diff --git a/DEPENDENCY_CONSTRAINTS.md b/DEPENDENCY_CONSTRAINTS.md
index 6acb7124a..776587398 100644
--- a/DEPENDENCY_CONSTRAINTS.md
+++ b/DEPENDENCY_CONSTRAINTS.md
@@ -1,18 +1,18 @@
# Dependency Constraints
-This document describes the constraints and pinned dependencies in this project.
+This document describes how we manage dependencies for this project.
-## Pinned Dependencies
+## Forked OpenShift API (`github.com/openshift/api`)
-### OpenShift API (`github.com/openshift/api`)
+This project depends on 2 versions of `github.com/openshift/api`:
+* The [canonical version](https://github.com/openshift/api).
+* A [forked version](https://github.com/rhobs/openshift-api).
-**Current Version:** `v0.0.0-20240404200104-96ed2d49b255`
-
-**Why Pinned:** The observability-operator needs to support both OpenShift console API `v1` and `v1alpha1` for backward compatibility:
-- OpenShift >= 4.17 uses `console/v1` API
+**Why Forked:** The observability-operator needs to support both OpenShift console API `v1` and `v1alpha1` for backward compatibility:
+- OpenShift >= 4.17 uses `console/v1` API
- OpenShift < 4.17 uses `console/v1alpha1` API
-Newer versions of `github.com/openshift/api` (after April 2024) have removed the `console/v1alpha1` API, breaking compatibility with older OpenShift versions.
+Newer versions of `github.com/openshift/api` (after April 2024) have removed the `console/v1alpha1` API, breaking compatibility with older OpenShift versions. To continue supporting older versions, we forked the library under (https://github.com/rhobs/openshift-api) using the last commit including the `v1alpha1` API and renaming the Go module in `go.mod` to `github.com/rhobs/openshift-api`.
**Impact:** The codebase maintains dual API support with runtime version detection to create the appropriate Console Plugin resources.
@@ -23,37 +23,14 @@ Newer versions of `github.com/openshift/api` (after April 2024) have removed the
- `pkg/operator/scheme.go` - API scheme registration
- All uiplugin package files using `osv1alpha1` imports
-## Safe to Update Dependencies
-
-The following dependencies can be safely updated:
-- Kubernetes API packages (`k8s.io/*`)
-- Controller Runtime (`sigs.k8s.io/controller-runtime`)
-- Prometheus packages (`github.com/prometheus/*`)
-- RHOBS Prometheus Operator (`github.com/rhobs/obo-prometheus-operator`)
-- Go standard library extensions (`golang.org/x/*`)
-- Utility libraries (`github.com/go-logr/logr`, `github.com/google/go-cmp`, etc.)
-
## Updating Dependencies
-To update dependencies safely:
-
-1. **Individual updates:** Update specific packages excluding openshift/api:
- ```bash
- go get -u k8s.io/api k8s.io/apimachinery k8s.io/client-go
- go get -u sigs.k8s.io/controller-runtime
- go get -u github.com/rhobs/obo-prometheus-operator@v0.83.0-rhobs1
- ```
-
-2. **Avoid bulk updates:** Don't use `go get -u ./...` as it will try to update openshift/api
-
-3. **Always test:** Run `make test-unit` and `make build` after each update
-
-4. **Fix go.sum:** Run `go mod tidy` after updates to fix missing entries
+Dependabot takes care of dependency updates, the configuration is located at `.github/dependabot.yml`.
## Future Considerations
-When OpenShift < 4.17 support is no longer needed:
-1. Remove `console/v1alpha1` API usage
-2. Unpin `github.com/openshift/api`
-3. Remove dual API support code
-4. Update this document
\ No newline at end of file
+When OpenShift < 4.17 support is no longer needed, we can:
+1. Remove `console/v1alpha1` API usage.
+2. Remove dual API support code.
+3. Remove dependency on `github.com/rhobs/openshift-api`
+4. Update this document
diff --git a/Makefile b/Makefile
index 50d60893c..97d89d65c 100644
--- a/Makefile
+++ b/Makefile
@@ -20,6 +20,9 @@ CATALOG_TEMP := $(shell mktemp -d)
## Development
+.PHONY: all
+all: lint test-unit operator-image bundle-image
+
.PHONY: test-unit
test-unit:
go test -cover ./cmd/... ./pkg/...
diff --git a/bundle/manifests/monitoring.rhobs_alertmanagerconfigs.yaml b/bundle/manifests/monitoring.rhobs_alertmanagerconfigs.yaml
index 6523bd099..1660efdd3 100644
--- a/bundle/manifests/monitoring.rhobs_alertmanagerconfigs.yaml
+++ b/bundle/manifests/monitoring.rhobs_alertmanagerconfigs.yaml
@@ -4,7 +4,7 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
observability.openshift.io/api-support: TechPreview
- operator.prometheus.io/version: 0.89.0-rhobs1
+ operator.prometheus.io/version: 0.90.1-rhobs1
creationTimestamp: null
labels:
app.kubernetes.io/part-of: observability-operator
@@ -1085,6 +1085,14 @@ spec:
This is used for SMTP AUTH when the server requires authentication.
minLength: 1
type: string
+ forceImplicitTLS:
+ description: |-
+ forceImplicitTLS defines whether to force use of implicit TLS (direct TLS connection) for better security.
+ true: force use of implicit TLS (direct TLS connection on any port)
+ false: force disable implicit TLS (use explicit TLS/STARTTLS if required)
+ nil (default): auto-detect based on port (465=implicit, other=explicit) for backward compatibility
+ It requires Alertmanager >= v0.31.0.
+ type: boolean
from:
description: |-
from defines the sender address for email notifications.
@@ -7292,6 +7300,13 @@ spec:
linkNames enables automatic linking of channel names and usernames in the message.
When true, @channel and @username will be converted to clickable links.
type: boolean
+ messageText:
+ description: |-
+ messageText defines text content of the Slack message.
+ If set, this is sent as the top-level 'text' field in the Slack payload.
+ It requires Alertmanager >= v0.31.0.
+ minLength: 1
+ type: string
mrkdwnIn:
description: |-
mrkdwnIn defines which fields should be parsed as Slack markdown.
diff --git a/bundle/manifests/monitoring.rhobs_alertmanagers.yaml b/bundle/manifests/monitoring.rhobs_alertmanagers.yaml
index aca3c07be..c2b45ff70 100644
--- a/bundle/manifests/monitoring.rhobs_alertmanagers.yaml
+++ b/bundle/manifests/monitoring.rhobs_alertmanagers.yaml
@@ -4,7 +4,7 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
observability.openshift.io/api-support: Experimental-SSA
- operator.prometheus.io/version: 0.89.0-rhobs1
+ operator.prometheus.io/version: 0.90.1-rhobs1
creationTimestamp: null
labels:
app.kubernetes.io/part-of: observability-operator
@@ -2073,6 +2073,14 @@ spec:
LOGIN and PLAIN. If empty, Alertmanager doesn't authenticate
to the SMTP server.
type: string
+ forceImplicitTLS:
+ description: |-
+ forceImplicitTLS defines whether to force use of implicit TLS (direct TLS connection) for better security.
+ true: force use of implicit TLS (direct TLS connection on any port)
+ false: force disable implicit TLS (use explicit TLS/STARTTLS if required)
+ nil (default): auto-detect based on port (465=implicit, other=explicit) for backward compatibility
+ It requires Alertmanager >= v0.31.0.
+ type: boolean
from:
description: from defines the default SMTP From header
field.
@@ -2890,14 +2898,20 @@ spec:
type: string
containers:
description: |-
- containers allows injecting additional containers. This is meant to
- allow adding an authentication proxy to an Alertmanager pod.
- Containers described here modify an operator generated container if they
- share the same name and modifications are done via a strategic merge
- patch. The current container names are: `alertmanager` and
- `config-reloader`. Overriding containers is entirely outside the scope
- of what the maintainers will support and by doing so, you accept that
- this behaviour may break at any time without notice.
+ containers allows injecting additional containers or modifying operator
+ generated containers. This can be used to allow adding an authentication
+ proxy to the Pods or to change the behavior of an operator generated
+ container. Containers described here modify an operator generated
+ container if they share the same name and modifications are done via a
+ strategic merge patch.
+
+ The names of containers managed by the operator are:
+ * `alertmanager`
+ * `config-reloader`
+ * `thanos-sidecar`
+
+ Overriding containers which are managed by the operator require careful
+ testing, especially when upgrading to a new version of the operator.
items:
description: A single application container that you want to run
within a pod.
@@ -3765,7 +3779,9 @@ spec:
type: integer
type: object
resizePolicy:
- description: Resources resize policy for the container.
+ description: |-
+ Resources resize policy for the container.
+ This field cannot be set on ephemeral containers.
items:
description: ContainerResizePolicy represents resource resize
policy for the container.
@@ -4581,15 +4597,21 @@ spec:
type: array
initContainers:
description: |-
- initContainers allows adding initContainers to the pod definition. Those can be used to e.g.
- fetch secrets for injection into the Alertmanager configuration from external sources. Any
- errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
- InitContainers described here modify an operator
- generated init containers if they share the same name and modifications are
- done via a strategic merge patch. The current init container name is:
- `init-config-reloader`. Overriding init containers is entirely outside the
- scope of what the maintainers will support and by doing so, you accept that
- this behaviour may break at any time without notice.
+ initContainers allows injecting initContainers to the Pod definition. Those
+ can be used to e.g. fetch secrets for injection into the Prometheus
+ configuration from external sources. Any errors during the execution of
+ an initContainer will lead to a restart of the Pod. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ InitContainers described here modify an operator generated init
+ containers if they share the same name and modifications are done via a
+ strategic merge patch.
+
+ The names of init container name managed by the operator are:
+ * `init-config-reloader`.
+
+ Overriding init containers which are managed by the operator require
+ careful testing, especially when upgrading to a new version of the
+ operator.
items:
description: A single application container that you want to run
within a pod.
@@ -5457,7 +5479,9 @@ spec:
type: integer
type: object
resizePolicy:
- description: Resources resize policy for the container.
+ description: |-
+ Resources resize policy for the container.
+ This field cannot be set on ephemeral containers.
items:
description: ContainerResizePolicy represents resource resize
policy for the container.
@@ -6347,6 +6371,11 @@ spec:
and the actual ExternalURL is still true, but the server serves requests
under a different route prefix. For example for use with `kubectl proxy`.
type: string
+ schedulerName:
+ description: schedulerName defines the scheduler to use for Pod scheduling.
+ If not specified, the default scheduler is used.
+ minLength: 1
+ type: string
secrets:
description: |-
secrets is a list of Secrets in the same namespace as the Alertmanager
@@ -6782,7 +6811,7 @@ spec:
resources:
description: |-
resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ Users are allowed to specify resource requirements
that are lower than previous value but must still be higher than capacity recorded in the
status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -7037,7 +7066,7 @@ spec:
resources:
description: |-
resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ Users are allowed to specify resource requirements
that are lower than previous value but must still be higher than capacity recorded in the
status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -7193,9 +7222,7 @@ spec:
ignore the update for the purpose it was designed. For
example - a controller that\nonly is responsible for
resizing capacity of the volume, should ignore PVC updates
- that change other valid\nresources associated with PVC.\n\nThis
- is an alpha field and requires enabling RecoverVolumeExpansionFailure
- feature."
+ that change other valid\nresources associated with PVC."
type: object
x-kubernetes-map-type: granular
allocatedResources:
@@ -7227,9 +7254,7 @@ spec:
ignore the update for the purpose it was designed. For
example - a controller that\nonly is responsible for
resizing capacity of the volume, should ignore PVC updates
- that change other valid\nresources associated with PVC.\n\nThis
- is an alpha field and requires enabling RecoverVolumeExpansionFailure
- feature."
+ that change other valid\nresources associated with PVC."
type: object
capacity:
additionalProperties:
@@ -7362,9 +7387,10 @@ spec:
operator:
description: |-
Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
+ Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
+ Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
type: string
tolerationSeconds:
description: |-
@@ -8256,7 +8282,7 @@ spec:
resources:
description: |-
resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ Users are allowed to specify resource requirements
that are lower than previous value but must still be higher than capacity recorded in the
status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -9135,6 +9161,24 @@ spec:
description: Kubelet's generated CSRs will be
addressed to this signer.
type: string
+ userAnnotations:
+ additionalProperties:
+ type: string
+ description: |-
+ userAnnotations allow pod authors to pass additional information to
+ the signer implementation. Kubernetes does not restrict or validate this
+ metadata in any way.
+
+ These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of
+ the PodCertificateRequest objects that Kubelet creates.
+
+ Entries are subject to the same validation as object metadata annotations,
+ with the addition that all keys must be domain-prefixed. No restrictions
+ are placed on values, except an overall size limitation on the entire field.
+
+ Signers should document the keys and values they support. Signers should
+ deny requests that contain keys they do not recognize.
+ type: object
required:
- keyType
- signerName
diff --git a/bundle/manifests/monitoring.rhobs_podmonitors.yaml b/bundle/manifests/monitoring.rhobs_podmonitors.yaml
index a6407faf6..1b1b7b550 100644
--- a/bundle/manifests/monitoring.rhobs_podmonitors.yaml
+++ b/bundle/manifests/monitoring.rhobs_podmonitors.yaml
@@ -4,7 +4,7 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
observability.openshift.io/api-support: TechPreview
- operator.prometheus.io/version: 0.89.0-rhobs1
+ operator.prometheus.io/version: 0.90.1-rhobs1
creationTimestamp: null
labels:
app.kubernetes.io/part-of: observability-operator
diff --git a/bundle/manifests/monitoring.rhobs_probes.yaml b/bundle/manifests/monitoring.rhobs_probes.yaml
index 83148217c..96c761d11 100644
--- a/bundle/manifests/monitoring.rhobs_probes.yaml
+++ b/bundle/manifests/monitoring.rhobs_probes.yaml
@@ -4,7 +4,7 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
observability.openshift.io/api-support: TechPreview
- operator.prometheus.io/version: 0.89.0-rhobs1
+ operator.prometheus.io/version: 0.90.1-rhobs1
creationTimestamp: null
labels:
app.kubernetes.io/part-of: observability-operator
diff --git a/bundle/manifests/monitoring.rhobs_prometheusagents.yaml b/bundle/manifests/monitoring.rhobs_prometheusagents.yaml
index 2c8b6b4cc..a9b428f47 100644
--- a/bundle/manifests/monitoring.rhobs_prometheusagents.yaml
+++ b/bundle/manifests/monitoring.rhobs_prometheusagents.yaml
@@ -4,7 +4,7 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
observability.openshift.io/api-support: TechPreview
- operator.prometheus.io/version: 0.89.0-rhobs1
+ operator.prometheus.io/version: 0.90.1-rhobs1
creationTimestamp: null
labels:
app.kubernetes.io/part-of: observability-operator
@@ -1478,9 +1478,8 @@ spec:
* `config-reloader`
* `thanos-sidecar`
- Overriding containers is entirely outside the scope of what the
- maintainers will support and by doing so, you accept that this behaviour
- may break at any time without notice.
+ Overriding containers which are managed by the operator require careful
+ testing, especially when upgrading to a new version of the operator.
items:
description: A single application container that you want to run
within a pod.
@@ -2348,7 +2347,9 @@ spec:
type: integer
type: object
resizePolicy:
- description: Resources resize policy for the container.
+ description: |-
+ Resources resize policy for the container.
+ This field cannot be set on ephemeral containers.
items:
description: ContainerResizePolicy represents resource resize
policy for the container.
@@ -3386,7 +3387,7 @@ spec:
initContainers:
description: |-
initContainers allows injecting initContainers to the Pod definition. Those
- can be used to e.g. fetch secrets for injection into the Prometheus
+ can be used to e.g. fetch secrets for injection into the Prometheus
configuration from external sources. Any errors during the execution of
an initContainer will lead to a restart of the Pod. More info:
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
@@ -3397,9 +3398,9 @@ spec:
The names of init container name managed by the operator are:
* `init-config-reloader`.
- Overriding init containers is entirely outside the scope of what the
- maintainers will support and by doing so, you accept that this behaviour
- may break at any time without notice.
+ Overriding init containers which are managed by the operator require
+ careful testing, especially when upgrading to a new version of the
+ operator.
items:
description: A single application container that you want to run
within a pod.
@@ -4267,7 +4268,9 @@ spec:
type: integer
type: object
resizePolicy:
- description: Resources resize policy for the container.
+ description: |-
+ Resources resize policy for the container.
+ This field cannot be set on ephemeral containers.
items:
description: ContainerResizePolicy represents resource resize
policy for the container.
@@ -6482,9 +6485,11 @@ spec:
type: string
type: object
url:
- description: url defines the URL of the endpoint to send samples
- to.
- minLength: 1
+ description: |-
+ url defines the URL of the endpoint to send samples to.
+
+ It must use the HTTP or HTTPS scheme.
+ pattern: ^(http|https)://.+$
type: string
writeRelabelConfigs:
description: writeRelabelConfigs defines the list of remote
@@ -6699,6 +6704,11 @@ spec:
If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.
format: int64
type: integer
+ schedulerName:
+ description: schedulerName defines the scheduler to use for Pod scheduling.
+ If not specified, the default scheduler is used.
+ minLength: 1
+ type: string
scrapeClasses:
description: |-
scrapeClasses defines the list of scrape classes to expose to scraping objects such as
@@ -7922,7 +7932,7 @@ spec:
resources:
description: |-
resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ Users are allowed to specify resource requirements
that are lower than previous value but must still be higher than capacity recorded in the
status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -8177,7 +8187,7 @@ spec:
resources:
description: |-
resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ Users are allowed to specify resource requirements
that are lower than previous value but must still be higher than capacity recorded in the
status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -8333,9 +8343,7 @@ spec:
ignore the update for the purpose it was designed. For
example - a controller that\nonly is responsible for
resizing capacity of the volume, should ignore PVC updates
- that change other valid\nresources associated with PVC.\n\nThis
- is an alpha field and requires enabling RecoverVolumeExpansionFailure
- feature."
+ that change other valid\nresources associated with PVC."
type: object
x-kubernetes-map-type: granular
allocatedResources:
@@ -8367,9 +8375,7 @@ spec:
ignore the update for the purpose it was designed. For
example - a controller that\nonly is responsible for
resizing capacity of the volume, should ignore PVC updates
- that change other valid\nresources associated with PVC.\n\nThis
- is an alpha field and requires enabling RecoverVolumeExpansionFailure
- feature."
+ that change other valid\nresources associated with PVC."
type: object
capacity:
additionalProperties:
@@ -8505,9 +8511,10 @@ spec:
operator:
description: |-
Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
+ Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
+ Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
type: string
tolerationSeconds:
description: |-
@@ -9665,7 +9672,7 @@ spec:
resources:
description: |-
resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ Users are allowed to specify resource requirements
that are lower than previous value but must still be higher than capacity recorded in the
status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -10544,6 +10551,24 @@ spec:
description: Kubelet's generated CSRs will be
addressed to this signer.
type: string
+ userAnnotations:
+ additionalProperties:
+ type: string
+ description: |-
+ userAnnotations allow pod authors to pass additional information to
+ the signer implementation. Kubernetes does not restrict or validate this
+ metadata in any way.
+
+ These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of
+ the PodCertificateRequest objects that Kubelet creates.
+
+ Entries are subject to the same validation as object metadata annotations,
+ with the addition that all keys must be domain-prefixed. No restrictions
+ are placed on values, except an overall size limitation on the entire field.
+
+ Signers should document the keys and values they support. Signers should
+ deny requests that contain keys they do not recognize.
