appcat.yaml index ad8412e558..f0e400acc8 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/10_function_appcat.yaml @@ -4,9 +4,9 @@ metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: '-40' - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc spec: - package: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164-func + package: ghcr.io/vshn/appcat:feat_openbao_poc-func packagePullPolicy: IfNotPresent runtimeConfigRef: name: function-appcat diff --git a/tests/golden/vshn-cloud/appcat/appcat/21_composition_objectstorage_cloudscale.yaml b/tests/golden/vshn-cloud/appcat/appcat/21_composition_objectstorage_cloudscale.yaml index b1df981c94..79cb7c8814 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/21_composition_objectstorage_cloudscale.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/21_composition_objectstorage_cloudscale.yaml @@ -21,7 +21,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: diff --git a/tests/golden/vshn-cloud/appcat/appcat/21_composition_objectstorage_exoscale.yaml b/tests/golden/vshn-cloud/appcat/appcat/21_composition_objectstorage_exoscale.yaml index 129fdf4f04..4dd4037e83 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/21_composition_objectstorage_exoscale.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/21_composition_objectstorage_exoscale.yaml @@ -22,7 +22,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: diff --git a/tests/golden/vshn-cloud/appcat/appcat/21_composition_objectstorage_minio.yaml b/tests/golden/vshn-cloud/appcat/appcat/21_composition_objectstorage_minio.yaml index a13049f82c..198ef064e4 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/21_composition_objectstorage_minio.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/21_composition_objectstorage_minio.yaml @@ -21,7 +21,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: diff --git a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_codey.yaml b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_codey.yaml index 5f7271d663..09fd421b93 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_codey.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_codey.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-codey name: codey.io name: codey.io diff --git a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_forgejo.yaml b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_forgejo.yaml index db9f0dc6ea..f5907d8b3e 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_forgejo.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_forgejo.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-forgejo name: vshnforgejo.vshn.appcat.vshn.io name: vshnforgejo.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -47,7 +47,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud ignoreNamespaceForBilling: vshn-test imageRegistry: code.forgejo.org - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc ingress_annotations: | cert-manager.io/cluster-issuer: letsencrypt-production isOpenshift: 'true' diff --git a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_keycloak.yaml b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_keycloak.yaml index c4e8f81273..aa01bb027a 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_keycloak.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_keycloak.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-keycloak name: vshnkeycloak.vshn.appcat.vshn.io name: vshnkeycloak.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -48,7 +48,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud ignoreNamespaceForBilling: vshn-test imageRegistry: docker-registry.inventage.com:10121/keycloak-competence-center/keycloak-managed - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc ingress_annotations: | nginx.ingress.kubernetes.io/backend-protocol: HTTPS cert-manager.io/cluster-issuer: letsencrypt-staging diff --git a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_mariadb.yaml b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_mariadb.yaml index b6696f83cd..83637f001d 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_mariadb.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_mariadb.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-mariadb name: vshnmariadb.vshn.appcat.vshn.io name: vshnmariadb.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -47,7 +47,7 @@ spec: ignoreNamespaceForBilling: vshn-test imageRegistry: dockerhub.vshn.net imageRepositoryPrefix: bitnamilegacy - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc isOpenshift: 'true' maintenanceSA: helm-based-service-maintenance maintenanceURL: https://hub.docker.com/v2/repositories/bitnamilegacy/mariadb-galera/tags/?page_size=100 diff --git a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_minio.yaml b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_minio.yaml index 5d658908c5..3e7ef5971b 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_minio.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_minio.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'false' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-minio name: vshnminio.vshn.appcat.vshn.io name: vshnminio.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -46,7 +46,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud ignoreNamespaceForBilling: vshn-test imageRegistry: dockerhub.vshn.net/ - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc isOpenshift: 'true' maintenanceSA: helm-based-service-maintenance maintenanceURL: https://hub.docker.com/v2/repositories/minio/minio/tags/?page_size=100 diff --git a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_nextcloud.yaml b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_nextcloud.yaml index 9862817c95..d2be557e77 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_nextcloud.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_nextcloud.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-nextcloud name: vshnnextcloud.vshn.appcat.vshn.io name: vshnnextcloud.