+ type: object
required:
- keyType
- signerName
diff --git a/bundle/manifests/monitoring.rhobs_prometheuses.yaml b/bundle/manifests/monitoring.rhobs_prometheuses.yaml
index 2e4b3d330..2787f096c 100644
--- a/bundle/manifests/monitoring.rhobs_prometheuses.yaml
+++ b/bundle/manifests/monitoring.rhobs_prometheuses.yaml
@@ -4,7 +4,7 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
observability.openshift.io/api-support: Experimental-SSA
- operator.prometheus.io/version: 0.89.0-rhobs1
+ operator.prometheus.io/version: 0.90.1-rhobs1
creationTimestamp: null
labels:
app.kubernetes.io/part-of: observability-operator
@@ -2229,9 +2229,8 @@ spec:
* `config-reloader`
* `thanos-sidecar`
- Overriding containers is entirely outside the scope of what the
- maintainers will support and by doing so, you accept that this behaviour
- may break at any time without notice.
+ Overriding containers which are managed by the operator require careful
+ testing, especially when upgrading to a new version of the operator.
items:
description: A single application container that you want to run
within a pod.
@@ -3099,7 +3098,9 @@ spec:
type: integer
type: object
resizePolicy:
- description: Resources resize policy for the container.
+ description: |-
+ Resources resize policy for the container.
+ This field cannot be set on ephemeral containers.
items:
description: ContainerResizePolicy represents resource resize
policy for the container.
@@ -4179,7 +4180,7 @@ spec:
initContainers:
description: |-
initContainers allows injecting initContainers to the Pod definition. Those
- can be used to e.g. fetch secrets for injection into the Prometheus
+ can be used to e.g. fetch secrets for injection into the Prometheus
configuration from external sources. Any errors during the execution of
an initContainer will lead to a restart of the Pod. More info:
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
@@ -4190,9 +4191,9 @@ spec:
The names of init container name managed by the operator are:
* `init-config-reloader`.
- Overriding init containers is entirely outside the scope of what the
- maintainers will support and by doing so, you accept that this behaviour
- may break at any time without notice.
+ Overriding init containers which are managed by the operator require
+ careful testing, especially when upgrading to a new version of the
+ operator.
items:
description: A single application container that you want to run
within a pod.
@@ -5060,7 +5061,9 @@ spec:
type: integer
type: object
resizePolicy:
- description: Resources resize policy for the container.
+ description: |-
+ Resources resize policy for the container.
+ This field cannot be set on ephemeral containers.
items:
description: ContainerResizePolicy represents resource resize
policy for the container.
@@ -8072,9 +8075,11 @@ spec:
type: string
type: object
url:
- description: url defines the URL of the endpoint to send samples
- to.
- minLength: 1
+ description: |-
+ url defines the URL of the endpoint to send samples to.
+
+ It must use the HTTP or HTTPS scheme.
+ pattern: ^(http|https)://.+$
type: string
writeRelabelConfigs:
description: writeRelabelConfigs defines the list of remote
@@ -8434,6 +8439,11 @@ spec:
If you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit.
format: int64
type: integer
+ schedulerName:
+ description: schedulerName defines the scheduler to use for Pod scheduling.
+ If not specified, the default scheduler is used.
+ minLength: 1
+ type: string
scrapeClasses:
description: |-
scrapeClasses defines the list of scrape classes to expose to scraping objects such as
@@ -9695,7 +9705,7 @@ spec:
resources:
description: |-
resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ Users are allowed to specify resource requirements
that are lower than previous value but must still be higher than capacity recorded in the
status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -9950,7 +9960,7 @@ spec:
resources:
description: |-
resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ Users are allowed to specify resource requirements
that are lower than previous value but must still be higher than capacity recorded in the
status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -10106,9 +10116,7 @@ spec:
ignore the update for the purpose it was designed. For
example - a controller that\nonly is responsible for
resizing capacity of the volume, should ignore PVC updates
- that change other valid\nresources associated with PVC.\n\nThis
- is an alpha field and requires enabling RecoverVolumeExpansionFailure
- feature."
+ that change other valid\nresources associated with PVC."
type: object
x-kubernetes-map-type: granular
allocatedResources:
@@ -10140,9 +10148,7 @@ spec:
ignore the update for the purpose it was designed. For
example - a controller that\nonly is responsible for
resizing capacity of the volume, should ignore PVC updates
- that change other valid\nresources associated with PVC.\n\nThis
- is an alpha field and requires enabling RecoverVolumeExpansionFailure
- feature."
+ that change other valid\nresources associated with PVC."
type: object
capacity:
additionalProperties:
@@ -10326,7 +10332,7 @@ spec:
description: |-
grpcServerTlsConfig defines the TLS parameters for the gRPC server providing the StoreAPI.
- Note: Currently only the `caFile`, `certFile`, and `keyFile` fields are supported.
+ Note: Currently only the `minVersion`, `caFile`, `certFile`, and `keyFile` fields are supported.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -10802,9 +10808,10 @@ spec:
operator:
description: |-
Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
+ Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
+ Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
type: string
tolerationSeconds:
description: |-
@@ -11962,7 +11969,7 @@ spec:
resources:
description: |-
resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ Users are allowed to specify resource requirements
that are lower than previous value but must still be higher than capacity recorded in the
status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -12841,6 +12848,24 @@ spec:
description: Kubelet's generated CSRs will be
addressed to this signer.
type: string
+ userAnnotations:
+ additionalProperties:
+ type: string
+ description: |-
+ userAnnotations allow pod authors to pass additional information to
+ the signer implementation. Kubernetes does not restrict or validate this
+ metadata in any way.
+
+ These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of
+ the PodCertificateRequest objects that Kubelet creates.
+
+ Entries are subject to the same validation as object metadata annotations,
+ with the addition that all keys must be domain-prefixed. No restrictions
+ are placed on values, except an overall size limitation on the entire field.
+
+ Signers should document the keys and values they support. Signers should
+ deny requests that contain keys they do not recognize.
+ type: object
required:
- keyType
- signerName
diff --git a/bundle/manifests/monitoring.rhobs_prometheusrules.yaml b/bundle/manifests/monitoring.rhobs_prometheusrules.yaml
index b1aa455e1..479083547 100644
--- a/bundle/manifests/monitoring.rhobs_prometheusrules.yaml
+++ b/bundle/manifests/monitoring.rhobs_prometheusrules.yaml
@@ -4,7 +4,7 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
observability.openshift.io/api-support: TechPreview
- operator.prometheus.io/version: 0.89.0-rhobs1
+ operator.prometheus.io/version: 0.90.1-rhobs1
creationTimestamp: null
labels:
app.kubernetes.io/part-of: observability-operator
diff --git a/bundle/manifests/monitoring.rhobs_scrapeconfigs.yaml b/bundle/manifests/monitoring.rhobs_scrapeconfigs.yaml
index 0a5ff4395..bceffc8b8 100644
--- a/bundle/manifests/monitoring.rhobs_scrapeconfigs.yaml
+++ b/bundle/manifests/monitoring.rhobs_scrapeconfigs.yaml
@@ -4,7 +4,7 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
observability.openshift.io/api-support: TechPreview
- operator.prometheus.io/version: 0.89.0-rhobs1
+ operator.prometheus.io/version: 0.90.1-rhobs1
creationTimestamp: null
labels:
app.kubernetes.io/part-of: observability-operator
@@ -1685,7 +1685,7 @@ spec:
properties:
authorization:
description: |-
- authorization defines the header configuration to authenticate against the DigitalOcean API.
+ authorization defines the header configuration to authenticate against the DigitalOcean API.
Cannot be set at the same time as `oauth2`.
properties:
credentials:
@@ -2125,7 +2125,7 @@ spec:
type: string
tlsConfig:
description: tlsConfig defines the TLS configuration to connect
- to the Consul API.
+ to the DigitalOcean API.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -2354,7 +2354,7 @@ spec:
properties:
authorization:
description: |-
- authorization defines the header configuration to authenticate against the DigitalOcean API.
+ authorization defines the header configuration to authenticate against the Docker daemon.
Cannot be set at the same time as `oauth2`.
properties:
credentials:
@@ -2460,6 +2460,7 @@ spec:
properties:
name:
description: name of the Filter.
+ minLength: 1
type: string
values:
description: values defines values to filter on.
@@ -2482,8 +2483,9 @@ spec:
HTTP 3xx redirects.
type: boolean
host:
- description: host defines the address of the docker daemon
+ description: host defines the address of the docker daemon.
minLength: 1
+ pattern: ^[a-zA-Z][a-zA-Z0-9+.-]*://.+$
type: string
hostNetworkingHost:
description: hostNetworkingHost defines the host to use if the
@@ -2892,7 +2894,7 @@ spec:
type: string
tlsConfig:
description: tlsConfig defines the TLS configuration to connect
- to the Consul API.
+ to the Docker daemon.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -3072,7 +3074,7 @@ spec:
properties:
authorization:
description: |-
- authorization defines the header configuration to authenticate against the DigitalOcean API.
+ authorization defines the header configuration to authenticate against the Docker Swarm API.
Cannot be set at the same time as `oauth2`.
properties:
credentials:
@@ -3183,6 +3185,7 @@ spec:
properties:
name:
description: name of the Filter.
+ minLength: 1
type: string
values:
description: values defines values to filter on.
@@ -3614,7 +3617,7 @@ spec:
type: string
tlsConfig:
description: tlsConfig defines the TLS configuration to connect
- to the Consul API.
+ to the Docker Swarm daemon.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -3840,6 +3843,7 @@ spec:
properties:
name:
description: name of the Filter.
+ minLength: 1
type: string
values:
description: values defines values to filter on.
@@ -3963,7 +3967,7 @@ spec:
x-kubernetes-map-type: atomic
tlsConfig:
description: |-
- tlsConfig defines the TLS configuration to connect to the Consul API.
+ tlsConfig defines the TLS configuration to connect to the EC2 API.
It requires Prometheus >= v2.41.0
properties:
ca:
@@ -4154,7 +4158,7 @@ spec:
properties:
authorization:
description: |-
- authorization defines the header configuration to authenticate against the DigitalOcean API.
+ authorization defines the header configuration to authenticate against the Eureka server.
Cannot be set at the same time as `oauth2`.
properties:
credentials:
@@ -4645,12 +4649,11 @@ spec:
server:
description: server defines the URL to connect to the Eureka
server.
- minLength: 1
- pattern: ^http(s)?://.+$
+ pattern: ^https?://.+$
type: string
tlsConfig:
description: tlsConfig defines the TLS configuration to connect
- to the Consul API.
+ to the Eureka server.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -4933,7 +4936,7 @@ spec:
properties:
authorization:
description: |-
- authorization defines the header configuration to authenticate against the DigitalOcean API.
+ authorization defines the header configuration to authenticate against the Hetzner API.
Cannot be set at the same time as `oauth2`.
properties:
credentials:
@@ -5445,7 +5448,7 @@ spec:
type: string
tlsConfig:
description: tlsConfig defines the TLS configuration to connect
- to the Consul API.
+ to the Hetzner API.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -6297,8 +6300,7 @@ spec:
url:
description: url defines the URL from which the targets are
fetched.
- minLength: 1
- pattern: ^http(s)?://.+$
+ pattern: ^https?://.+$
type: string
required:
- url
@@ -6314,7 +6316,7 @@ spec:
properties:
authorization:
description: |-
- authorization defines the header configuration to authenticate against the IONOS.
+ authorization defines the header configuration to authenticate against the IONOS API.
Cannot be set at the same time as `oauth2`.
properties:
credentials:
@@ -6759,7 +6761,7 @@ spec:
type: string
tlsConfig:
description: tlsConfig defines the TLS configuration to connect
- to the Consul API.
+ to the IONOS API.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -7713,7 +7715,7 @@ spec:
properties:
authorization:
description: |-
- authorization defines the header configuration to authenticate against the DigitalOcean API.
+ authorization defines the header configuration to authenticate against the Kuma control plane.
Cannot be set at the same time as `oauth2`.
properties:
credentials:
@@ -8219,7 +8221,7 @@ spec:
type: string
tlsConfig:
description: tlsConfig defines the TLS configuration to connect
- to the Consul API.
+ to the Kuma control plane.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -8441,7 +8443,7 @@ spec:
x-kubernetes-map-type: atomic
authorization:
description: |-
- authorization defines the header configuration to authenticate against the DigitalOcean API.
+ authorization defines the header configuration to authenticate against the Lightsail API.
Cannot be set at the same time as `oauth2`.
properties:
credentials:
@@ -8976,7 +8978,7 @@ spec:
x-kubernetes-map-type: atomic
tlsConfig:
description: tlsConfig defines the TLS configuration to connect
- to the Consul API.
+ to the Lightsail API.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -9154,7 +9156,7 @@ spec:
properties:
authorization:
description: |-
- authorization defines the header configuration to authenticate against the DigitalOcean API.
+ authorization defines the header configuration to authenticate against the Linode API.
Cannot be set at the same time as `oauth2`.
properties:
credentials:
@@ -9604,7 +9606,7 @@ spec:
type: string
tlsConfig:
description: tlsConfig defines the TLS configuration to connect
- to the Consul API.
+ to the Linode API.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -9926,7 +9928,7 @@ spec:
type: boolean
authorization:
description: |-
- authorization defines the header configuration to authenticate against the DigitalOcean API.
+ authorization defines the header configuration to authenticate against the Nomad API.
Cannot be set at the same time as `oauth2`.
properties:
credentials:
@@ -10428,7 +10430,7 @@ spec:
description: |-
server defines the Nomad server address to connect to for service discovery.
This should be the full URL including protocol (e.g., "https://nomad.example.com:4646").
- minLength: 1
+ pattern: ^https?://.+$
type: string
tagSeparator:
description: |-
@@ -10437,7 +10439,7 @@ spec:
type: string
tlsConfig:
description: tlsConfig defines the TLS configuration to connect
- to the Consul API.
+ to the Nomad API.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -11010,7 +11012,7 @@ spec:
description: |-
identityEndpoint defines the HTTP endpoint that is required to work with
the Identity API of the appropriate version.
- pattern: ^http(s)?:\/\/.+$
+ pattern: ^https?://.+$
type: string
password:
description: |-
@@ -11418,7 +11420,7 @@ spec:
properties:
authorization:
description: |-
- authorization defines the header configuration to authenticate against the DigitalOcean API.
+ authorization defines the header configuration to authenticate against the PuppetDB API.
Cannot be set at the same time as `oauth2`.
properties:
credentials:
@@ -11929,7 +11931,7 @@ spec:
type: string
tlsConfig:
description: tlsConfig defines the TLS configuration to connect
- to the Consul API.
+ to the PuppetDB server.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -12098,8 +12100,7 @@ spec:
url:
description: url defines the URL of the PuppetDB root query
endpoint.
- minLength: 1
- pattern: ^http(s)?://.+$
+ pattern: ^https?://.+$
type: string
required:
- query
@@ -12218,7 +12219,7 @@ spec:
apiURL:
description: apiURL defines the API URL to use when doing the
server listing requests.
- pattern: ^http(s)?://.+$
+ pattern: ^https?://.+$
type: string
enableHTTP2:
description: enableHTTP2 defines whether to enable HTTP2.
@@ -12345,7 +12346,7 @@ spec:
x-kubernetes-list-type: set
tlsConfig:
description: tlsConfig defines the TLS configuration to connect
- to the Consul API.
+ to the Scaleway API.
properties:
ca:
description: ca defines the Certificate authority used when
@@ -12604,9 +12605,9 @@ spec:
description: targets defines the list of targets for this static
configuration.
items:
- description: |-
- Target represents a target for Prometheus to scrape
- kubebuilder:validation:MinLength:=1
+ description: Target represents a target for Prometheus to
+ scrape
+ minLength: 1
type: string
minItems: 1
type: array
diff --git a/bundle/manifests/monitoring.rhobs_servicemonitors.yaml b/bundle/manifests/monitoring.rhobs_servicemonitors.yaml
index 29dc53a6d..d78be18cb 100644
--- a/bundle/manifests/monitoring.rhobs_servicemonitors.yaml
+++ b/bundle/manifests/monitoring.rhobs_servicemonitors.yaml
@@ -4,7 +4,7 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
observability.openshift.io/api-support: TechPreview
- operator.prometheus.io/version: 0.89.0-rhobs1
+ operator.prometheus.io/version: 0.90.1-rhobs1
creationTimestamp: null
labels:
app.kubernetes.io/part-of: observability-operator
diff --git a/bundle/manifests/monitoring.rhobs_thanosrulers.yaml b/bundle/manifests/monitoring.rhobs_thanosrulers.yaml
index 25cfdb239..e84246442 100644
--- a/bundle/manifests/monitoring.rhobs_thanosrulers.yaml
+++ b/bundle/manifests/monitoring.rhobs_thanosrulers.yaml
@@ -4,7 +4,7 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
observability.openshift.io/api-support: TechPreview
- operator.prometheus.io/version: 0.89.0-rhobs1
+ operator.prometheus.io/version: 0.90.1-rhobs1
creationTimestamp: null
labels:
app.kubernetes.io/part-of: observability-operator
@@ -1120,13 +1120,19 @@ spec:
type: array
containers:
description: |-
- containers allows injecting additional containers or modifying operator generated
- containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or
- to change the behavior of an operator generated container. Containers described here modify
- an operator generated container if they share the same name and modifications are done via a
- strategic merge patch. The current container names are: `thanos-ruler` and `config-reloader`.
- Overriding containers is entirely outside the scope of what the maintainers will support and by doing
- so, you accept that this behaviour may break at any time without notice.
+ containers allows injecting additional containers or modifying operator
+ generated containers. This can be used to allow adding an authentication
+ proxy to the Pods or to change the behavior of an operator generated
+ container. Containers described here modify an operator generated
+ container if they share the same name and modifications are done via a
+ strategic merge patch.
+
+ The names of containers managed by the operator are:
+ * `thanos-ruler`
+ * `config-reloader`
+
+ Overriding containers which are managed by the operator require careful
+ testing, especially when upgrading to a new version of the operator.
items:
description: A single application container that you want to run
within a pod.
@@ -1994,7 +2000,9 @@ spec:
type: integer
type: object
resizePolicy:
- description: Resources resize policy for the container.
+ description: |-
+ Resources resize policy for the container.
+ This field cannot be set on ephemeral containers.
items:
description: ContainerResizePolicy represents resource resize
policy for the container.
@@ -2783,8 +2791,8 @@ spec:
description: |-
grpcServerTlsConfig defines the gRPC server from which Thanos Querier reads
recorded rule data.
- Note: Currently only the CAFile, CertFile, and KeyFile fields are supported.
- Maps to the '--grpc-server-tls-*' CLI args.
+
+ Note: Currently only the `minVersion`, `caFile`, `certFile`, and `keyFile` fields are supported.
properties:
ca:
description: ca defines the Certificate authority used when verifying
@@ -3031,13 +3039,11 @@ spec:
type: array
initContainers:
description: |-
- initContainers allows adding initContainers to the pod definition. Those can be used to e.g.
- fetch secrets for injection into the ThanosRuler configuration from external sources. Any
- errors during the execution of an initContainer will lead to a restart of the Pod.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
- Using initContainers for any use case other then secret fetching is entirely outside the scope
- of what the maintainers will support and by doing so, you accept that this behaviour may break
- at any time without notice.
+ initContainers allows injecting initContainers to the Pod definition.
+ Those can be used to e.g. fetch secrets for injection into the
+ configuration from external sources. Any errors during the execution of
+ an initContainer will lead to a restart of the Pod. More info:
+ https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
items:
description: A single application container that you want to run
within a pod.
@@ -3905,7 +3911,9 @@ spec:
type: integer
type: object
resizePolicy:
- description: Resources resize policy for the container.
+ description: |-
+ Resources resize policy for the container.
+ This field cannot be set on ephemeral containers.
items:
description: ContainerResizePolicy represents resource resize
policy for the container.
@@ -5825,9 +5833,11 @@ spec:
type: string
type: object
url:
- description: url defines the URL of the endpoint to send samples
- to.
- minLength: 1
+ description: |-
+ url defines the URL of the endpoint to send samples to.
+
+ It must use the HTTP or HTTPS scheme.
+ pattern: ^(http|https)://.+$
type: string
writeRelabelConfigs:
description: writeRelabelConfigs defines the list of remote
@@ -6130,6 +6140,11 @@ spec:
type: object
type: object
x-kubernetes-map-type: atomic
+ schedulerName:
+ description: schedulerName defines the scheduler to use for Pod scheduling.
+ If not specified, the default scheduler is used.
+ minLength: 1
+ type: string
securityContext:
description: |-
securityContext defines the pod-level security attributes and common container settings.
@@ -6548,7 +6563,7 @@ spec:
resources:
description: |-
resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ Users are allowed to specify resource requirements
that are lower than previous value but must still be higher than capacity recorded in the
status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -6803,7 +6818,7 @@ spec:
resources:
description: |-
resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ Users are allowed to specify resource requirements
that are lower than previous value but must still be higher than capacity recorded in the
status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -6959,9 +6974,7 @@ spec:
ignore the update for the purpose it was designed. For
example - a controller that\nonly is responsible for
resizing capacity of the volume, should ignore PVC updates
- that change other valid\nresources associated with PVC.\n\nThis
- is an alpha field and requires enabling RecoverVolumeExpansionFailure
- feature."
+ that change other valid\nresources associated with PVC."
type: object
x-kubernetes-map-type: granular
allocatedResources:
@@ -6993,9 +7006,7 @@ spec:
ignore the update for the purpose it was designed. For
example - a controller that\nonly is responsible for
resizing capacity of the volume, should ignore PVC updates
- that change other valid\nresources associated with PVC.\n\nThis
- is an alpha field and requires enabling RecoverVolumeExpansionFailure
- feature."
+ that change other valid\nresources associated with PVC."
type: object
capacity:
additionalProperties:
@@ -7122,9 +7133,10 @@ spec:
operator:
description: |-
Operator represents a key's relationship to the value.
- Valid operators are Exists and Equal. Defaults to Equal.
+ Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
+ Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
type: string
tolerationSeconds:
description: |-
@@ -8061,7 +8073,7 @@ spec:
resources:
description: |-
resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ Users are allowed to specify resource requirements
that are lower than previous value but must still be higher than capacity recorded in the
status field of the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -8940,6 +8952,24 @@ spec:
description: Kubelet's generated CSRs will be
addressed to this signer.
type: string
+ userAnnotations:
+ additionalProperties:
+ type: string
+ description: |-
+ userAnnotations allow pod authors to pass additional information to
+ the signer implementation. Kubernetes does not restrict or validate this
+ metadata in any way.
+
+ These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of
+ the PodCertificateRequest objects that Kubelet creates.
+
+ Entries are subject to the same validation as object metadata annotations,
+ with the addition that all keys must be domain-prefixed. No restrictions
+ are placed on values, except an overall size limitation on the entire field.
+
+ Signers should document the keys and values they support. Signers should
+ deny requests that contain keys they do not recognize.
+ type: object
required:
- keyType
- signerName
diff --git a/bundle/manifests/obo-prometheus-operator-admission-webhook_policy_v1_poddisruptionbudget.yaml b/bundle/manifests/obo-prometheus-operator-admission-webhook_policy_v1_poddisruptionbudget.yaml
index 72ac6b2af..5658e24ed 100644
--- a/bundle/manifests/obo-prometheus-operator-admission-webhook_policy_v1_poddisruptionbudget.yaml
+++ b/bundle/manifests/obo-prometheus-operator-admission-webhook_policy_v1_poddisruptionbudget.yaml
@@ -4,7 +4,7 @@ metadata:
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: observability-operator
- app.kubernetes.io/version: 0.89.0-rhobs1
+ app.kubernetes.io/version: 0.90.1-rhobs1
name: obo-prometheus-operator-admission-webhook
spec:
minAvailable: 1
diff --git a/bundle/manifests/obo-prometheus-operator-admission-webhook_v1_service.yaml b/bundle/manifests/obo-prometheus-operator-admission-webhook_v1_service.yaml
index d9018be62..8c6315589 100644
--- a/bundle/manifests/obo-prometheus-operator-admission-webhook_v1_service.yaml
+++ b/bundle/manifests/obo-prometheus-operator-admission-webhook_v1_service.yaml
@@ -5,7 +5,7 @@ metadata:
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: observability-operator
- app.kubernetes.io/version: 0.89.0-rhobs1
+ app.kubernetes.io/version: 0.90.1-rhobs1
name: obo-prometheus-operator-admission-webhook
spec:
ports:
diff --git a/bundle/manifests/obo-prometheus-operator_v1_service.yaml b/bundle/manifests/obo-prometheus-operator_v1_service.yaml
index 7db65fe18..592326f46 100644
--- a/bundle/manifests/obo-prometheus-operator_v1_service.yaml
+++ b/bundle/manifests/obo-prometheus-operator_v1_service.yaml
@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/part-of: observability-operator
- app.kubernetes.io/version: 0.89.0-rhobs1
+ app.kubernetes.io/version: 0.90.1-rhobs1
name: obo-prometheus-operator
spec:
clusterIP: None
diff --git a/bundle/manifests/observability-operator.clusterserviceversion.yaml b/bundle/manifests/observability-operator.clusterserviceversion.yaml
index ef84f9b80..cd6831d02 100644
--- a/bundle/manifests/observability-operator.clusterserviceversion.yaml
+++ b/bundle/manifests/observability-operator.clusterserviceversion.yaml
@@ -43,7 +43,7 @@ metadata:
certified: "false"
console.openshift.io/operator-monitoring-default: "true"
containerImage: observability-operator:1.3.0
- createdAt: "2026-04-27T10:00:19Z"
+ createdAt: "2026-05-18T17:17:51Z"
description: A Go based Kubernetes operator to setup and manage highly available
Monitoring Stack using Prometheus, Alertmanager and Thanos Querier.
operatorframework.io/cluster-monitoring: "true"
@@ -924,7 +924,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/part-of: observability-operator
- app.kubernetes.io/version: 0.89.0-rhobs1
+ app.kubernetes.io/version: 0.90.1-rhobs1
name: obo-prometheus-operator
spec:
replicas: 1
@@ -943,7 +943,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator
app.kubernetes.io/part-of: observability-operator
- app.kubernetes.io/version: 0.89.0-rhobs1
+ app.kubernetes.io/version: 0.90.1-rhobs1
spec:
affinity:
nodeAffinity:
@@ -956,7 +956,7 @@ spec:
automountServiceAccountToken: true
containers:
- args:
- - --prometheus-config-reloader=quay.io/rhobs/obo-prometheus-config-reloader:v0.89.0-rhobs1
+ - --prometheus-config-reloader=quay.io/rhobs/obo-prometheus-config-reloader:v0.90.1-rhobs1
- --prometheus-instance-selector=app.kubernetes.io/managed-by=observability-operator
- --alertmanager-instance-selector=app.kubernetes.io/managed-by=observability-operator
- --thanos-ruler-instance-selector=app.kubernetes.io/managed-by=observability-operator
@@ -965,7 +965,7 @@ spec:
env:
- name: GOGC
value: "30"
- image: quay.io/rhobs/obo-prometheus-operator:v0.89.0-rhobs1
+ image: quay.io/rhobs/obo-prometheus-operator:v0.90.1-rhobs1
name: prometheus-operator
ports:
- containerPort: 8080
@@ -995,7 +995,7 @@ spec:
- label:
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: observability-operator
- app.kubernetes.io/version: 0.89.0-rhobs1
+ app.kubernetes.io/version: 0.90.1-rhobs1
name: obo-prometheus-operator-admission-webhook
spec:
replicas: 2
@@ -1013,7 +1013,7 @@ spec:
labels:
app.kubernetes.io/name: prometheus-operator-admission-webhook
app.kubernetes.io/part-of: observability-operator
- app.kubernetes.io/version: 0.89.0-rhobs1
+ app.kubernetes.io/version: 0.90.1-rhobs1
spec:
affinity:
nodeAffinity:
@@ -1038,7 +1038,7 @@ spec:
- --web.enable-tls=true
- --web.cert-file=/tmp/k8s-webhook-server/serving-certs/tls.crt
- --web.key-file=/tmp/k8s-webhook-server/serving-certs/tls.key
- image: quay.io/rhobs/obo-admission-webhook:v0.89.0-rhobs1
+ image: quay.io/rhobs/obo-admission-webhook:v0.90.1-rhobs1
name: prometheus-operator-admission-webhook
ports:
- containerPort: 8443
diff --git a/bundle/manifests/observability.openshift.io_observabilityinstallers.yaml b/bundle/manifests/observability.openshift.io_observabilityinstallers.yaml
index c33ab3439..3d1307c71 100644
--- a/bundle/manifests/observability.openshift.io_observabilityinstallers.yaml
+++ b/bundle/manifests/observability.openshift.io_observabilityinstallers.yaml
@@ -180,8 +180,8 @@ spec:
- keyJSONSecret
type: object
gcsWIF:
- description: GCSSToken defines the Google Cloud Storage
- configuration using short-lived tokens.
+ description: GCSWIF defines the Google Cloud Storage
+ configuration using Workload Identity Federation.
properties:
audience:
description: Audience is the optional audience.
@@ -360,11 +360,12 @@ spec:
type: object
x-kubernetes-validations:
- message: Storage configuration is required when tracing is enabled
- rule: (!has(self.enabled) || !self.enabled) || [has(self.storage.objectStorage.s3),
+ rule: (!has(self.enabled) || !self.enabled) || (has(self.storage)
+ && has(self.storage.objectStorage) && [has(self.storage.objectStorage.s3),
has(self.storage.objectStorage.s3STS), has(self.storage.objectStorage.s3CCO),
has(self.storage.objectStorage.azure), has(self.storage.objectStorage.azureWIF),
has(self.storage.objectStorage.gcs), has(self.storage.objectStorage.gcsWIF)].filter(x,
- x).size() > 0
+ x).size() > 0)
type: object
type: object
status:
diff --git a/bundle/manifests/perses.dev_perses.yaml b/bundle/manifests/perses.dev_perses.yaml
index a55dc3d6e..03abd0940 100644
--- a/bundle/manifests/perses.dev_perses.yaml
+++ b/bundle/manifests/perses.dev_perses.yaml
@@ -3880,7 +3880,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
kubernetesAuth:
description: kubernetesAuth enables Kubernetes native authentication
for the Perses client
@@ -3959,7 +3959,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
tls:
description: tls provides TLS/SSL configuration for secure connections
to Perses
@@ -4010,7 +4010,7 @@ spec:
|| has(self.name)
- message: namespace is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap'
- || has(self.namespace)
+ || has(self.__namespace__)
enable:
description: enable determines whether TLS is enabled for
connections to Perses
@@ -4066,7 +4066,7 @@ spec:
|| has(self.name)
- message: namespace is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap'
- || has(self.namespace)
+ || has(self.__namespace__)
type: object
type: object
config:
@@ -6256,7 +6256,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
enable:
description: enable determines whether TLS is enabled for connections
to Perses
@@ -6310,7 +6310,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
type: object
tolerations:
description: tolerations allow pods to schedule onto nodes with matching
diff --git a/bundle/manifests/perses.dev_persesdatasources.yaml b/bundle/manifests/perses.dev_persesdatasources.yaml
index d3c294ef8..5952270e1 100644
--- a/bundle/manifests/perses.dev_persesdatasources.yaml
+++ b/bundle/manifests/perses.dev_persesdatasources.yaml
@@ -393,7 +393,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
kubernetesAuth:
description: kubernetesAuth enables Kubernetes native authentication
for the Perses client
@@ -472,7 +472,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
tls:
description: tls provides TLS/SSL configuration for secure connections
to Perses
@@ -523,7 +523,7 @@ spec:
|| has(self.name)
- message: namespace is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap'
- || has(self.namespace)
+ || has(self.__namespace__)
enable:
description: enable determines whether TLS is enabled for
connections to Perses
@@ -579,7 +579,7 @@ spec:
|| has(self.name)
- message: namespace is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap'
- || has(self.namespace)
+ || has(self.__namespace__)
type: object
type: object
config:
diff --git a/bundle/manifests/perses.dev_persesglobaldatasources.yaml b/bundle/manifests/perses.dev_persesglobaldatasources.yaml
index 5aa5896f0..86d50407e 100644
--- a/bundle/manifests/perses.dev_persesglobaldatasources.yaml
+++ b/bundle/manifests/perses.dev_persesglobaldatasources.yaml
@@ -101,7 +101,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
kubernetesAuth:
description: kubernetesAuth enables Kubernetes native authentication
for the Perses client
@@ -180,7 +180,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
tls:
description: tls provides TLS/SSL configuration for secure connections
to Perses
@@ -231,7 +231,7 @@ spec:
|| has(self.name)
- message: namespace is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap'
- || has(self.namespace)
+ || has(self.__namespace__)
enable:
description: enable determines whether TLS is enabled for
connections to Perses
@@ -287,7 +287,7 @@ spec:
|| has(self.name)
- message: namespace is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap'
- || has(self.namespace)
+ || has(self.__namespace__)
type: object
type: object
config:
diff --git a/cmd/operator/main.go b/cmd/operator/main.go
index 5cd7eefd5..812e0b2a7 100644
--- a/cmd/operator/main.go
+++ b/cmd/operator/main.go
@@ -40,22 +40,25 @@ import (
// prometheus-operator. For thanos we use the default version from
// prometheus-operator.
var defaultImages = map[string]string{
- "prometheus": "",
- "alertmanager": "",
- "thanos": obopo.DefaultThanosImage,
- "ui-dashboards": "quay.io/openshift-observability-ui/console-dashboards-plugin:v0.4.2",
- "ui-troubleshooting-panel": "quay.io/openshift-observability-ui/troubleshooting-panel-console-plugin:v0.4.4",
- "ui-distributed-tracing-pf4": "quay.io/openshift-observability-ui/distributed-tracing-console-plugin:v0.3.2",
- "ui-distributed-tracing-pf5": "quay.io/openshift-observability-ui/distributed-tracing-console-plugin:v0.4.2",
- "ui-distributed-tracing": "quay.io/openshift-observability-ui/distributed-tracing-console-plugin:v1.0.2",
- "ui-logging-pf4": "quay.io/openshift-observability-ui/logging-view-plugin:v6.0.4",
- "ui-logging-pf5": "quay.io/openshift-observability-ui/logging-view-plugin:v6.1.5",
- "ui-logging": "quay.io/openshift-observability-ui/logging-view-plugin:v6.2.0",
- "korrel8r": "quay.io/korrel8r/korrel8r:0.9.1",
- "health-analyzer": "quay.io/openshiftanalytics/cluster-health-analyzer:v1.1.1-rc.0",
- "ui-monitoring-pf5": "quay.io/openshift-observability-ui/monitoring-console-plugin:v0.4.4",
- "ui-monitoring": "quay.io/openshift-observability-ui/monitoring-console-plugin:v0.5.3",
- "perses": "quay.io/openshift-observability-ui/perses:v0.53.0-go-1.25",
+ "prometheus": "",
+ "alertmanager": "",
+ "thanos": obopo.DefaultThanosImage,
+ "ui-dashboards": "quay.io/openshift-observability-ui/console-dashboards-plugin:v0.4.3",
+ "ui-troubleshooting-panel-pf6": "quay.io/openshift-observability-ui/troubleshooting-panel-console-plugin:v0.4.5",
+ "ui-troubleshooting-panel": "quay.io/openshift-observability-ui/troubleshooting-panel-console-plugin:v1.0.0",
+ "ui-distributed-tracing-pf4": "quay.io/openshift-observability-ui/distributed-tracing-console-plugin:v0.3.3",
+ "ui-distributed-tracing-pf5": "quay.io/openshift-observability-ui/distributed-tracing-console-plugin:v0.4.3",
+ "ui-distributed-tracing-pf6": "quay.io/openshift-observability-ui/distributed-tracing-console-plugin:v1.0.3",
+ "ui-distributed-tracing": "quay.io/openshift-observability-ui/distributed-tracing-console-plugin:v1.1.0",
+ "ui-logging-pf4": "quay.io/openshift-observability-ui/logging-view-plugin:v6.0.5",
+ "ui-logging-pf5": "quay.io/openshift-observability-ui/logging-view-plugin:v6.1.6",
+ "ui-logging": "quay.io/openshift-observability-ui/logging-view-plugin:v6.2.1",
+ "korrel8r": "quay.io/korrel8r/korrel8r:0.9.1",
+ "health-analyzer": "quay.io/openshiftanalytics/cluster-health-analyzer:v1.1.1-rc.0",
+ "ui-monitoring-pf5": "quay.io/openshift-observability-ui/monitoring-console-plugin:v0.4.5",
+ "ui-monitoring-pf6": "quay.io/openshift-observability-ui/monitoring-console-plugin:v0.5.4",
+ "ui-monitoring": "quay.io/openshift-observability-ui/monitoring-console-plugin:v1.0.0",
+ "perses": "quay.io/openshift-observability-ui/perses:v0.54.0",
}
func imagesUsed() []string {
@@ -151,7 +154,7 @@ func main() {
setupLog.Error(err, "failed to fetch TLS profile from cluster")
os.Exit(1)
}
- setupLog.Info("fetched initial TLS profile", "minVersion", initialTLSProfileSpec.MinTLSVersion, "ciphers_len", len(initialTLSProfileSpec.Ciphers), "ciphers", initialTLSProfileSpec.Ciphers)
+ setupLog.Info("fetched initial TLS profile", "minVersion", initialTLSProfileSpec.MinTLSVersion, "ciphers", initialTLSProfileSpec.Ciphers)
}
op, err := operator.New(
diff --git a/deploy/crds/common/observability.openshift.io_observabilityinstallers.yaml b/deploy/crds/common/observability.openshift.io_observabilityinstallers.yaml
index fc254d266..b67ebc63e 100644
--- a/deploy/crds/common/observability.openshift.io_observabilityinstallers.yaml
+++ b/deploy/crds/common/observability.openshift.io_observabilityinstallers.yaml
@@ -180,8 +180,8 @@ spec:
- keyJSONSecret
type: object
gcsWIF:
- description: GCSSToken defines the Google Cloud Storage
- configuration using short-lived tokens.
+ description: GCSWIF defines the Google Cloud Storage
+ configuration using Workload Identity Federation.
properties:
audience:
description: Audience is the optional audience.