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -54,7 +54,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud ignoreNamespaceForBilling: vshn-test imageRegistry: dockerhub.vshn.net - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc ingress_annotations: | cert-manager.io/cluster-issuer: letsencrypt-staging isOpenshift: 'true' diff --git a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_postgres.yaml b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_postgres.yaml index 9827830100..fe67833cc3 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_postgres.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_postgres.yaml @@ -15,7 +15,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-postgresql name: vshnpostgres.vshn.appcat.vshn.io name: vshnpostgres.vshn.appcat.vshn.io @@ -26,7 +26,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -50,7 +50,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud externalDatabaseConnectionsEnabled: 'true' ignoreNamespaceForBilling: vshn-test - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc initContainers: '{"clusterReconciliationCycle": {"limits": {"cpu": "300m", "memory": "200Mi"}, "requests": {"cpu": "100m", "memory": "100Mi"}}, "pgbouncerAuthFile": {"limits": {"cpu": "300m", "memory": "500Mi"}, "requests": {"cpu": "100m", diff --git a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_postgrescnpg.yaml b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_postgrescnpg.yaml index 9b7a1f8bf9..3b46ec7976 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_postgrescnpg.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_postgrescnpg.yaml @@ -15,7 +15,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-postgresql name: vshnpostgrescnpg.vshn.appcat.vshn.io name: vshnpostgrescnpg.vshn.appcat.vshn.io @@ -26,7 +26,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -50,7 +50,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud externalDatabaseConnectionsEnabled: 'true' ignoreNamespaceForBilling: vshn-test - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc isOpenshift: 'true' kubectl_image: docker.io/bitnamilegacy/kubectl:1.25.15 loadbalancerAnnotations: | diff --git a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_redis.yaml b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_redis.yaml index 7973688a7b..4f7c5a834f 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_redis.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/21_composition_vshn_redis.yaml @@ -17,7 +17,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-redis name: vshnredis.vshn.appcat.vshn.io name: vshnredis.vshn.appcat.vshn.io @@ -28,7 +28,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -51,7 +51,7 @@ spec: ignoreNamespaceForBilling: vshn-test imageRegistry: dockerhub.vshn.net imageRepositoryPrefix: vshn - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc isOpenshift: 'true' kubectl_image: docker.io/bitnamilegacy/kubectl:1.25.15 maintenanceSA: helm-based-service-maintenance diff --git a/tests/golden/vshn-cloud/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/vshn-cloud/appcat/appcat/apiserver/30_deployment.yaml index ccdb9bb9c8..463c659c9c 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/apiserver/30_deployment.yaml @@ -31,7 +31,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/golden/vshn-cloud/appcat/appcat/controllers/appcat/30_deployment.yaml b/tests/golden/vshn-cloud/appcat/appcat/controllers/appcat/30_deployment.yaml index 0639d38633..0f6e034cb2 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -28,7 +28,7 @@ spec: env: - name: PLANS_NAMESPACE value: syn-appcat - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/vshn-cloud/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml b/tests/golden/vshn-cloud/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml index 94ab13294c..2e3482f314 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: template: metadata: annotations: - function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + function-revision: feat/openbao_poc labels: app: crossplane app.kubernetes.io/component: cloud-infrastructure-controller diff --git a/tests/golden/vshn-cloud/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml b/tests/golden/vshn-cloud/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml index f0fd6bcdce..0c4c190c4a 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml @@ -26,7 +26,7 @@ spec: template: metadata: annotations: - function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + function-revision: feat/openbao_poc labels: app: crossplane-rbac-manager app.kubernetes.io/component: cloud-infrastructure-controller diff --git a/tests/golden/vshn-cloud/appcat/appcat/sla_reporter/01_cronjob.yaml b/tests/golden/vshn-cloud/appcat/appcat/sla_reporter/01_cronjob.yaml index 20122a9792..f312afebea 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/sla_reporter/01_cronjob.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/sla_reporter/01_cronjob.yaml @@ -30,7 +30,7 @@ spec: envFrom: - secretRef: name: appcat-sla-reports-creds - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc name: sla-reporter resources: limits: diff --git a/tests/golden/vshn-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/vshn-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index ad3a652664..fe1c8f0f82 100644 --- a/tests/golden/vshn-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/vshn-cloud/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -25,7 +25,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 env: [] - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/vshn-managed/appcat/appcat/10_function_appcat.yaml b/tests/golden/vshn-managed/appcat/appcat/10_function_appcat.yaml index ad8412e558..f0e400acc8 100644 --- a/tests/golden/vshn-managed/appcat/appcat/10_function_appcat.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/10_function_appcat.yaml @@ -4,9 +4,9 @@ metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: '-40' - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc spec: - package: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164-func + package: ghcr.io/vshn/appcat:feat_openbao_poc-func packagePullPolicy: IfNotPresent runtimeConfigRef: name: function-appcat diff --git a/tests/golden/vshn-managed/appcat/appcat/21_composition_objectstorage_cloudscale.yaml b/tests/golden/vshn-managed/appcat/appcat/21_composition_objectstorage_cloudscale.yaml index b1df981c94..79cb7c8814 100644 --- a/tests/golden/vshn-managed/appcat/appcat/21_composition_objectstorage_cloudscale.