@@ -360,11 +360,12 @@ spec:
type: object
x-kubernetes-validations:
- message: Storage configuration is required when tracing is enabled
- rule: (!has(self.enabled) || !self.enabled) || [has(self.storage.objectStorage.s3),
+ rule: (!has(self.enabled) || !self.enabled) || (has(self.storage)
+ && has(self.storage.objectStorage) && [has(self.storage.objectStorage.s3),
has(self.storage.objectStorage.s3STS), has(self.storage.objectStorage.s3CCO),
has(self.storage.objectStorage.azure), has(self.storage.objectStorage.azureWIF),
has(self.storage.objectStorage.gcs), has(self.storage.objectStorage.gcsWIF)].filter(x,
- x).size() > 0
+ x).size() > 0)
type: object
type: object
status:
diff --git a/deploy/dependencies/kustomization.yaml b/deploy/dependencies/kustomization.yaml
index 492c827fb..9aca63840 100644
--- a/deploy/dependencies/kustomization.yaml
+++ b/deploy/dependencies/kustomization.yaml
@@ -3,25 +3,25 @@ kind: Kustomization
resources:
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_alertmanagers.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_podmonitors.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_probes.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_prometheuses.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_prometheusrules.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_servicemonitors.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_thanosrulers.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_prometheusagents.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_alertmanagerconfigs.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_scrapeconfigs.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/rbac/prometheus-operator/prometheus-operator-deployment.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/rbac/prometheus-operator/prometheus-operator-cluster-role-binding.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/rbac/prometheus-operator/prometheus-operator-cluster-role.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/rbac/prometheus-operator/prometheus-operator-service-account.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/rbac/prometheus-operator/prometheus-operator-service.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/admission-webhook/deployment.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/admission-webhook/service-account.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/admission-webhook/service.yaml
-- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.89.0-rhobs1/example/admission-webhook/pod-disruption-budget.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_alertmanagers.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_podmonitors.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_probes.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_prometheuses.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_prometheusrules.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_servicemonitors.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_thanosrulers.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_prometheusagents.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_alertmanagerconfigs.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/prometheus-operator-crd/monitoring.rhobs_scrapeconfigs.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/rbac/prometheus-operator/prometheus-operator-deployment.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/rbac/prometheus-operator/prometheus-operator-cluster-role-binding.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/rbac/prometheus-operator/prometheus-operator-cluster-role.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/rbac/prometheus-operator/prometheus-operator-service-account.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/rbac/prometheus-operator/prometheus-operator-service.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/admission-webhook/deployment.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/admission-webhook/service-account.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/admission-webhook/service.yaml
+- https://raw.githubusercontent.com/rhobs/obo-prometheus-operator/v0.90.1-rhobs1/example/admission-webhook/pod-disruption-budget.yaml
# NOTE: a service although automatically created by OLM for webhooks still
# requires admission-webhook/service as the port generated by OLM uses 443
# but assumes targetPort to be 443 as opposed to "https" port of webhook - 8443
@@ -32,11 +32,11 @@ resources:
images:
- name: quay.io/rhobs/obo-prometheus-operator
- newTag: v0.89.0-rhobs1
+ newTag: v0.90.1-rhobs1
- name: quay.io/rhobs/obo-prometheus-config-reloader
- newTag: v0.89.0-rhobs1
+ newTag: v0.90.1-rhobs1
- name: quay.io/rhobs/obo-admission-webhook
- newTag: v0.89.0-rhobs1
+ newTag: v0.90.1-rhobs1
namespace: operators
@@ -78,7 +78,7 @@ patches:
- name: prometheus-operator
image: quay.io/rhobs/obo-prometheus-operator
args:
- - --prometheus-config-reloader=quay.io/rhobs/obo-prometheus-config-reloader:v0.89.0-rhobs1
+ - --prometheus-config-reloader=quay.io/rhobs/obo-prometheus-config-reloader:v0.90.1-rhobs1
- --prometheus-instance-selector=app.kubernetes.io/managed-by=observability-operator
- --alertmanager-instance-selector=app.kubernetes.io/managed-by=observability-operator
- --thanos-ruler-instance-selector=app.kubernetes.io/managed-by=observability-operator
diff --git a/deploy/perses/crds/perses.dev_perses.yaml b/deploy/perses/crds/perses.dev_perses.yaml
index 43a7b66e2..504fdba9a 100644
--- a/deploy/perses/crds/perses.dev_perses.yaml
+++ b/deploy/perses/crds/perses.dev_perses.yaml
@@ -3869,7 +3869,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
kubernetesAuth:
description: kubernetesAuth enables Kubernetes native authentication
for the Perses client
@@ -3948,7 +3948,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
tls:
description: tls provides TLS/SSL configuration for secure connections
to Perses
@@ -3999,7 +3999,7 @@ spec:
|| has(self.name)
- message: namespace is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap'
- || has(self.namespace)
+ || has(self.__namespace__)
enable:
description: enable determines whether TLS is enabled for
connections to Perses
@@ -4055,7 +4055,7 @@ spec:
|| has(self.name)
- message: namespace is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap'
- || has(self.namespace)
+ || has(self.__namespace__)
type: object
type: object
config:
@@ -6245,7 +6245,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
enable:
description: enable determines whether TLS is enabled for connections
to Perses
@@ -6299,7 +6299,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
type: object
tolerations:
description: tolerations allow pods to schedule onto nodes with matching
diff --git a/deploy/perses/crds/perses.dev_persesdatasources.yaml b/deploy/perses/crds/perses.dev_persesdatasources.yaml
index fa8e5809b..47839f489 100644
--- a/deploy/perses/crds/perses.dev_persesdatasources.yaml
+++ b/deploy/perses/crds/perses.dev_persesdatasources.yaml
@@ -392,7 +392,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
kubernetesAuth:
description: kubernetesAuth enables Kubernetes native authentication
for the Perses client
@@ -471,7 +471,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
tls:
description: tls provides TLS/SSL configuration for secure connections
to Perses
@@ -522,7 +522,7 @@ spec:
|| has(self.name)
- message: namespace is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap'
- || has(self.namespace)
+ || has(self.__namespace__)
enable:
description: enable determines whether TLS is enabled for
connections to Perses
@@ -578,7 +578,7 @@ spec:
|| has(self.name)
- message: namespace is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap'
- || has(self.namespace)
+ || has(self.__namespace__)
type: object
type: object
config:
diff --git a/deploy/perses/crds/perses.dev_persesglobaldatasources.yaml b/deploy/perses/crds/perses.dev_persesglobaldatasources.yaml
index 4e5944c45..c006457c8 100644
--- a/deploy/perses/crds/perses.dev_persesglobaldatasources.yaml
+++ b/deploy/perses/crds/perses.dev_persesglobaldatasources.yaml
@@ -90,7 +90,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
kubernetesAuth:
description: kubernetesAuth enables Kubernetes native authentication
for the Perses client
@@ -169,7 +169,7 @@ spec:
- message: name is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap' || has(self.name)
- message: namespace is required when type is secret or configmap
- rule: self.type != 'secret' && self.type != 'configmap' || has(self.namespace)
+ rule: self.type != 'secret' && self.type != 'configmap' || has(self.__namespace__)
tls:
description: tls provides TLS/SSL configuration for secure connections
to Perses
@@ -220,7 +220,7 @@ spec:
|| has(self.name)
- message: namespace is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap'
- || has(self.namespace)
+ || has(self.__namespace__)
enable:
description: enable determines whether TLS is enabled for
connections to Perses
@@ -276,7 +276,7 @@ spec:
|| has(self.name)
- message: namespace is required when type is secret or configmap
rule: self.type != 'secret' && self.type != 'configmap'
- || has(self.namespace)
+ || has(self.__namespace__)
type: object
type: object
config:
diff --git a/docs/api.md b/docs/api.md
index 4329f770b..550f99792 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -4336,7 +4336,7 @@ ObjectStorageSpec defines the object storage configuration for tracing.
| gcsWIF |
object |
- GCSSToken defines the Google Cloud Storage configuration using short-lived tokens.
+ GCSWIF defines the Google Cloud Storage configuration using Workload Identity Federation.
|
false |
@@ -4574,7 +4574,7 @@ KeyJSON is the key.json file encoded in a secret.
-GCSSToken defines the Google Cloud Storage configuration using short-lived tokens.
+GCSWIF defines the Google Cloud Storage configuration using Workload Identity Federation.
diff --git a/go.mod b/go.mod
index af908ad7f..a2b35e72a 100644
--- a/go.mod
+++ b/go.mod
@@ -9,19 +9,27 @@ require (
github.com/google/go-cmp v0.7.0
github.com/grafana/tempo-operator v0.20.0
github.com/open-telemetry/opentelemetry-operator v0.148.0
- github.com/openshift/api v3.9.0+incompatible // PINNED: newer versions remove console/v1alpha1 API needed for OpenShift <4.17 compatibility
+ github.com/openshift/api v0.0.0-20260511191110-9b69e5fa27e9
github.com/openshift/controller-runtime-common v0.0.0-20260318085703-1812aed6dbd2
- github.com/openshift/library-go v0.0.0-20260213153706-03f1709971c5
- github.com/operator-framework/api v0.38.0
+ github.com/openshift/library-go v0.0.0-20260512121938-431f18311e77
+ github.com/operator-framework/api v0.42.0
+ github.com/perses/perses v0.53.1
+ github.com/perses/plugins/prometheus v0.57.0
+ github.com/perses/plugins/table v0.11.2
+ github.com/perses/plugins/timeserieschart v0.12.1
+ github.com/perses/spec v0.1.2
github.com/pkg/errors v0.9.1
- github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.89.0
+ github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.90.1
github.com/prometheus/common v0.67.5
- github.com/rhobs/obo-prometheus-operator v0.89.0-rhobs1
- github.com/rhobs/obo-prometheus-operator/pkg/apis/monitoring v0.89.0-rhobs1
+ github.com/rhobs/obo-prometheus-operator v0.90.1-rhobs1
+ github.com/rhobs/obo-prometheus-operator/pkg/apis/monitoring v0.90.1-rhobs1
github.com/rhobs/observability-operator/pkg/apis v0.0.0-20251009091129-76135c924ed6
+ github.com/rhobs/openshift-api v0.0.0-20260512142436-2e89e902a420
+ github.com/rhobs/perses v0.0.0-20260422074433-2c06d5cd1312
+ github.com/rhobs/perses-operator v0.1.10-0.20260518165420-4a0e166ccfca
github.com/stretchr/testify v1.11.1
go.uber.org/zap v1.27.1
- golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa
+ golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90
golang.org/x/mod v0.35.0
gopkg.in/yaml.v3 v3.0.1
gotest.tools/v3 v3.5.2
@@ -35,22 +43,6 @@ require (
sigs.k8s.io/controller-runtime v0.23.3
)
-replace (
- github.com/openshift/api => github.com/openshift/api v0.0.0-20240404200104-96ed2d49b255
- github.com/openshift/controller-runtime-common => github.com/openshift/controller-runtime-common v0.0.0-20260210092218-8eef974290cd
- github.com/rhobs/observability-operator/pkg/apis => ./pkg/apis
-)
-
-require (
- github.com/perses/perses v0.53.1
- github.com/perses/plugins/prometheus v0.57.0
- github.com/perses/plugins/table v0.11.2
- github.com/perses/plugins/timeserieschart v0.12.1
- github.com/perses/spec v0.1.2
- github.com/rhobs/perses v0.0.0-20260422074433-2c06d5cd1312
- github.com/rhobs/perses-operator v0.1.10-0.20260422102948-9bec730aa616
-)
-
require (
cel.dev/expr v0.25.1 // indirect
dario.cat/mergo v1.0.2 // indirect
@@ -75,27 +67,27 @@ require (
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-logr/zapr v1.3.0 // indirect
- github.com/go-openapi/analysis v0.24.2 // indirect
- github.com/go-openapi/errors v0.22.6 // indirect
- github.com/go-openapi/jsonpointer v0.22.4 // indirect
- github.com/go-openapi/jsonreference v0.21.4 // indirect
- github.com/go-openapi/loads v0.23.2 // indirect
- github.com/go-openapi/runtime v0.29.2 // indirect
- github.com/go-openapi/spec v0.22.3 // indirect
- github.com/go-openapi/strfmt v0.25.0 // indirect
- github.com/go-openapi/swag v0.25.4 // indirect
- github.com/go-openapi/swag/cmdutils v0.25.4 // indirect
- github.com/go-openapi/swag/conv v0.25.4 // indirect
- github.com/go-openapi/swag/fileutils v0.25.4 // indirect
- github.com/go-openapi/swag/jsonname v0.25.4 // indirect
- github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
- github.com/go-openapi/swag/loading v0.25.4 // indirect
- github.com/go-openapi/swag/mangling v0.25.4 // indirect
- github.com/go-openapi/swag/netutils v0.25.4 // indirect
- github.com/go-openapi/swag/stringutils v0.25.4 // indirect
- github.com/go-openapi/swag/typeutils v0.25.4 // indirect
- github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
- github.com/go-openapi/validate v0.25.1 // indirect
+ github.com/go-openapi/analysis v0.25.0 // indirect
+ github.com/go-openapi/errors v0.22.7 // indirect
+ github.com/go-openapi/jsonpointer v0.22.5 // indirect
+ github.com/go-openapi/jsonreference v0.21.5 // indirect
+ github.com/go-openapi/loads v0.23.3 // indirect
+ github.com/go-openapi/runtime v0.29.3 // indirect
+ github.com/go-openapi/spec v0.22.4 // indirect
+ github.com/go-openapi/strfmt v0.26.1 // indirect
+ github.com/go-openapi/swag v0.25.5 // indirect
+ github.com/go-openapi/swag/cmdutils v0.25.5 // indirect
+ github.com/go-openapi/swag/conv v0.25.5 // indirect
+ github.com/go-openapi/swag/fileutils v0.25.5 // indirect
+ github.com/go-openapi/swag/jsonname v0.25.5 // indirect
+ github.com/go-openapi/swag/jsonutils v0.25.5 // indirect
+ github.com/go-openapi/swag/loading v0.25.5 // indirect
+ github.com/go-openapi/swag/mangling v0.25.5 // indirect
+ github.com/go-openapi/swag/netutils v0.25.5 // indirect
+ github.com/go-openapi/swag/stringutils v0.25.5 // indirect
+ github.com/go-openapi/swag/typeutils v0.25.5 // indirect
+ github.com/go-openapi/swag/yamlutils v0.25.5 // indirect
+ github.com/go-openapi/validate v0.25.2 // indirect
github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt/v5 v5.3.1 // indirect
@@ -125,18 +117,18 @@ require (
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/nexucis/lamenv v0.5.2 // indirect
github.com/novln/docker-parser v1.0.0 // indirect
- github.com/oklog/ulid v1.3.1 // indirect
+ github.com/oklog/ulid/v2 v2.1.1 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/perses/common v0.30.2 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/prometheus-community/prom-label-proxy v0.12.1 // indirect
- github.com/prometheus/alertmanager v0.31.0 // indirect
+ github.com/prometheus/alertmanager v0.31.1 // indirect
github.com/prometheus/client_golang v1.23.2 // indirect
github.com/prometheus/client_model v0.6.2 // indirect
github.com/prometheus/otlptranslator v1.0.0 // indirect
github.com/prometheus/procfs v0.20.1 // indirect
- github.com/prometheus/prometheus v0.309.1 // indirect
- github.com/rhobs/obo-prometheus-operator/pkg/client v0.89.0-rhobs1 // indirect
+ github.com/prometheus/prometheus v0.310.0 // indirect
+ github.com/rhobs/obo-prometheus-operator/pkg/client v0.90.1-rhobs1 // indirect
github.com/shopspring/decimal v1.4.0 // indirect
github.com/sirupsen/logrus v1.9.4 // indirect
github.com/spf13/cobra v1.10.2 // indirect
@@ -147,7 +139,6 @@ require (
github.com/x448/float16 v0.8.4 // indirect
github.com/zitadel/oidc/v3 v3.47.4 // indirect
github.com/zitadel/schema v1.3.2 // indirect
- go.mongodb.org/mongo-driver v1.17.6 // indirect
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
go.opentelemetry.io/contrib/otelconf v0.22.0 // indirect
go.opentelemetry.io/otel v1.43.0 // indirect
@@ -180,7 +171,7 @@ require (
golang.org/x/sys v0.43.0 // indirect
golang.org/x/term v0.42.0 // indirect
golang.org/x/text v0.36.0 // indirect
- golang.org/x/time v0.14.0 // indirect
+ golang.org/x/time v0.15.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect
@@ -188,10 +179,12 @@ require (
google.golang.org/protobuf v1.36.11 // indirect
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
- k8s.io/klog/v2 v2.130.1 // indirect
- k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4 // indirect
+ k8s.io/klog/v2 v2.140.0 // indirect
+ k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a // indirect
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
sigs.k8s.io/randfill v1.0.0 // indirect
sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect
sigs.k8s.io/yaml v1.6.0 // indirect
)
+
+replace github.com/rhobs/observability-operator/pkg/apis => ./pkg/apis
diff --git a/go.sum b/go.sum
index 37a3d29b5..01bbeb13a 100644
--- a/go.sum
+++ b/go.sum
@@ -1,15 +1,15 @@
cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4=
cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4=
-cloud.google.com/go/auth v0.17.0 h1:74yCm7hCj2rUyyAocqnFzsAYXgJhrG26XCFimrc/Kz4=
-cloud.google.com/go/auth v0.17.0/go.mod h1:6wv/t5/6rOPAX4fJiRjKkJCvswLwdet7G8+UGXt7nCQ=
+cloud.google.com/go/auth v0.18.1 h1:IwTEx92GFUo2pJ6Qea0EU3zYvKnTAeRCODxfA/G5UWs=
+cloud.google.com/go/auth v0.18.1/go.mod h1:GfTYoS9G3CWpRA3Va9doKN9mjPGRS+v41jmZAhBzbrA=
cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc=
cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c=
cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs=
cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10=
dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 h1:JXg2dwJUmPB9JmtVmdEB16APJ7jurfbY5jnfXpJoRMc=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 h1:fou+2+WFTib47nS+nz/ozhEBnvU96bKHy6LjRsY4E28=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0/go.mod h1:t76Ruy8AHvUAC8GfMWJMa0ElSbuIcO03NLpynfbgsPA=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 h1:Hk5QBxZQC1jb2Fwj6mpzme37xbCDdNTxU7O9eb5+LB4=
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1/go.mod h1:IYus9qsFobWIc2YVwe/WPjcnyCkPKtnHAqUYeebc8z0=
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA=
@@ -118,54 +118,54 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
-github.com/go-openapi/analysis v0.24.2 h1:6p7WXEuKy1llDgOH8FooVeO+Uq2za9qoAOq4ZN08B50=
-github.com/go-openapi/analysis v0.24.2/go.mod h1:x27OOHKANE0lutg2ml4kzYLoHGMKgRm1Cj2ijVOjJuE=
-github.com/go-openapi/errors v0.22.6 h1:eDxcf89O8odEnohIXwEjY1IB4ph5vmbUsBMsFNwXWPo=
-github.com/go-openapi/errors v0.22.6/go.mod h1:z9S8ASTUqx7+CP1Q8dD8ewGH/1JWFFLX/2PmAYNQLgk=
-github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4=
-github.com/go-openapi/jsonpointer v0.22.4/go.mod h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80=
-github.com/go-openapi/jsonreference v0.21.4 h1:24qaE2y9bx/q3uRK/qN+TDwbok1NhbSmGjjySRCHtC8=
-github.com/go-openapi/jsonreference v0.21.4/go.mod h1:rIENPTjDbLpzQmQWCj5kKj3ZlmEh+EFVbz3RTUh30/4=
-github.com/go-openapi/loads v0.23.2 h1:rJXAcP7g1+lWyBHC7iTY+WAF0rprtM+pm8Jxv1uQJp4=
-github.com/go-openapi/loads v0.23.2/go.mod h1:IEVw1GfRt/P2Pplkelxzj9BYFajiWOtY2nHZNj4UnWY=
-github.com/go-openapi/runtime v0.29.2 h1:UmwSGWNmWQqKm1c2MGgXVpC2FTGwPDQeUsBMufc5Yj0=
-github.com/go-openapi/runtime v0.29.2/go.mod h1:biq5kJXRJKBJxTDJXAa00DOTa/anflQPhT0/wmjuy+0=
-github.com/go-openapi/spec v0.22.3 h1:qRSmj6Smz2rEBxMnLRBMeBWxbbOvuOoElvSvObIgwQc=
-github.com/go-openapi/spec v0.22.3/go.mod h1:iIImLODL2loCh3Vnox8TY2YWYJZjMAKYyLH2Mu8lOZs=
-github.com/go-openapi/strfmt v0.25.0 h1:7R0RX7mbKLa9EYCTHRcCuIPcaqlyQiWNPTXwClK0saQ=
-github.com/go-openapi/strfmt v0.25.0/go.mod h1:nNXct7OzbwrMY9+5tLX4I21pzcmE6ccMGXl3jFdPfn8=
-github.com/go-openapi/swag v0.25.4 h1:OyUPUFYDPDBMkqyxOTkqDYFnrhuhi9NR6QVUvIochMU=
-github.com/go-openapi/swag v0.25.4/go.mod h1:zNfJ9WZABGHCFg2RnY0S4IOkAcVTzJ6z2Bi+Q4i6qFQ=
-github.com/go-openapi/swag/cmdutils v0.25.4 h1:8rYhB5n6WawR192/BfUu2iVlxqVR9aRgGJP6WaBoW+4=
-github.com/go-openapi/swag/cmdutils v0.25.4/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0=
-github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4=
-github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU=
-github.com/go-openapi/swag/fileutils v0.25.4 h1:2oI0XNW5y6UWZTC7vAxC8hmsK/tOkWXHJQH4lKjqw+Y=
-github.com/go-openapi/swag/fileutils v0.25.4/go.mod h1:cdOT/PKbwcysVQ9Tpr0q20lQKH7MGhOEb6EwmHOirUk=
-github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI=
-github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag=
-github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA=
-github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY=
-github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo=
-github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM=
-github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s=
-github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE=
-github.com/go-openapi/swag/mangling v0.25.4 h1:2b9kBJk9JvPgxr36V23FxJLdwBrpijI26Bx5JH4Hp48=
-github.com/go-openapi/swag/mangling v0.25.4/go.mod h1:6dxwu6QyORHpIIApsdZgb6wBk/DPU15MdyYj/ikn0Hg=
-github.com/go-openapi/swag/netutils v0.25.4 h1:Gqe6K71bGRb3ZQLusdI8p/y1KLgV4M/k+/HzVSqT8H0=
-github.com/go-openapi/swag/netutils v0.25.4/go.mod h1:m2W8dtdaoX7oj9rEttLyTeEFFEBvnAx9qHd5nJEBzYg=
-github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8=
-github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0=
-github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw=
-github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE=
-github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw=
-github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc=
-github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4=
-github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg=
-github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls=
-github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
-github.com/go-openapi/validate v0.25.1 h1:sSACUI6Jcnbo5IWqbYHgjibrhhmt3vR6lCzKZnmAgBw=
-github.com/go-openapi/validate v0.25.1/go.mod h1:RMVyVFYte0gbSTaZ0N4KmTn6u/kClvAFp+mAVfS/DQc=
+github.com/go-openapi/analysis v0.25.0 h1:EnjAq1yO8wEO9HbPmY8vLPEIkdZuuFhCAKBPvCB7bCs=
+github.com/go-openapi/analysis v0.25.0/go.mod h1:5WFTRE43WLkPG9r9OtlMfqkkvUTYLVVCIxLlEpyF8kE=
+github.com/go-openapi/errors v0.22.7 h1:JLFBGC0Apwdzw3484MmBqspjPbwa2SHvpDm0u5aGhUA=
+github.com/go-openapi/errors v0.22.7/go.mod h1://QW6SD9OsWtH6gHllUCddOXDL0tk0ZGNYHwsw4sW3w=
+github.com/go-openapi/jsonpointer v0.22.5 h1:8on/0Yp4uTb9f4XvTrM2+1CPrV05QPZXu+rvu2o9jcA=
+github.com/go-openapi/jsonpointer v0.22.5/go.mod h1:gyUR3sCvGSWchA2sUBJGluYMbe1zazrYWIkWPjjMUY0=
+github.com/go-openapi/jsonreference v0.21.5 h1:6uCGVXU/aNF13AQNggxfysJ+5ZcU4nEAe+pJyVWRdiE=
+github.com/go-openapi/jsonreference v0.21.5/go.mod h1:u25Bw85sX4E2jzFodh1FOKMTZLcfifd1Q+iKKOUxExw=
+github.com/go-openapi/loads v0.23.3 h1:g5Xap1JfwKkUnZdn+S0L3SzBDpcTIYzZ5Qaag0YDkKQ=
+github.com/go-openapi/loads v0.23.3/go.mod h1:NOH07zLajXo8y55hom0omlHWDVVvCwBM/S+csCK8LqA=
+github.com/go-openapi/runtime v0.29.3 h1:h5twGaEqxtQg40ePiYm9vFFH1q06Czd7Ot6ufdK0w/Y=
+github.com/go-openapi/runtime v0.29.3/go.mod h1:8A1W0/L5eyNJvKciqZtvIVQvYO66NlB7INMSZ9bw/oI=
+github.com/go-openapi/spec v0.22.4 h1:4pxGjipMKu0FzFiu/DPwN3CTBRlVM2yLf/YTWorYfDQ=
+github.com/go-openapi/spec v0.22.4/go.mod h1:WQ6Ai0VPWMZgMT4XySjlRIE6GP1bGQOtEThn3gcWLtQ=
+github.com/go-openapi/strfmt v0.26.1 h1:7zGCHji7zSYDC2tCXIusoxYQz/48jAf2q+sF6wXTG+c=
+github.com/go-openapi/strfmt v0.26.1/go.mod h1:Zslk5VZPOISLwmWTMBIS7oiVFem1o1EI6zULY8Uer7Y=
+github.com/go-openapi/swag v0.25.5 h1:pNkwbUEeGwMtcgxDr+2GBPAk4kT+kJ+AaB+TMKAg+TU=
+github.com/go-openapi/swag v0.25.5/go.mod h1:B3RT6l8q7X803JRxa2e59tHOiZlX1t8viplOcs9CwTA=
+github.com/go-openapi/swag/cmdutils v0.25.5 h1:yh5hHrpgsw4NwM9KAEtaDTXILYzdXh/I8Whhx9hKj7c=
+github.com/go-openapi/swag/cmdutils v0.25.5/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0=
+github.com/go-openapi/swag/conv v0.25.5 h1:wAXBYEXJjoKwE5+vc9YHhpQOFj2JYBMF2DUi+tGu97g=
+github.com/go-openapi/swag/conv v0.25.5/go.mod h1:CuJ1eWvh1c4ORKx7unQnFGyvBbNlRKbnRyAvDvzWA4k=
+github.com/go-openapi/swag/fileutils v0.25.5 h1:B6JTdOcs2c0dBIs9HnkyTW+5gC+8NIhVBUwERkFhMWk=
+github.com/go-openapi/swag/fileutils v0.25.5/go.mod h1:V3cT9UdMQIaH4WiTrUc9EPtVA4txS0TOmRURmhGF4kc=
+github.com/go-openapi/swag/jsonname v0.25.5 h1:8p150i44rv/Drip4vWI3kGi9+4W9TdI3US3uUYSFhSo=
+github.com/go-openapi/swag/jsonname v0.25.5/go.mod h1:jNqqikyiAK56uS7n8sLkdaNY/uq6+D2m2LANat09pKU=
+github.com/go-openapi/swag/jsonutils v0.25.5 h1:XUZF8awQr75MXeC+/iaw5usY/iM7nXPDwdG3Jbl9vYo=
+github.com/go-openapi/swag/jsonutils v0.25.5/go.mod h1:48FXUaz8YsDAA9s5AnaUvAmry1UcLcNVWUjY42XkrN4=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.5 h1:SX6sE4FrGb4sEnnxbFL/25yZBb5Hcg1inLeErd86Y1U=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.5/go.mod h1:/2KvOTrKWjVA5Xli3DZWdMCZDzz3uV/T7bXwrKWPquo=
+github.com/go-openapi/swag/loading v0.25.5 h1:odQ/umlIZ1ZVRteI6ckSrvP6e2w9UTF5qgNdemJHjuU=
+github.com/go-openapi/swag/loading v0.25.5/go.mod h1:I8A8RaaQ4DApxhPSWLNYWh9NvmX2YKMoB9nwvv6oW6g=
+github.com/go-openapi/swag/mangling v0.25.5 h1:hyrnvbQRS7vKePQPHHDso+k6CGn5ZBs5232UqWZmJZw=
+github.com/go-openapi/swag/mangling v0.25.5/go.mod h1:6hadXM/o312N/h98RwByLg088U61TPGiltQn71Iw0NY=
+github.com/go-openapi/swag/netutils v0.25.5 h1:LZq2Xc2QI8+7838elRAaPCeqJnHODfSyOa7ZGfxDKlU=
+github.com/go-openapi/swag/netutils v0.25.5/go.mod h1:lHbtmj4m57APG/8H7ZcMMSWzNqIQcu0RFiXrPUara14=
+github.com/go-openapi/swag/stringutils v0.25.5 h1:NVkoDOA8YBgtAR/zvCx5rhJKtZF3IzXcDdwOsYzrB6M=
+github.com/go-openapi/swag/stringutils v0.25.5/go.mod h1:PKK8EZdu4QJq8iezt17HM8RXnLAzY7gW0O1KKarrZII=
+github.com/go-openapi/swag/typeutils v0.25.5 h1:EFJ+PCga2HfHGdo8s8VJXEVbeXRCYwzzr9u4rJk7L7E=
+github.com/go-openapi/swag/typeutils v0.25.5/go.mod h1:itmFmScAYE1bSD8C4rS0W+0InZUBrB2xSPbWt6DLGuc=
+github.com/go-openapi/swag/yamlutils v0.25.5 h1:kASCIS+oIeoc55j28T4o8KwlV2S4ZLPT6G0iq2SSbVQ=
+github.com/go-openapi/swag/yamlutils v0.25.5/go.mod h1:Gek1/SjjfbYvM+Iq4QGwa/2lEXde9n2j4a3wI3pNuOQ=
+github.com/go-openapi/testify/enable/yaml/v2 v2.4.1 h1:NZOrZmIb6PTv5LTFxr5/mKV/FjbUzGE7E6gLz7vFoOQ=
+github.com/go-openapi/testify/enable/yaml/v2 v2.4.1/go.mod h1:r7dwsujEHawapMsxA69i+XMGZrQ5tRauhLAjV/sxg3Q=
+github.com/go-openapi/testify/v2 v2.4.1 h1:zB34HDKj4tHwyUQHrUkpV0Q0iXQ6dUCOQtIqn8hE6Iw=
+github.com/go-openapi/testify/v2 v2.4.1/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
+github.com/go-openapi/validate v0.25.2 h1:12NsfLAwGegqbGWr2CnvT65X/Q2USJipmJ9b7xDJZz0=
+github.com/go-openapi/validate v0.25.2/go.mod h1:Pgl1LpPPGFnZ+ys4/hTlDiRYQdI1ocKypgE+8Q8BLfY=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
@@ -199,16 +199,16 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc=
-github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI=
+github.com/google/pprof v0.0.0-20260202012954-cb029daf43ef h1:xpF9fUHpoIrrjX24DURVKiwHcFpw19ndIs+FwTSMbno=
+github.com/google/pprof v0.0.0-20260202012954-cb029daf43ef/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI=
github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.7 h1:zrn2Ee/nWmHulBx5sAVrGgAa0f2/R35S4DJwfFaUPFQ=
-github.com/googleapis/enterprise-certificate-proxy v0.3.7/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
-github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo=
-github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc=
+github.com/googleapis/enterprise-certificate-proxy v0.3.11 h1:vAe81Msw+8tKUxi2Dqh/NZMz7475yUvmRIkXr4oN2ao=
+github.com/googleapis/enterprise-certificate-proxy v0.3.11/go.mod h1:RFV7MUdlb7AgEq2v7FmMCfeSMCllAzWxFgRdusoGks8=
+github.com/googleapis/gax-go/v2 v2.16.0 h1:iHbQmKLLZrexmb0OSsNGTeSTS0HO4YvFOG8g5E4Zd0Y=
+github.com/googleapis/gax-go/v2 v2.16.0/go.mod h1:o1vfQjjNZn4+dPnRdl/4ZD7S9414Y4xA+a/6Icj6l14=
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
github.com/grafana/regexp v0.0.0-20250905093917-f7b3be9d1853 h1:cLN4IBkmkYZNnk7EAJ0BHIethd+J6LqxFNw5mSiI2bM=
@@ -230,8 +230,8 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk=
-github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
+github.com/klauspost/compress v1.18.3 h1:9PJRvfbmTabkOX8moIpXPbMMbYN60bWImDDU7L+/6zw=
+github.com/klauspost/compress v1.18.3/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -279,8 +279,6 @@ github.com/nexucis/lamenv v0.5.2 h1:tK/u3XGhCq9qIoVNcXsK9LZb8fKopm0A5weqSRvHd7M=
github.com/nexucis/lamenv v0.5.2/go.mod h1:HusJm6ltmmT7FMG8A750mOLuME6SHCsr2iFYxp5fFi0=
github.com/novln/docker-parser v1.0.0 h1:PjEBd9QnKixcWczNGyEdfUrP6GR0YUilAqG7Wksg3uc=
github.com/novln/docker-parser v1.0.0/go.mod h1:oCeM32fsoUwkwByB5wVjsrsVQySzPWkl3JdlTn1txpE=
-github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
github.com/oklog/ulid/v2 v2.1.1 h1:suPZ4ARWLOJLegGFiZZ1dFAkqzhMjL3J1TzI+5wHz8s=
github.com/oklog/ulid/v2 v2.1.1/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc=
@@ -292,14 +290,15 @@ github.com/open-telemetry/opentelemetry-operator v0.148.0 h1:kzVgjGDejYi/tS6U9Pn
github.com/open-telemetry/opentelemetry-operator v0.148.0/go.mod h1:FyHoJIYYJj9aSkwdUjpJekEhqtTsBz/LgjxiRp94k5k=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/openshift/api v0.0.0-20240404200104-96ed2d49b255 h1:OPEl/rl/Bt8soLkMUex9PZu9PJB59VPFnaPh/n1Pb3I=
-github.com/openshift/api v0.0.0-20240404200104-96ed2d49b255/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4=
-github.com/openshift/controller-runtime-common v0.0.0-20260210092218-8eef974290cd h1:pwYZz6/NjHBCrxp/oalDmVl2KP/10Pimzr+BhfKCF9Q=
-github.com/openshift/controller-runtime-common v0.0.0-20260210092218-8eef974290cd/go.mod h1:v50YKO19Utu2nn7jsWwMFZXmO+HSHdkeDdEdNvOSy88=
-github.com/openshift/library-go v0.0.0-20260213153706-03f1709971c5 h1:9Pe6iVOMjt9CdA/vaKBNUSoEIjIe1po5Ha3ABRYXLJI=
-github.com/openshift/library-go v0.0.0-20260213153706-03f1709971c5/go.mod h1:K3FoNLgNBFYbFuG+Kr8usAnQxj1w84XogyUp2M8rK8k=
-github.com/operator-framework/api v0.38.0 h1:RbIhBH7pot/tlVPkEppXOh2zT7GpSUjPJoC8pRnNnBo=
-github.com/operator-framework/api v0.38.0/go.mod h1:6UCZhZPh9zAZZq1D9B2+IO0ibVwHdTiNYLYRr8ZT8Mk=
+github.com/openshift/api v0.0.0-20260511191110-9b69e5fa27e9 h1:yb8ul1HPFYhO04yp0D8T/qSySZnKv210f4nE//i/Bdg=
+github.com/openshift/api v0.0.0-20260511191110-9b69e5fa27e9/go.mod h1:pyVjK0nZ4sRs4fuQVQ4rubsJdahI1PB94LnQ8sGdvxo=
+github.com/openshift/controller-runtime-common v0.0.0-20260318085703-1812aed6dbd2 h1:GrZlVichOCE/lz8fg1+eNrAtkM0VSlqa9buuzN0vnb0=
+github.com/openshift/controller-runtime-common v0.0.0-20260318085703-1812aed6dbd2/go.mod h1:XGabTMnNbz0M5Oa7IbscZp/jmcc7aHobvOCUWwkzKvM=
+github.com/openshift/library-go v0.0.0-20260512121938-431f18311e77 h1:aj6OEadsB7mJkUoukka+7y0x0Q3o7n/BIAmkPFB4160=
+github.com/openshift/library-go v0.0.0-20260512121938-431f18311e77/go.mod h1:gKG9lctU0yEftSoT3DUyeIWz1oAgF0EHUpwI4pnCo4o=
+github.com/operator-framework/api v0.42.0 h1:rkc5V3zW8RxZMjePAe12jdL7Co/hwsYo1pLnkkhuR7s=
+github.com/operator-framework/api v0.42.0/go.mod h1:bMEj+wl/8tGqcGNtxt38cLUYagu9chNsbYzb/5HQaUQ=
+github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
github.com/perses/common v0.30.2 h1:RAiVxUpX76lTCb4X7pfcXSvYdXQmZwKi4oDKAEO//u0=
github.com/perses/common v0.30.2/go.mod h1:DFtur1QPah2/ChXbKKhw7djYdwNgz27s5fPKpiK0Xao=
github.com/perses/perses v0.53.1 h1:9VY/6p9QWrZwPSV7qiwTMSOsgcB37Lb1AXKT0ORXc6I=
@@ -323,17 +322,17 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/prometheus-community/prom-label-proxy v0.12.1 h1:vJ6tGz4NMge140Ua3T/zh3HO0CA3bmnCsfkWK/cujG0=
github.com/prometheus-community/prom-label-proxy v0.12.1/go.mod h1:/tZNtOMcbPbE1VFcY8b48mPqT1bb2jVpXx2WdjjM8TY=
-github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.89.0 h1:nZ9Ov2SbA8pWcyWKpf6AbQipG5Negg5CfDKWOEtnnwc=
-github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.89.0/go.mod h1:IJwk1oNs212afqGbNnE84GAB95OHtJR/BuI1rKESiYk=
-github.com/prometheus/alertmanager v0.31.0 h1:DQW02uIUNNiAa9AD9VA5xaFw5D+xrV+bocJc4gN9bEU=
-github.com/prometheus/alertmanager v0.31.0/go.mod h1:zWPQwhbLt2ybee8rL921UONeQ59Oncash+m/hGP17tU=
+github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.90.1 h1:URbjn501/IBFTzPtGXrYDXHi+ZcbP2W60o6JeTrY3vQ=
+github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.90.1/go.mod h1:Gfzi4500QCMnptFIQc8YdDi8YZ4QA0vs22LROWZ3+YU=
+github.com/prometheus/alertmanager v0.31.1 h1:eAmIC42lzbWslHkMt693T36qdxfyZULswiHr681YS3Q=