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/21_composition_objectstorage_cloudscale.yaml @@ -21,7 +21,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: diff --git a/tests/golden/vshn-managed/appcat/appcat/21_composition_objectstorage_exoscale.yaml b/tests/golden/vshn-managed/appcat/appcat/21_composition_objectstorage_exoscale.yaml index 129fdf4f04..4dd4037e83 100644 --- a/tests/golden/vshn-managed/appcat/appcat/21_composition_objectstorage_exoscale.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/21_composition_objectstorage_exoscale.yaml @@ -22,7 +22,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: diff --git a/tests/golden/vshn-managed/appcat/appcat/21_composition_objectstorage_minio.yaml b/tests/golden/vshn-managed/appcat/appcat/21_composition_objectstorage_minio.yaml index a13049f82c..198ef064e4 100644 --- a/tests/golden/vshn-managed/appcat/appcat/21_composition_objectstorage_minio.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/21_composition_objectstorage_minio.yaml @@ -21,7 +21,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: diff --git a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_codey.yaml b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_codey.yaml index 5f7271d663..09fd421b93 100644 --- a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_codey.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_codey.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-codey name: codey.io name: codey.io diff --git a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_forgejo.yaml b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_forgejo.yaml index 5b3a9512dd..965de9ae96 100644 --- a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_forgejo.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_forgejo.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-forgejo name: vshnforgejo.vshn.appcat.vshn.io name: vshnforgejo.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -47,7 +47,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud ignoreNamespaceForBilling: vshn-test imageRegistry: code.forgejo.org - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc ingress_annotations: | cert-manager.io/cluster-issuer: letsencrypt-production isOpenshift: 'true' diff --git a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_keycloak.yaml b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_keycloak.yaml index a9bcd793d0..5c0065cb82 100644 --- a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_keycloak.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_keycloak.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-keycloak name: vshnkeycloak.vshn.appcat.vshn.io name: vshnkeycloak.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -48,7 +48,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud ignoreNamespaceForBilling: vshn-test imageRegistry: docker-registry.inventage.com:10121/keycloak-competence-center/keycloak-managed - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc ingress_annotations: | nginx.ingress.kubernetes.io/backend-protocol: HTTPS cert-manager.io/cluster-issuer: letsencrypt-staging diff --git a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_mariadb.yaml b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_mariadb.yaml index a654795eb4..884eb11690 100644 --- a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_mariadb.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_mariadb.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-mariadb name: vshnmariadb.vshn.appcat.vshn.io name: vshnmariadb.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -47,7 +47,7 @@ spec: ignoreNamespaceForBilling: vshn-test imageRegistry: docker.io imageRepositoryPrefix: bitnamilegacy - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc isOpenshift: 'true' maintenanceSA: helm-based-service-maintenance maintenanceURL: https://hub.docker.com/v2/repositories/bitnamilegacy/mariadb-galera/tags/?page_size=100 diff --git a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_minio.yaml b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_minio.yaml index f61489f199..70c6a1b547 100644 --- a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_minio.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_minio.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'false' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-minio name: vshnminio.vshn.appcat.vshn.io name: vshnminio.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -46,7 +46,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud ignoreNamespaceForBilling: vshn-test imageRegistry: '' - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc isOpenshift: 'true' maintenanceSA: helm-based-service-maintenance maintenanceURL: https://hub.docker.com/v2/repositories/minio/minio/tags/?page_size=100 diff --git a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_nextcloud.yaml b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_nextcloud.yaml index 9d16533955..2dcff33ca7 100644 --- a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_nextcloud.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_nextcloud.yaml @@ -13,7 +13,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-nextcloud name: vshnnextcloud.vshn.appcat.vshn.io name: vshnnextcloud.vshn.appcat.vshn.io @@ -24,7 +24,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -54,7 +54,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud ignoreNamespaceForBilling: vshn-test imageRegistry: docker.io - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc ingress_annotations: | cert-manager.io/cluster-issuer: letsencrypt-staging isOpenshift: 'true' diff --git a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_postgres.yaml b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_postgres.yaml index 93afd4c110..409d604600 100644 --- a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_postgres.