+github.com/prometheus/alertmanager v0.31.1/go.mod h1:zWPQwhbLt2ybee8rL921UONeQ59Oncash+m/hGP17tU=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
-github.com/prometheus/client_golang/exp v0.0.0-20251212205219-7ba246a648ca h1:BOxmsLoL2ymn8lXJtorca7N/m+2vDQUDoEtPjf0iAxA=
-github.com/prometheus/client_golang/exp v0.0.0-20251212205219-7ba246a648ca/go.mod h1:gndBHh3ZdjBozGcGrjUYjN3UJLRS3l2drALtu4lUt+k=
+github.com/prometheus/client_golang/exp v0.0.0-20260108101519-fb0838f53562 h1:vwqZvuobg82U0gcG2eVrFH27806bUbNr32SvfRbvdsg=
+github.com/prometheus/client_golang/exp v0.0.0-20260108101519-fb0838f53562/go.mod h1:PmAYDB13uBFBG9qE1qxZZgZWhg7Rg6SfKM5DMK7hjyI=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -350,20 +349,22 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT
github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
github.com/prometheus/procfs v0.20.1 h1:XwbrGOIplXW/AU3YhIhLODXMJYyC1isLFfYCsTEycfc=
github.com/prometheus/procfs v0.20.1/go.mod h1:o9EMBZGRyvDrSPH1RqdxhojkuXstoe4UlK79eF5TGGo=
-github.com/prometheus/prometheus v0.309.1 h1:jutK6eCYDpWdPTUbVbkcQsNCMO9CCkSwjQRMLds4jSo=
-github.com/prometheus/prometheus v0.309.1/go.mod h1:d+dOGiVhuNDa4MaFXHVdnUBy/CzqlcNTooR8oM1wdTU=
-github.com/prometheus/sigv4 v0.4.0 h1:s8oiq+S4ORkpjftnBvzObLrz5Hw49YwEhumNGBdfg4M=
-github.com/prometheus/sigv4 v0.4.0/go.mod h1:D6dQeKEsDyUWzoNGjby5HgXshiOAbsz7vuApHTCmOxA=
-github.com/rhobs/obo-prometheus-operator v0.89.0-rhobs1 h1:hQ2rh/z1DPqXSWttlfkBiYtiUkOT5bUiWcDi7WPO0mk=
-github.com/rhobs/obo-prometheus-operator v0.89.0-rhobs1/go.mod h1:TlzY4F1MR3mqxiSZ1pABF5StzmQ2enQ5YJnC1wyjKq8=
-github.com/rhobs/obo-prometheus-operator/pkg/apis/monitoring v0.89.0-rhobs1 h1:e2ZFNrG7m7YE7SQCI0Ic/6rhEH8NCBEylA6+kpJQLWg=
-github.com/rhobs/obo-prometheus-operator/pkg/apis/monitoring v0.89.0-rhobs1/go.mod h1:n3FXshd/fzRA5gzdmNQFI2td0KZ5GRj5RRZghYPNHvw=
-github.com/rhobs/obo-prometheus-operator/pkg/client v0.89.0-rhobs1 h1:aCjfPywiKvX3yFLddS8KGWzmtvEiglGInt6lAjPPYNI=
-github.com/rhobs/obo-prometheus-operator/pkg/client v0.89.0-rhobs1/go.mod h1:ggQz5xbfAZHyTiPEzFfS2QgLMKlVpA/OF8d5HaGubKE=
+github.com/prometheus/prometheus v0.310.0 h1:iS0Uul/dHjy8ifBnqo3YEOhRxlTOWantRoDWwmIowwA=
+github.com/prometheus/prometheus v0.310.0/go.mod h1:rs6XoWKvgAStqxHxb2Twh1BR6rp7qw7fmUgW+gaXjbw=
+github.com/prometheus/sigv4 v0.4.1 h1:EIc3j+8NBea9u1iV6O5ZAN8uvPq2xOIUPcqCTivHuXs=
+github.com/prometheus/sigv4 v0.4.1/go.mod h1:eu+ZbRvsc5TPiHwqh77OWuCnWK73IdkETYY46P4dXOU=
+github.com/rhobs/obo-prometheus-operator v0.90.1-rhobs1 h1:e1c9V8r787uf48LBco4Bmz/Rlbj8P0zba9u6+qTtMP8=
+github.com/rhobs/obo-prometheus-operator v0.90.1-rhobs1/go.mod h1:ZcKMSdOZ3KfmoaRqJKhQwzYDnsoybIQhArdQS1HuAAU=
+github.com/rhobs/obo-prometheus-operator/pkg/apis/monitoring v0.90.1-rhobs1 h1:yOt1W2z5WotAgxOM27FfWVLlCC0JycPverWGk1kmFdU=
+github.com/rhobs/obo-prometheus-operator/pkg/apis/monitoring v0.90.1-rhobs1/go.mod h1:smEIMH0TANmMFkksWwrwxSP/pNdjVa66WNO06Nf7ylc=
+github.com/rhobs/obo-prometheus-operator/pkg/client v0.90.1-rhobs1 h1:Ut5Cirj3CBXMNy0UQnce8XwDEH/Nwv7dgEs1rUyhUrk=
+github.com/rhobs/obo-prometheus-operator/pkg/client v0.90.1-rhobs1/go.mod h1:gy2Ky11XeW8qbt7iyeOd7lhQa9wk+aIQfARs1tAffw4=
+github.com/rhobs/openshift-api v0.0.0-20260512142436-2e89e902a420 h1:7e9fFgSnTQH6mOUK9ne8eueLoDe0qFdxPZn0yYD3T4Y=
+github.com/rhobs/openshift-api v0.0.0-20260512142436-2e89e902a420/go.mod h1:W0V3SoeXIKmaTN3pqMKDiLZ23rc9viuqYenk9+89N+o=
github.com/rhobs/perses v0.0.0-20260422074433-2c06d5cd1312 h1:FIHpZaFw4s8KwL1MbBbehbhnaIoWqK9w6BQHp8qtk50=
github.com/rhobs/perses v0.0.0-20260422074433-2c06d5cd1312/go.mod h1:1eTdHfUEzWvkpxzblN5MeXnvcTLoMFSXcAl1rbdEkJo=
-github.com/rhobs/perses-operator v0.1.10-0.20260422102948-9bec730aa616 h1:pBAB0AH1JT21OkD8wpoxeTuPot9mWQWo2KYRKaCzPMo=
-github.com/rhobs/perses-operator v0.1.10-0.20260422102948-9bec730aa616/go.mod h1:REkyhfFzgup4/wvVoTPDFtKFz/1xWG24P0I1+1eRbMU=
+github.com/rhobs/perses-operator v0.1.10-0.20260518165420-4a0e166ccfca h1:2C6DuqBYT8MkHBEXIc2kF9xrXvQh2Ifp7l+Xcy1HtwU=
+github.com/rhobs/perses-operator v0.1.10-0.20260518165420-4a0e166ccfca/go.mod h1:ZduotU/1fKgK0r1LGMRIKftKE0LWofh1j97p+XCsplA=
github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -401,8 +402,6 @@ github.com/zitadel/oidc/v3 v3.47.4 h1:aRNmqY5XkVNUybkMUO+s1QXxjja0M2hoschoqMNgn6
github.com/zitadel/oidc/v3 v3.47.4/go.mod h1:XxFh0666HRXycyrKmono+3gY0RACpYJLgy4r/+kliKY=
github.com/zitadel/schema v1.3.2 h1:gfJvt7dOMfTmxzhscZ9KkapKo3Nei3B6cAxjav+lyjI=
github.com/zitadel/schema v1.3.2/go.mod h1:IZmdfF9Wu62Zu6tJJTH3UsArevs3Y4smfJIj3L8fzxw=
-go.mongodb.org/mongo-driver v1.17.6 h1:87JUG1wZfWsr6rIz3ZmpH90rL5tea7O3IHuSwHUpsss=
-go.mongodb.org/mongo-driver v1.17.6/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 h1:OyrsyzuttWTSur2qN/Lm0m2a8yqyIjUVBZcxFPuXq2o=
@@ -467,8 +466,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI=
golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q=
-golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa h1:Zt3DZoOFFYkKhDT3v7Lm9FDMEV06GpzjG2jrqW+QTE0=
-golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa/go.mod h1:K79w1Vqn7PoiZn+TkNpx3BUWUQksGO3JcVX6qIjytmA=
+golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 h1:jiDhWWeC7jfWqR9c/uplMOqJ0sbNlNWv0UkzE0vX1MA=
+golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90/go.mod h1:xE1HEv6b+1SCZ5/uscMRjUBKtIxworgEcEi+/n9NQDQ=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM=
@@ -506,8 +505,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
-golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
-golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
+golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=
+golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
@@ -522,8 +521,8 @@ gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0
gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4=
gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E=
-google.golang.org/api v0.257.0 h1:8Y0lzvHlZps53PEaw+G29SsQIkuKrumGWs9puiexNAA=
-google.golang.org/api v0.257.0/go.mod h1:4eJrr+vbVaZSqs7vovFd1Jb/A6ml6iw2e6FBYf3GAO4=
+google.golang.org/api v0.265.0 h1:FZvfUdI8nfmuNrE34aOWFPmLC+qRBEiNm3JdivTvAAU=
+google.golang.org/api v0.265.0/go.mod h1:uAvfEl3SLUj/7n6k+lJutcswVojHPp2Sp08jWCu8hLY=
google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 h1:VPWxll4HlMw1Vs/qXtN7BvhZqsS9cdAittCNvVENElA=
google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:7QBABkRtR8z+TEnmXTqIqwJLlzrZKVfAUm7tY3yGv0M=
google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 h1:m8qni9SQFH0tJc1X0vmnpw/0t+AImlSvp30sEupozUg=
@@ -561,10 +560,10 @@ k8s.io/client-go v0.35.4 h1:DN6fyaGuzK64UvnKO5fOA6ymSjvfGAnCAHAR0C66kD8=
k8s.io/client-go v0.35.4/go.mod h1:2Pg9WpsS4NeOpoYTfHHfMxBG8zFMSAUi4O/qoiJC3nY=
k8s.io/component-base v0.35.4 h1:6n1tNJ87johN0Hif0Fs8K2GMthsaUwMqCebUDLYyv7U=
k8s.io/component-base v0.35.4/go.mod h1:qaDJgz5c1KYKla9occFmlJEfPpkuA55s90G509R+PeY=
-k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
-k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4 h1:HhDfevmPS+OalTjQRKbTHppRIz01AWi8s45TMXStgYY=
-k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ=
+k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc=
+k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0=
+k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a h1:xCeOEAOoGYl2jnJoHkC3hkbPJgdATINPMAxaynU2Ovg=
+k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a/go.mod h1:uGBT7iTA6c6MvqUvSXIaYZo9ukscABYi2btjhvgKGZ0=
k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0xi3g0ZcxxJ7vbWU=
k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk=
sigs.k8s.io/controller-runtime v0.23.3 h1:VjB/vhoPoA9l1kEKZHBMnQF33tdCLQKJtydy4iqwZ80=
diff --git a/hack/dev-deploy.sh b/hack/dev-deploy.sh
index 0b20eaf67..34a9a19c1 100755
--- a/hack/dev-deploy.sh
+++ b/hack/dev-deploy.sh
@@ -46,10 +46,7 @@ CAT_NAME=$(oc get catalogsource | grep 'observability-operator' | awk '{print $1
SUB_NAME=$(oc get subscriptions | grep 'observability-operator' | awk '{print $1}') && oc delete subscriptions "${SUB_NAME}"
CSV_NAME=$(oc get clusterserviceversion | grep 'observability-operator' | awk '{print $1}') && oc delete clusterserviceversion "${CSV_NAME}"
-# delete uiplugin if hanging by unblock finalizer
-kubectl patch uiplugin monitoring --type='merge' -p='{"metadata":{"finalizers":null}}'
-
-# OR Delete the whole operator
+# OR Delete the whole operator
operator-sdk cleanup observability-operator -n openshift-operators
# Run the bundle using the fully qualified image tag.
diff --git a/pkg/apis/observability/v1alpha1/tracing.go b/pkg/apis/observability/v1alpha1/tracing.go
index 8a20f25d3..00db7132c 100644
--- a/pkg/apis/observability/v1alpha1/tracing.go
+++ b/pkg/apis/observability/v1alpha1/tracing.go
@@ -1,12 +1,19 @@
package v1alpha1
// TracingSpec defines the desired state of the tracing capability.
-// +kubebuilder:validation:XValidation:rule="(!has(self.enabled) || !self.enabled) || [has(self.storage.objectStorage.s3), has(self.storage.objectStorage.s3STS), has(self.storage.objectStorage.s3CCO), has(self.storage.objectStorage.azure), has(self.storage.objectStorage.azureWIF), has(self.storage.objectStorage.gcs), has(self.storage.objectStorage.gcsWIF)].filter(x, x).size() > 0",message="Storage configuration is required when tracing is enabled"
+// +kubebuilder:validation:XValidation:rule="(!has(self.enabled) || !self.enabled) || (has(self.storage) && has(self.storage.objectStorage) && [has(self.storage.objectStorage.s3), has(self.storage.objectStorage.s3STS), has(self.storage.objectStorage.s3CCO), has(self.storage.objectStorage.azure), has(self.storage.objectStorage.azureWIF), has(self.storage.objectStorage.gcs), has(self.storage.objectStorage.gcsWIF)].filter(x, x).size() > 0)",message="Storage configuration is required when tracing is enabled"
type TracingSpec struct {
CommonCapabilitiesSpec `json:",inline"`
// Storage defines the storage for the tracing capability
- Storage TracingStorageSpec `json:"storage,omitempty"`
+ Storage *TracingStorageSpec `json:"storage,omitempty"`
+}
+
+func (t *TracingSpec) GetStorage() *TracingStorageSpec {
+ if t != nil {
+ return t.Storage
+ }
+ return nil
}
// TracingStorageSpec defines the storage for tracing capability.
@@ -15,7 +22,14 @@ type TracingStorageSpec struct {
// +optional
// +kubebuilder:validation:Optional
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Object storage config"
- ObjectStorageSpec TracingObjectStorageSpec `json:"objectStorage,omitempty"`
+ ObjectStorageSpec *TracingObjectStorageSpec `json:"objectStorage,omitempty"`
+}
+
+func (s *TracingStorageSpec) GetObjectStorageSpec() *TracingObjectStorageSpec {
+ if s != nil {
+ return s.ObjectStorageSpec
+ }
+ return nil
}
// TracingObjectStorageSpec defines the object storage for the tracing capability.
@@ -35,8 +49,8 @@ type TracingObjectStorageSpec struct {
// GCS defines the Google Cloud Storage configuration.
GCS *GCSSpec `json:"gcs,omitempty"`
- // GCSSToken defines the Google Cloud Storage configuration using short-lived tokens.
- GCSSTSSpec *GCSWIFSpec `json:"gcsWIF,omitempty"`
+ // GCSWIF defines the Google Cloud Storage configuration using Workload Identity Federation.
+ GCSWIF *GCSWIFSpec `json:"gcsWIF,omitempty"`
// TLS configuration for reaching the object storage endpoint.
//
@@ -45,3 +59,10 @@ type TracingObjectStorageSpec struct {
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="TLS Config"
TLS *TLSSpec `json:"tls,omitempty"`
}
+
+func (o *TracingObjectStorageSpec) GetTLS() *TLSSpec {
+ if o != nil {
+ return o.TLS
+ }
+ return nil
+}
diff --git a/pkg/apis/observability/v1alpha1/tracing_test.go b/pkg/apis/observability/v1alpha1/tracing_test.go
index a0244ee9a..732ee7a85 100644
--- a/pkg/apis/observability/v1alpha1/tracing_test.go
+++ b/pkg/apis/observability/v1alpha1/tracing_test.go
@@ -140,7 +140,7 @@ func TestTracingObjectStorageSpecValidation(t *testing.T) {
{
name: "only GCSWIFSpec specified",
spec: TracingObjectStorageSpec{
- GCSSTSSpec: &GCSWIFSpec{
+ GCSWIF: &GCSWIFSpec{
Bucket: "test-bucket",
KeyJSONSecret: SecretKeySelector{Name: "test-secret", Key: "key"},
},
@@ -288,8 +288,8 @@ func TestTracingSpecValidation(t *testing.T) {
CommonCapabilitiesSpec: CommonCapabilitiesSpec{
Enabled: false,
},
- Storage: TracingStorageSpec{
- ObjectStorageSpec: TracingObjectStorageSpec{
+ Storage: &TracingStorageSpec{
+ ObjectStorageSpec: &TracingObjectStorageSpec{
S3: &S3Spec{
Bucket: "test-bucket",
Endpoint: "test-endpoint",
@@ -307,8 +307,8 @@ func TestTracingSpecValidation(t *testing.T) {
CommonCapabilitiesSpec: CommonCapabilitiesSpec{
Enabled: true,
},
- Storage: TracingStorageSpec{
- ObjectStorageSpec: TracingObjectStorageSpec{
+ Storage: &TracingStorageSpec{
+ ObjectStorageSpec: &TracingObjectStorageSpec{
S3: &S3Spec{
Bucket: "test-bucket",
Endpoint: "test-endpoint",
@@ -335,8 +335,8 @@ func TestTracingSpecValidation(t *testing.T) {
CommonCapabilitiesSpec: CommonCapabilitiesSpec{
Enabled: true,
},
- Storage: TracingStorageSpec{
- ObjectStorageSpec: TracingObjectStorageSpec{},
+ Storage: &TracingStorageSpec{
+ ObjectStorageSpec: &TracingObjectStorageSpec{},
},
},
expectValid: false,
diff --git a/pkg/apis/observability/v1alpha1/types.go b/pkg/apis/observability/v1alpha1/types.go
index d5ba0d737..a5a551a4b 100644
--- a/pkg/apis/observability/v1alpha1/types.go
+++ b/pkg/apis/observability/v1alpha1/types.go
@@ -45,6 +45,13 @@ type ObservabilityInstallerSpec struct {
Capabilities *CapabilitiesSpec `json:"capabilities,omitempty"`
}
+func (s *ObservabilityInstallerSpec) GetCapabilities() *CapabilitiesSpec {
+ if s != nil {
+ return s.Capabilities
+ }
+ return nil
+}
+
// ObservabilityInstallerStatus defines the observed state of ObservabilityInstaller.
type ObservabilityInstallerStatus struct {
// OpenTelemetry defines the status of the OpenTelemetry capability.
@@ -98,7 +105,14 @@ type CapabilitiesSpec struct {
// The Tempo instance is configured with a single tenant called application.
// +optional
// +kubebuilder:validation:Optional
- Tracing TracingSpec `json:"tracing,omitempty"`
+ Tracing *TracingSpec `json:"tracing,omitempty"`
+}
+
+func (c *CapabilitiesSpec) GetTracing() *TracingSpec {
+ if c != nil {
+ return c.Tracing
+ }
+ return nil
}
// CommonCapabilitiesSpec defines the common capabilities.
@@ -112,7 +126,14 @@ type CommonCapabilitiesSpec struct {
// Operators defines the operators installation for the capability.
// +optional
// +kubebuilder:validation:Optional
- Operators OperatorsSpec `json:"operators,omitempty"`
+ Operators *OperatorsSpec `json:"operators,omitempty"`
+}
+
+func (c *CommonCapabilitiesSpec) GetOperators() *OperatorsSpec {
+ if c != nil {
+ return c.Operators
+ }
+ return nil
}
// OperatorsSpec defines the operators installation.
diff --git a/pkg/apis/observability/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/observability/v1alpha1/zz_generated.deepcopy.go
index 29077f5c4..0a88097cf 100644
--- a/pkg/apis/observability/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/observability/v1alpha1/zz_generated.deepcopy.go
@@ -59,7 +59,11 @@ func (in *AzureWIFSpec) DeepCopy() *AzureWIFSpec {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CapabilitiesSpec) DeepCopyInto(out *CapabilitiesSpec) {
*out = *in
- in.Tracing.DeepCopyInto(&out.Tracing)
+ if in.Tracing != nil {
+ in, out := &in.Tracing, &out.Tracing
+ *out = new(TracingSpec)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapabilitiesSpec.
@@ -75,7 +79,11 @@ func (in *CapabilitiesSpec) DeepCopy() *CapabilitiesSpec {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CommonCapabilitiesSpec) DeepCopyInto(out *CommonCapabilitiesSpec) {
*out = *in
- in.Operators.DeepCopyInto(&out.Operators)
+ if in.Operators != nil {
+ in, out := &in.Operators, &out.Operators
+ *out = new(OperatorsSpec)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonCapabilitiesSpec.
@@ -380,8 +388,8 @@ func (in *TracingObjectStorageSpec) DeepCopyInto(out *TracingObjectStorageSpec)
*out = new(GCSSpec)
**out = **in
}
- if in.GCSSTSSpec != nil {
- in, out := &in.GCSSTSSpec, &out.GCSSTSSpec
+ if in.GCSWIF != nil {
+ in, out := &in.GCSWIF, &out.GCSWIF
*out = new(GCSWIFSpec)
**out = **in
}
@@ -406,7 +414,11 @@ func (in *TracingObjectStorageSpec) DeepCopy() *TracingObjectStorageSpec {
func (in *TracingSpec) DeepCopyInto(out *TracingSpec) {
*out = *in
in.CommonCapabilitiesSpec.DeepCopyInto(&out.CommonCapabilitiesSpec)
- in.Storage.DeepCopyInto(&out.Storage)
+ if in.Storage != nil {
+ in, out := &in.Storage, &out.Storage
+ *out = new(TracingStorageSpec)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingSpec.
@@ -422,7 +434,11 @@ func (in *TracingSpec) DeepCopy() *TracingSpec {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TracingStorageSpec) DeepCopyInto(out *TracingStorageSpec) {
*out = *in
- in.ObjectStorageSpec.DeepCopyInto(&out.ObjectStorageSpec)
+ if in.ObjectStorageSpec != nil {
+ in, out := &in.ObjectStorageSpec, &out.ObjectStorageSpec
+ *out = new(TracingObjectStorageSpec)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingStorageSpec.
diff --git a/pkg/controllers/observability/reconcilers.go b/pkg/controllers/observability/reconcilers.go
index a30ad0bac..4a6e3ef73 100644
--- a/pkg/controllers/observability/reconcilers.go
+++ b/pkg/controllers/observability/reconcilers.go
@@ -117,7 +117,7 @@ func getReconcilers(ctx context.Context, k8sClient client.Client, k8sReader clie
}
// Install operators and instances
- if instance.Spec.Capabilities != nil && instance.Spec.Capabilities.Tracing.CommonCapabilitiesSpec.Enabled {
+ if tracing := instance.Spec.GetCapabilities().GetTracing(); tracing != nil && tracing.Enabled {
// install operators and instances
if operatorsStatus.ShouldInstall("opentelemetry") {
reconcilers = append(reconcilers, reconciler.NewCreateUpdateReconciler(otelSubs, instance))
@@ -133,8 +133,9 @@ func getReconcilers(ctx context.Context, k8sClient client.Client, k8sReader clie
}
}
// install operators only
- if instance.Spec.Capabilities != nil &&
- (instance.Spec.Capabilities.Tracing.CommonCapabilitiesSpec.Operators.Install != nil && *instance.Spec.Capabilities.Tracing.CommonCapabilitiesSpec.Operators.Install) {
+ if tracing := instance.Spec.GetCapabilities().GetTracing(); tracing != nil &&
+ tracing.GetOperators() != nil &&
+ (tracing.GetOperators().Install != nil && *tracing.GetOperators().Install) {
// install operators only
if operatorsStatus.ShouldInstall("opentelemetry") {
reconcilers = append(reconcilers, reconciler.NewCreateUpdateReconciler(otelSubs, instance))
diff --git a/pkg/controllers/observability/reconcilers_test.go b/pkg/controllers/observability/reconcilers_test.go
index 14c2372a1..d41c3cf8a 100644
--- a/pkg/controllers/observability/reconcilers_test.go
+++ b/pkg/controllers/observability/reconcilers_test.go
@@ -53,10 +53,10 @@ func TestGetReconcilers(t *testing.T) {
},
Spec: obsv1alpha1.ObservabilityInstallerSpec{
Capabilities: &obsv1alpha1.CapabilitiesSpec{
- Tracing: obsv1alpha1.TracingSpec{
+ Tracing: &obsv1alpha1.TracingSpec{
CommonCapabilitiesSpec: obsv1alpha1.CommonCapabilitiesSpec{
Enabled: true,
- Operators: obsv1alpha1.OperatorsSpec{},
+ Operators: &obsv1alpha1.OperatorsSpec{},
},
},
},
@@ -87,13 +87,13 @@ func TestGetReconcilers(t *testing.T) {
},
Spec: obsv1alpha1.ObservabilityInstallerSpec{
Capabilities: &obsv1alpha1.CapabilitiesSpec{
- Tracing: obsv1alpha1.TracingSpec{
+ Tracing: &obsv1alpha1.TracingSpec{
CommonCapabilitiesSpec: obsv1alpha1.CommonCapabilitiesSpec{
Enabled: true,
- Operators: obsv1alpha1.OperatorsSpec{},
+ Operators: &obsv1alpha1.OperatorsSpec{},
},
- Storage: obsv1alpha1.TracingStorageSpec{
- ObjectStorageSpec: obsv1alpha1.TracingObjectStorageSpec{
+ Storage: &obsv1alpha1.TracingStorageSpec{
+ ObjectStorageSpec: &obsv1alpha1.TracingObjectStorageSpec{
S3: &obsv1alpha1.S3Spec{
Bucket: "tempo",
Endpoint: "tmepo:111",
@@ -137,10 +137,10 @@ func TestGetReconcilers(t *testing.T) {
},
Spec: obsv1alpha1.ObservabilityInstallerSpec{
Capabilities: &obsv1alpha1.CapabilitiesSpec{
- Tracing: obsv1alpha1.TracingSpec{
+ Tracing: &obsv1alpha1.TracingSpec{
CommonCapabilitiesSpec: obsv1alpha1.CommonCapabilitiesSpec{
Enabled: false,
- Operators: obsv1alpha1.OperatorsSpec{
+ Operators: &obsv1alpha1.OperatorsSpec{
Install: &trueVal,
},
},
@@ -171,7 +171,7 @@ func TestGetReconcilers(t *testing.T) {
},
Spec: obsv1alpha1.ObservabilityInstallerSpec{
Capabilities: &obsv1alpha1.CapabilitiesSpec{
- Tracing: obsv1alpha1.TracingSpec{
+ Tracing: &obsv1alpha1.TracingSpec{
CommonCapabilitiesSpec: obsv1alpha1.CommonCapabilitiesSpec{
Enabled: false,
},
@@ -200,7 +200,7 @@ func TestGetReconcilers(t *testing.T) {
},
Spec: obsv1alpha1.ObservabilityInstallerSpec{
Capabilities: &obsv1alpha1.CapabilitiesSpec{
- Tracing: obsv1alpha1.TracingSpec{
+ Tracing: &obsv1alpha1.TracingSpec{
CommonCapabilitiesSpec: obsv1alpha1.CommonCapabilitiesSpec{
Enabled: true,
},
diff --git a/pkg/controllers/observability/tempo_components.go b/pkg/controllers/observability/tempo_components.go
index 3502c83a8..83b6260d3 100644
--- a/pkg/controllers/observability/tempo_components.go
+++ b/pkg/controllers/observability/tempo_components.go
@@ -22,13 +22,10 @@ const (
func tempoStack(instance *obsv1alpha1.ObservabilityInstaller) *tempov1alpha1.TempoStack {
var storageType tempov1alpha1.ObjectStorageSecretType
- if instance.Spec.Capabilities != nil {
- storageType = toTempoStorageType(instance.Spec.Capabilities.Tracing.Storage.ObjectStorageSpec)
- }
- var credentialMode tempov1alpha1.CredentialMode
- if instance.Spec.Capabilities != nil {
- credentialMode = toTempoCredentialMode(instance.Spec.Capabilities.Tracing.Storage.ObjectStorageSpec)
+ if oss := instance.Spec.GetCapabilities().GetTracing().GetStorage().GetObjectStorageSpec(); oss != nil {
+ storageType = toTempoStorageType(oss)
}
+ credentialMode := toTempoCredentialMode(instance.Spec.GetCapabilities().GetTracing().GetStorage().GetObjectStorageSpec())
tempo := &tempov1alpha1.TempoStack{
TypeMeta: metav1.TypeMeta{
Kind: "TempoStack",
@@ -63,10 +60,9 @@ func tempoStack(instance *obsv1alpha1.ObservabilityInstaller) *tempov1alpha1.Tem
},
}
- if instance.Spec.Capabilities != nil {
- storageSpec := instance.Spec.Capabilities.Tracing.Storage.ObjectStorageSpec
- tls := storageSpec.TLS
- enableTLS := tls != nil || s3hasHTTPSEndpoint(storageSpec)
+ if storageSpec := instance.Spec.GetCapabilities().GetTracing().GetStorage().GetObjectStorageSpec(); storageSpec != nil {
+ tls := storageSpec.GetTLS()
+ enableTLS := tls != nil || s3hasHTTPSEndpoint(*storageSpec)
if enableTLS {
tempo.Spec.Storage.TLS = tempov1alpha1.TLSSpec{
@@ -130,8 +126,7 @@ func tempoStackSecrets(ctx context.Context, k8sClient client.Client, k8sReader c
var objectStorageCAConfMap *corev1.ConfigMap
var objectStorageTLSSecret *corev1.Secret
- if instance.Spec.Capabilities != nil && instance.Spec.Capabilities.Tracing.Storage.ObjectStorageSpec.TLS != nil {
- tlsSpec := instance.Spec.Capabilities.Tracing.Storage.ObjectStorageSpec.TLS
+ if tlsSpec := instance.Spec.GetCapabilities().GetTracing().GetStorage().GetObjectStorageSpec().GetTLS(); tlsSpec != nil {
if tlsSpec.CAConfigMap != nil {
caConfigMap := &corev1.ConfigMap{}
err := k8sReader.Get(ctx, client.ObjectKey{
@@ -139,7 +134,7 @@ func tempoStackSecrets(ctx context.Context, k8sClient client.Client, k8sReader c
Name: tlsSpec.CAConfigMap.Name,
}, caConfigMap)
if err != nil {
- return nil, fmt.Errorf("failed to get object storage CA configmap %s: %w", instance.Spec.Capabilities.Tracing.Storage.ObjectStorageSpec.TLS.CAConfigMap.Name, err)
+ return nil, fmt.Errorf("failed to get object storage CA configmap %s: %w", tlsSpec.CAConfigMap.Name, err)
}
objectStorageCAConfMap = &corev1.ConfigMap{
@@ -207,8 +202,7 @@ func tempoStackSecrets(ctx context.Context, k8sClient client.Client, k8sReader c
Namespace: instance.Namespace,
},
}
- if instance.Spec.Capabilities != nil {
- objectStorageSpec := instance.Spec.Capabilities.Tracing.Storage.ObjectStorageSpec
+ if objectStorageSpec := instance.Spec.GetCapabilities().GetTracing().GetStorage().GetObjectStorageSpec(); objectStorageSpec != nil {
if objectStorageSpec.S3 != nil {
accessKeySecret := &corev1.Secret{}
err := k8sClient.Get(ctx, client.ObjectKey{
@@ -279,22 +273,22 @@ func tempoStackSecrets(ctx context.Context, k8sClient client.Client, k8sReader c
"bucketname": []byte(objectStorageSpec.GCS.Bucket),
"key.json": keyJSONSecret.Data[objectStorageSpec.GCS.KeyJSONSecret.Key],
}
- } else if objectStorageSpec.GCSSTSSpec != nil {
+ } else if objectStorageSpec.GCSWIF != nil {
keyJSONSecret := &corev1.Secret{}
err := k8sClient.Get(ctx, client.ObjectKey{
Namespace: instance.Namespace,
- Name: objectStorageSpec.GCSSTSSpec.KeyJSONSecret.Name,
+ Name: objectStorageSpec.GCSWIF.KeyJSONSecret.Name,
}, keyJSONSecret)
if err != nil {
- return nil, fmt.Errorf("failed to get GCSSTS keyJSON secret %s: %w", objectStorageSpec.GCSSTSSpec.KeyJSONSecret.Name, err)
+ return nil, fmt.Errorf("failed to get GCSWIF keyJSON secret %s: %w", objectStorageSpec.GCSWIF.KeyJSONSecret.Name, err)
}
tempoSecret.Data = map[string][]byte{
- "bucketname": []byte(objectStorageSpec.GCSSTSSpec.Bucket),
- "key.json": keyJSONSecret.Data[objectStorageSpec.GCSSTSSpec.KeyJSONSecret.Key],
+ "bucketname": []byte(objectStorageSpec.GCSWIF.Bucket),
+ "key.json": keyJSONSecret.Data[objectStorageSpec.GCSWIF.KeyJSONSecret.Key],
}
- if objectStorageSpec.GCSSTSSpec.Audience != "" {
- tempoSecret.Data["audience"] = []byte(objectStorageSpec.GCSSTSSpec.Audience)
+ if objectStorageSpec.GCSWIF.Audience != "" {
+ tempoSecret.Data["audience"] = []byte(objectStorageSpec.GCSWIF.Audience)
}
}
}
@@ -321,21 +315,27 @@ func uiPlugin() *uiv1alpha1.UIPlugin {
}
}
-func toTempoStorageType(objStorage obsv1alpha1.TracingObjectStorageSpec) tempov1alpha1.ObjectStorageSecretType {
+func toTempoStorageType(objStorage *obsv1alpha1.TracingObjectStorageSpec) tempov1alpha1.ObjectStorageSecretType {
+ if objStorage == nil {
+ return ""
+ }
if objStorage.S3 != nil || objStorage.S3STS != nil || objStorage.S3CCO != nil {
return tempov1alpha1.ObjectStorageSecretS3
} else if objStorage.Azure != nil || objStorage.AzureWIF != nil {
return tempov1alpha1.ObjectStorageSecretAzure
- } else if objStorage.GCS != nil || objStorage.GCSSTSSpec != nil {
+ } else if objStorage.GCS != nil || objStorage.GCSWIF != nil {
return tempov1alpha1.ObjectStorageSecretGCS
}
return ""
}
-func toTempoCredentialMode(objStorage obsv1alpha1.TracingObjectStorageSpec) tempov1alpha1.CredentialMode {
+func toTempoCredentialMode(objStorage *obsv1alpha1.TracingObjectStorageSpec) tempov1alpha1.CredentialMode {
+ if objStorage == nil {
+ return ""
+ }
if objStorage.S3 != nil || objStorage.Azure != nil || objStorage.GCS != nil {
return tempov1alpha1.CredentialModeStatic
- } else if objStorage.S3STS != nil || objStorage.AzureWIF != nil || objStorage.GCSSTSSpec != nil {
+ } else if objStorage.S3STS != nil || objStorage.AzureWIF != nil || objStorage.GCSWIF != nil {
return tempov1alpha1.CredentialModeToken
} else if objStorage.S3CCO != nil {
return tempov1alpha1.CredentialModeTokenCCO
diff --git a/pkg/controllers/uiplugin/compatibility_matrix.go b/pkg/controllers/uiplugin/compatibility_matrix.go
index 794e805bd..c55f1e38d 100644
--- a/pkg/controllers/uiplugin/compatibility_matrix.go
+++ b/pkg/controllers/uiplugin/compatibility_matrix.go
@@ -29,9 +29,6 @@ type CompatibilityEntry struct {
ImageKey string
SupportLevel SupportLevel
Features []string
- // SupportsTLSProfile indicates whether this plugin image supports
- // -tls-min-version and -tls-cipher-suites command flags.
- SupportsTLSProfile bool
}
type ListFunction func(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error
@@ -48,6 +45,14 @@ var compatibilityMatrix = []CompatibilityEntry{
{
PluginType: uiv1alpha1.TypeTroubleshootingPanel,
MinClusterVersion: "v4.19",
+ MaxClusterVersion: "v4.22",
+ ImageKey: "ui-troubleshooting-panel-pf6",
+ SupportLevel: GeneralAvailability,
+ Features: []string{},
+ },
+ {
+ PluginType: uiv1alpha1.TypeTroubleshootingPanel,
+ MinClusterVersion: "v4.22",
MaxClusterVersion: "",
ImageKey: "ui-troubleshooting-panel",
SupportLevel: GeneralAvailability,
@@ -72,6 +77,14 @@ var compatibilityMatrix = []CompatibilityEntry{
{
PluginType: uiv1alpha1.TypeDistributedTracing,
MinClusterVersion: "v4.19",
+ MaxClusterVersion: "v4.22",
+ ImageKey: "ui-distributed-tracing-pf6",
+ SupportLevel: GeneralAvailability,
+ Features: []string{},
+ },
+ {
+ PluginType: uiv1alpha1.TypeDistributedTracing,
+ MinClusterVersion: "v4.22",
MaxClusterVersion: "",
ImageKey: "ui-distributed-tracing",
SupportLevel: GeneralAvailability,
@@ -155,13 +168,22 @@ var compatibilityMatrix = []CompatibilityEntry{
{
PluginType: uiv1alpha1.TypeMonitoring,
MinClusterVersion: "v4.19",
+ MaxClusterVersion: "v4.22",
+ ImageKey: "ui-monitoring-pf6",
+ SupportLevel: GeneralAvailability,
+ // feature flags for montioring are dynamically injected
+ // based on the cluster version and and UIPlugin CR configurations
+ Features: []string{},
+ },
+ {
+ PluginType: uiv1alpha1.TypeMonitoring,
+ MinClusterVersion: "v4.22",
MaxClusterVersion: "",
ImageKey: "ui-monitoring",
SupportLevel: GeneralAvailability,
// feature flags for montioring are dynamically injected
// based on the cluster version and and UIPlugin CR configurations
- Features: []string{},
- SupportsTLSProfile: true,
+ Features: []string{},
},
}
diff --git a/pkg/controllers/uiplugin/compatibility_matrix_test.go b/pkg/controllers/uiplugin/compatibility_matrix_test.go
index 79e20a913..89337fb0d 100644
--- a/pkg/controllers/uiplugin/compatibility_matrix_test.go
+++ b/pkg/controllers/uiplugin/compatibility_matrix_test.go
@@ -253,7 +253,7 @@ func TestLookupImageAndFeatures(t *testing.T) {
{
pluginType: uiv1alpha1.TypeTroubleshootingPanel,
clusterVersion: "4.19",
- expectedKey: "ui-troubleshooting-panel",
+ expectedKey: "ui-troubleshooting-panel-pf6",
expectedErr: nil,
supportLevel: GeneralAvailability,
},
@@ -316,7 +316,7 @@ func TestLookupImageAndFeatures(t *testing.T) {
{
pluginType: uiv1alpha1.TypeDistributedTracing,
clusterVersion: "4.19",
- expectedKey: "ui-distributed-tracing",
+ expectedKey: "ui-distributed-tracing-pf6",
expectedErr: nil,
supportLevel: GeneralAvailability,
},
@@ -344,7 +344,7 @@ func TestLookupImageAndFeatures(t *testing.T) {
{
pluginType: uiv1alpha1.TypeTroubleshootingPanel,
clusterVersion: "v4.19.0-0.nightly-2024-06-06-064349",
- expectedKey: "ui-troubleshooting-panel",
+ expectedKey: "ui-troubleshooting-panel-pf6",
expectedErr: nil,
supportLevel: GeneralAvailability,
},
@@ -374,7 +374,7 @@ func TestLookupImageAndFeatures(t *testing.T) {
{
pluginType: uiv1alpha1.TypeMonitoring,
clusterVersion: "v4.19",
- expectedKey: "ui-monitoring",
+ expectedKey: "ui-monitoring-pf6",
expectedFeatures: []string{},
expectedErr: nil,
supportLevel: GeneralAvailability,
@@ -382,6 +382,14 @@ func TestLookupImageAndFeatures(t *testing.T) {
{
pluginType: uiv1alpha1.TypeMonitoring,
clusterVersion: "v4.19.0-0.nightly-2024-06-06-064349",
+ expectedKey: "ui-monitoring-pf6",
+ expectedFeatures: []string{},
+ expectedErr: nil,
+ supportLevel: GeneralAvailability,
+ },
+ {
+ pluginType: uiv1alpha1.TypeMonitoring,
+ clusterVersion: "4.24.0-0.nightly-2024-03-11-200348",
expectedKey: "ui-monitoring",
expectedFeatures: []string{},
expectedErr: nil,
diff --git a/pkg/controllers/uiplugin/components.go b/pkg/controllers/uiplugin/components.go
index fe8608e26..d964d3690 100644
--- a/pkg/controllers/uiplugin/components.go
+++ b/pkg/controllers/uiplugin/components.go
@@ -12,7 +12,7 @@ import (
"github.com/go-logr/logr"
osv1 "github.com/openshift/api/console/v1"
- osv1alpha1 "github.com/openshift/api/console/v1alpha1"
+ osv1alpha1 "github.com/rhobs/openshift-api/console/v1alpha1"
"golang.org/x/mod/semver"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
@@ -265,8 +265,9 @@ func newConsolePlugin(info UIPluginInfo, namespace string) *osv1.ConsolePlugin {
BasePath: "/",
},
},
- Proxy: info.Proxies,
- I18n: osv1.ConsolePluginI18n{LoadType: osv1.Preload},
+ Proxy: info.Proxies,
+ I18n: osv1.ConsolePluginI18n{LoadType: osv1.Preload},
+ ContentSecurityPolicy: []osv1.ConsolePluginCSP{},
},
}
}
diff --git a/pkg/controllers/uiplugin/components_test.go b/pkg/controllers/uiplugin/components_test.go
index 9bdc64f9d..0d40ae4ab 100644
--- a/pkg/controllers/uiplugin/components_test.go
+++ b/pkg/controllers/uiplugin/components_test.go
@@ -168,66 +168,3 @@ func indexOfArg(args []string, target string) int {
}
return -1
}
-
-func TestPluginComponentReconcilersTLSProfile(t *testing.T) {
- testCases := []struct {
- name string
- tlsMinVersion string
- tlsCiphers []string
- expectTLS bool
- }{
- {
- name: "TLS profile applied when SupportsTLSProfile populates fields",
- tlsMinVersion: "VersionTLS12",
- tlsCiphers: []string{"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384"},
- expectTLS: true,
- },
- {
- name: "no TLS args when plugin does not support TLS profile",
- tlsMinVersion: "",
- tlsCiphers: nil,
- expectTLS: false,
- },
- }
-
- for _, tc := range testCases {
- t.Run(tc.name, func(t *testing.T) {
- info := UIPluginInfo{
- Name: "test-plugin",
- ConsoleName: "test-console-plugin",
- Image: "test-image:latest",
- ResourceNamespace: "test-ns",
- ExtraArgs: []string{"-config-path=/opt/app-root/config"},
- TLSMinVersion: tc.tlsMinVersion,
- TLSCiphers: tc.tlsCiphers,
- }
-
- deploy := newDeployment(info, "test-ns", nil)
- args := deploy.Spec.Template.Spec.Containers[0].Args
-
- if tc.expectTLS {
- assert.Assert(t, containsArg(args, "-tls-min-version="+tc.tlsMinVersion),
- "expected -tls-min-version arg in %v", args)
- assert.Assert(t, containsArgPrefix(args, "-tls-cipher-suites="),
- "expected -tls-cipher-suites arg in %v", args)
-
- // TLS args must come after plugin-specific extra args
- extraIdx := indexOfArg(args, "-config-path=/opt/app-root/config")
- tlsIdx := indexOfArg(args, "-tls-min-version="+tc.tlsMinVersion)
- assert.Assert(t, extraIdx < tlsIdx,
- "TLS args (idx %d) should appear after extra args (idx %d)", tlsIdx, extraIdx)
- } else {
- assert.Assert(t, !containsArgPrefix(args, "-tls-min-version="),
- "unexpected -tls-min-version arg in %v", args)
- assert.Assert(t, !containsArgPrefix(args, "-tls-cipher-suites="),
- "unexpected -tls-cipher-suites arg in %v", args)
- }
-
- // Base args must always be present regardless of TLS
- assert.Assert(t, containsArg(args, "-port=9443"))
- assert.Assert(t, containsArg(args, "-cert=/var/serving-cert/tls.crt"))
- assert.Assert(t, containsArg(args, "-key=/var/serving-cert/tls.key"))
- assert.Assert(t, containsArg(args, "-config-path=/opt/app-root/config"))
- })
- }
-}
diff --git a/pkg/controllers/uiplugin/controller.go b/pkg/controllers/uiplugin/controller.go
index 1ad1b2b55..440d329d2 100644
--- a/pkg/controllers/uiplugin/controller.go
+++ b/pkg/controllers/uiplugin/controller.go
@@ -8,8 +8,8 @@ import (
"github.com/go-logr/logr"
configv1 "github.com/openshift/api/config/v1"
osv1 "github.com/openshift/api/console/v1"
- osv1alpha1 "github.com/openshift/api/console/v1alpha1"
operatorv1 "github.com/openshift/api/operator/v1"
+ osv1alpha1 "github.com/rhobs/openshift-api/console/v1alpha1"
persesv1alpha2 "github.com/rhobs/perses-operator/api/v1alpha2"
appsv1 "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1"
@@ -109,8 +109,10 @@ const (
//+kubebuilder:rbac:groups=monitoring.coreos.com,resources=prometheuses/api,resourceNames=k8s,verbs=get;create;update
//+kubebuilder:rbac:groups=monitoring.coreos.com,resources=alertmanagers/api,resourceNames=main,verbs=get;list
-// RBAC for Health Analyzer
+// RBAC for Korrel8r and Health Analyzer
//+kubebuilder:rbac:groups=authentication.k8s.io,resources=tokenreviews,verbs=create
+
+// RBAC for Health Analyzer
//+kubebuilder:rbac:groups=authorization.k8s.io,resources=subjectaccessreviews,verbs=create
//+kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors,verbs=get;create;update;patch;delete
//+kubebuilder:rbac:groups=config.openshift.io,resources=clusteroperators,verbs=get;list
@@ -224,35 +226,19 @@ func (rm resourceManager) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
if !plugin.ObjectMeta.DeletionTimestamp.IsZero() {
logger.V(6).Info("deregistering plugin from the console")
if err := rm.deregisterPluginFromConsole(ctx, pluginTypeToConsoleName[plugin.Spec.Type]); err != nil {
- return ctrl.Result{}, err
+ logger.V(3).Info("best-effort console deregistration failed during deletion", "error", err)
}
- // Remove finalizer if present
- if controllerutil.ContainsFinalizer(plugin, finalizerName) {
- patch := client.MergeFrom(plugin.DeepCopy())
- controllerutil.RemoveFinalizer(plugin, finalizerName)
- if err := rm.k8sClient.Patch(ctx, plugin, patch); err != nil {
- if apierrors.IsNotFound(err) {
- return ctrl.Result{}, nil
- }
- return ctrl.Result{}, err
- }
+ if err := rm.removeLegacyFinalizer(ctx, plugin); err != nil {
+ return ctrl.Result{}, err
}
logger.V(6).Info("skipping reconcile since object is already scheduled for deletion")
return ctrl.Result{}, nil
}
- // Add finalizer if not present
- if !controllerutil.ContainsFinalizer(plugin, finalizerName) {
- patch := client.MergeFrom(plugin.DeepCopy())
- controllerutil.AddFinalizer(plugin, finalizerName)
- if err := rm.k8sClient.Patch(ctx, plugin, patch); err != nil {
- if apierrors.IsNotFound(err) {
- return ctrl.Result{}, nil
- }
- return ctrl.Result{}, err
- }
+ if err := rm.removeLegacyFinalizer(ctx, plugin); err != nil {
+ return ctrl.Result{}, err
}
compatibilityInfo, err := lookupImageAndFeatures(plugin.Spec.Type, rm.clusterVersion)
@@ -424,6 +410,21 @@ func (rm resourceManager) deregisterPluginFromConsole(ctx context.Context, plugi
return nil
}
+func (rm resourceManager) removeLegacyFinalizer(ctx context.Context, plugin *uiv1alpha1.UIPlugin) error {
+ if !controllerutil.ContainsFinalizer(plugin, finalizerName) {
+ return nil
+ }
+ patch := client.MergeFrom(plugin.DeepCopy())
+ controllerutil.RemoveFinalizer(plugin, finalizerName)
+ if err := rm.k8sClient.Patch(ctx, plugin, patch); err != nil {
+ if apierrors.IsNotFound(err) {
+ return nil
+ }
+ return err
+ }
+ return nil
+}
+
func (rm resourceManager) getUIPlugin(ctx context.Context, req ctrl.Request) (*uiv1alpha1.UIPlugin, error) {
logger := rm.logger.WithValues("plugin", req.NamespacedName)
diff --git a/pkg/controllers/uiplugin/dashboards.go b/pkg/controllers/uiplugin/dashboards.go
index 8bc4ab4de..1638270b4 100644
--- a/pkg/controllers/uiplugin/dashboards.go
+++ b/pkg/controllers/uiplugin/dashboards.go
@@ -2,7 +2,7 @@ package uiplugin
import (
osv1 "github.com/openshift/api/console/v1"
- osv1alpha1 "github.com/openshift/api/console/v1alpha1"
+ osv1alpha1 "github.com/rhobs/openshift-api/console/v1alpha1"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/pkg/controllers/uiplugin/distributed_tracing.go b/pkg/controllers/uiplugin/distributed_tracing.go
index 9b87daf13..9b4a4ad70 100644
--- a/pkg/controllers/uiplugin/distributed_tracing.go
+++ b/pkg/controllers/uiplugin/distributed_tracing.go
@@ -6,7 +6,7 @@ import (
"strings"
osv1 "github.com/openshift/api/console/v1"
- osv1alpha1 "github.com/openshift/api/console/v1alpha1"
+ osv1alpha1 "github.com/rhobs/openshift-api/console/v1alpha1"
"gopkg.in/yaml.v3"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
diff --git a/pkg/controllers/uiplugin/logging.go b/pkg/controllers/uiplugin/logging.go
index 8b4e91a07..653a16ff8 100644
--- a/pkg/controllers/uiplugin/logging.go
+++ b/pkg/controllers/uiplugin/logging.go
@@ -10,7 +10,7 @@ import (
"github.com/go-logr/logr"
osv1 "github.com/openshift/api/console/v1"
- osv1alpha1 "github.com/openshift/api/console/v1alpha1"
+ osv1alpha1 "github.com/rhobs/openshift-api/console/v1alpha1"
"gopkg.in/yaml.v3"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
diff --git a/pkg/controllers/uiplugin/monitoring.go b/pkg/controllers/uiplugin/monitoring.go
index d8cf7cc21..a477b422f 100644
--- a/pkg/controllers/uiplugin/monitoring.go
+++ b/pkg/controllers/uiplugin/monitoring.go
@@ -5,7 +5,7 @@ import (
"strings"
osv1 "github.com/openshift/api/console/v1"
- osv1alpha1 "github.com/openshift/api/console/v1alpha1"
+ osv1alpha1 "github.com/rhobs/openshift-api/console/v1alpha1"
persesv1alpha2 "github.com/rhobs/perses-operator/api/v1alpha2"
persesconfig "github.com/rhobs/perses/pkg/model/api/config"
"golang.org/x/mod/semver"
diff --git a/pkg/controllers/uiplugin/plugin_info_builder.go b/pkg/controllers/uiplugin/plugin_info_builder.go
index 867d7d4fc..fcfcae877 100644
--- a/pkg/controllers/uiplugin/plugin_info_builder.go
+++ b/pkg/controllers/uiplugin/plugin_info_builder.go
@@ -6,8 +6,8 @@ import (
"github.com/go-logr/logr"
osv1 "github.com/openshift/api/console/v1"
- osv1alpha1 "github.com/openshift/api/console/v1alpha1"
libgocrypto "github.com/openshift/library-go/pkg/crypto"
+ osv1alpha1 "github.com/rhobs/openshift-api/console/v1alpha1"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/client-go/dynamic"
@@ -48,6 +48,10 @@ var pluginTypeToConsoleName = map[uiv1alpha1.UIPluginType]string{
uiv1alpha1.TypeMonitoring: "monitoring-console-plugin",
}
+func ConsoleNameForType(pluginType uiv1alpha1.UIPluginType) string {
+ return pluginTypeToConsoleName[pluginType]
+}
+
func PluginInfoBuilder(ctx context.Context, k client.Client, dk dynamic.Interface, plugin *uiv1alpha1.UIPlugin, pluginConf UIPluginsConfiguration, compatibilityInfo CompatibilityEntry, clusterVersion string, logger logr.Logger) (*UIPluginInfo, error) {
image := pluginConf.Images[compatibilityInfo.ImageKey]
if image == "" {
@@ -110,15 +114,8 @@ func PluginInfoBuilder(ctx context.Context, k client.Client, dk dynamic.Interfac
return nil, fmt.Errorf("plugin type not supported: %s", plugin.Spec.Type)
}
- if compatibilityInfo.SupportsTLSProfile {
- pluginInfo.TLSMinVersion = string(pluginConf.TLSProfile.MinTLSVersion)
- pluginInfo.TLSCiphers = libgocrypto.OpenSSLToIANACipherSuites(pluginConf.TLSProfile.Ciphers)
- } else {
- logger.Info("TLS profile not applied: plugin image does not support TLS profile flags",
- "plugin", plugin.Name,
- "pluginType", plugin.Spec.Type,
- "imageKey", compatibilityInfo.ImageKey)
- }
+ pluginInfo.TLSMinVersion = string(pluginConf.TLSProfile.MinTLSVersion)
+ pluginInfo.TLSCiphers = libgocrypto.OpenSSLToIANACipherSuites(pluginConf.TLSProfile.Ciphers)
return pluginInfo, err
}
diff --git a/pkg/controllers/uiplugin/troubleshooting_panel.go b/pkg/controllers/uiplugin/troubleshooting_panel.go
index 41d81bf25..ec6e712ab 100644
--- a/pkg/controllers/uiplugin/troubleshooting_panel.go
+++ b/pkg/controllers/uiplugin/troubleshooting_panel.go
@@ -7,7 +7,7 @@ import (
"strings"
osv1 "github.com/openshift/api/console/v1"
- osv1alpha1 "github.com/openshift/api/console/v1alpha1"
+ osv1alpha1 "github.com/rhobs/openshift-api/console/v1alpha1"
"gopkg.in/yaml.v3"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
@@ -239,6 +239,11 @@ func korrel8rClusterRole(name string) *rbacv1.ClusterRole {
Resources: []string{"application", "audit", "infrastructure", "network"},
Verbs: []string{"get"},
},
+ {
+ APIGroups: []string{"authentication.k8s.io"},
+ Resources: []string{"tokenreviews"},
+ Verbs: []string{"create"},
+ },
},
}
}
diff --git a/pkg/controllers/uiplugin/troubleshooting_panel_test.go b/pkg/controllers/uiplugin/troubleshooting_panel_test.go
new file mode 100644
index 000000000..c935de33b
--- /dev/null
+++ b/pkg/controllers/uiplugin/troubleshooting_panel_test.go
@@ -0,0 +1,71 @@
+package uiplugin
+
+import (
+ "testing"
+
+ "gotest.tools/v3/assert"
+ rbacv1 "k8s.io/api/rbac/v1"
+)
+
+func findPolicyRule(rules []rbacv1.PolicyRule, apiGroup, resource string) *rbacv1.PolicyRule {
+ for i := range rules {
+ for _, g := range rules[i].APIGroups {
+ if g != apiGroup {
+ continue
+ }
+ for _, r := range rules[i].Resources {
+ if r == resource {
+ return &rules[i]
+ }
+ }
+ }
+ }
+ return nil
+}
+
+func TestKorrel8rClusterRole(t *testing.T) {
+ cr := korrel8rClusterRole("korrel8r")
+
+ assert.Equal(t, cr.Name, "korrel8r-view")
+ assert.Equal(t, cr.Kind, "ClusterRole")
+
+ tests := []struct {
+ name string
+ apiGroup string
+ resource string
+ verbs []string
+ }{
+ {
+ name: "core resources",
+ apiGroup: "",
+ resource: "pods",
+ verbs: []string{"get", "list", "watch"},
+ },
+ {
+ name: "apps resources",
+ apiGroup: "apps",
+ resource: "deployments",
+ verbs: []string{"get", "list", "watch"},
+ },
+ {
+ name: "loki resources",
+ apiGroup: "loki.grafana.com",
+ resource: "application",
+ verbs: []string{"get"},
+ },
+ {
+ name: "tokenreviews for session authentication",
+ apiGroup: "authentication.k8s.io",
+ resource: "tokenreviews",
+ verbs: []string{"create"},
+ },
+ }
+
+ for _, tc := range tests {
+ t.Run(tc.name, func(t *testing.T) {
+ rule := findPolicyRule(cr.Rules, tc.apiGroup, tc.resource)
+ assert.Assert(t, rule != nil, "expected rule for %s/%s", tc.apiGroup, tc.resource)
+ assert.DeepEqual(t, rule.Verbs, tc.verbs)
+ })
+ }
+}
diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go
index b82a482fd..628fb4aee 100644
--- a/pkg/operator/operator.go
+++ b/pkg/operator/operator.go
@@ -6,9 +6,11 @@ import (
"fmt"
"os"
"path/filepath"
+ "slices"
"time"
configv1 "github.com/openshift/api/config/v1"
+ operatorv1 "github.com/openshift/api/operator/v1"
openshifttls "github.com/openshift/controller-runtime-common/pkg/tls"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -16,6 +18,7 @@ import (
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/apiserver/pkg/server/dynamiccertificates"
"k8s.io/client-go/kubernetes"
+ "k8s.io/client-go/rest"
"k8s.io/client-go/tools/record"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/cache"
@@ -45,6 +48,7 @@ const (
// OpenShift installations).
type Operator struct {
manager manager.Manager
+ restConfig *rest.Config
servingCertController *dynamiccertificates.DynamicServingCertificateController
clientCAController *dynamiccertificates.ConfigMapCAController
}
@@ -382,11 +386,20 @@ func New(ctx context.Context, cfg *OperatorConfiguration) (*Operator, error) {
return nil, fmt.Errorf("unable to add health probe: %w", err)
}
- return &Operator{
+ op := &Operator{
manager: mgr,
+ restConfig: restConfig,
servingCertController: servingCertController,
clientCAController: clientCAController,
- }, nil
+ }
+
+ if cfg.FeatureGates.OpenShift.Enabled {
+ if err := mgr.Add(op.newShutdownCleanupRunnable()); err != nil {
+ return nil, fmt.Errorf("unable to add shutdown cleanup runnable: %w", err)
+ }
+ }
+
+ return op, nil
}
func (o *Operator) Start(ctx context.Context) error {
@@ -405,6 +418,75 @@ func (o *Operator) Start(ctx context.Context) error {
return nil
}
+func (o *Operator) newShutdownCleanupRunnable() manager.Runnable {
+ return manager.RunnableFunc(func(ctx context.Context) error {
+ // Block until the manager's context is cancelled (shutdown signal).
+ <-ctx.Done()
+ o.cleanupUIPluginsFromConsole()
+ return nil
+ })
+}
+
+func (o *Operator) cleanupUIPluginsFromConsole() {
+ logger := ctrl.Log.WithName("shutdown-cleanup")
+ logger.Info("attempting best-effort UIPlugin console deregistration")
+
+ cleanupCtx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+ defer cancel()
+
+ directClient, err := client.New(o.restConfig, client.Options{
+ Scheme: o.manager.GetScheme(),
+ })
+ if err != nil {
+ logger.Error(err, "failed to create client for shutdown cleanup")
+ return
+ }
+
+ pluginList := &uiv1alpha1.UIPluginList{}
+ if err := directClient.List(cleanupCtx, pluginList); err != nil {
+ logger.Error(err, "failed to list UIPlugins during shutdown cleanup")
+ return
+ }
+
+ if len(pluginList.Items) == 0 {
+ return
+ }
+
+ toRemove := make(map[string]struct{}, len(pluginList.Items))
+ for _, plugin := range pluginList.Items {
+ if name := uictrl.ConsoleNameForType(plugin.Spec.Type); name != "" {
+ toRemove[name] = struct{}{}
+ }
+ }
+
+ if len(toRemove) == 0 {
+ return
+ }
+
+ cluster := &operatorv1.Console{}
+ if err := directClient.Get(cleanupCtx, client.ObjectKey{Name: "cluster"}, cluster); err != nil {
+ logger.Error(err, "failed to get Console CR during shutdown cleanup")
+ return
+ }
+
+ original := cluster.DeepCopy()
+ cluster.Spec.Plugins = slices.DeleteFunc(cluster.Spec.Plugins, func(name string) bool {
+ _, ok := toRemove[name]
+ return ok
+ })
+
+ if slices.Equal(cluster.Spec.Plugins, original.Spec.Plugins) {
+ return
+ }
+
+ patch := client.MergeFrom(original)
+ if err := directClient.Patch(cleanupCtx, cluster, patch); err != nil {
+ logger.Error(err, "failed to patch Console CR during shutdown cleanup")
+ return
+ }
+ logger.Info("successfully cleaned up Console CR during shutdown")
+}
+
func (o *Operator