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_postgres.yaml @@ -15,7 +15,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-postgresql name: vshnpostgres.vshn.appcat.vshn.io name: vshnpostgres.vshn.appcat.vshn.io @@ -26,7 +26,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -50,7 +50,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud externalDatabaseConnectionsEnabled: 'true' ignoreNamespaceForBilling: vshn-test - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc initContainers: '{"clusterReconciliationCycle": {"limits": {"cpu": "300m", "memory": "200Mi"}, "requests": {"cpu": "100m", "memory": "100Mi"}}, "pgbouncerAuthFile": {"limits": {"cpu": "300m", "memory": "500Mi"}, "requests": {"cpu": "100m", diff --git a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_postgrescnpg.yaml b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_postgrescnpg.yaml index 054c3cefa2..a397f0a131 100644 --- a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_postgrescnpg.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_postgrescnpg.yaml @@ -15,7 +15,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-postgresql name: vshnpostgrescnpg.vshn.appcat.vshn.io name: vshnpostgrescnpg.vshn.appcat.vshn.io @@ -26,7 +26,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -50,7 +50,7 @@ spec: emailAlertingSmtpUsername: appcat@appuio.cloud externalDatabaseConnectionsEnabled: 'true' ignoreNamespaceForBilling: vshn-test - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc isOpenshift: 'true' kubectl_image: docker.io/bitnamilegacy/kubectl:1.25.15 loadbalancerAnnotations: | diff --git a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_redis.yaml b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_redis.yaml index d3057b3b90..b1d200b481 100644 --- a/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_redis.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/21_composition_vshn_redis.yaml @@ -17,7 +17,7 @@ metadata: metadata.appcat.vshn.io/zone: rma1 labels: metadata.appcat.vshn.io/offered: 'true' - metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + metadata.appcat.vshn.io/revision: master-feat_openbao_poc metadata.appcat.vshn.io/serviceID: vshn-redis name: vshnredis.vshn.appcat.vshn.io name: vshnredis.vshn.appcat.vshn.io @@ -28,7 +28,7 @@ spec: mode: Pipeline pipeline: - functionRef: - name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + name: function-appcat-master-feat-openbao-poc input: apiVersion: v1 data: @@ -51,7 +51,7 @@ spec: ignoreNamespaceForBilling: vshn-test imageRegistry: ghcr.io imageRepositoryPrefix: vshn - imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + imageTag: feat_openbao_poc isOpenshift: 'true' kubectl_image: docker.io/bitnamilegacy/kubectl:1.25.15 maintenanceSA: helm-based-service-maintenance diff --git a/tests/golden/vshn-managed/appcat/appcat/apiserver/30_deployment.yaml b/tests/golden/vshn-managed/appcat/appcat/apiserver/30_deployment.yaml index ccdb9bb9c8..463c659c9c 100644 --- a/tests/golden/vshn-managed/appcat/appcat/apiserver/30_deployment.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/apiserver/30_deployment.yaml @@ -31,7 +31,7 @@ spec: - --secure-port=9443 - --tls-cert-file=/apiserver.local.config/certificates/tls.crt - --tls-private-key-file=/apiserver.local.config/certificates/tls.key - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/golden/vshn-managed/appcat/appcat/controllers/appcat/30_deployment.yaml b/tests/golden/vshn-managed/appcat/appcat/controllers/appcat/30_deployment.yaml index 0639d38633..0f6e034cb2 100644 --- a/tests/golden/vshn-managed/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -28,7 +28,7 @@ spec: env: - name: PLANS_NAMESPACE value: syn-appcat - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/tests/golden/vshn-managed/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml b/tests/golden/vshn-managed/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml index 94ab13294c..2e3482f314 100644 --- a/tests/golden/vshn-managed/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: template: metadata: annotations: - function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + function-revision: feat/openbao_poc labels: app: crossplane app.kubernetes.io/component: cloud-infrastructure-controller diff --git a/tests/golden/vshn-managed/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml b/tests/golden/vshn-managed/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml index f0fd6bcdce..0c4c190c4a 100644 --- a/tests/golden/vshn-managed/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml @@ -26,7 +26,7 @@ spec: template: metadata: annotations: - function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + function-revision: feat/openbao_poc labels: app: crossplane-rbac-manager app.kubernetes.io/component: cloud-infrastructure-controller diff --git a/tests/golden/vshn-managed/appcat/appcat/sla_reporter/01_cronjob.yaml b/tests/golden/vshn-managed/appcat/appcat/sla_reporter/01_cronjob.yaml index 20122a9792..f312afebea 100644 --- a/tests/golden/vshn-managed/appcat/appcat/sla_reporter/01_cronjob.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/sla_reporter/01_cronjob.yaml @@ -30,7 +30,7 @@ spec: envFrom: - secretRef: name: appcat-sla-reports-creds - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc name: sla-reporter resources: limits: diff --git a/tests/golden/vshn-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/tests/golden/vshn-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index ad3a652664..fe1c8f0f82 100644 --- a/tests/golden/vshn-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/tests/golden/vshn-managed/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -25,7 +25,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 env: [] - image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164 + image: ghcr.io/vshn/appcat:feat_openbao_poc imagePullPolicy: IfNotPresent livenessProbe: httpGet: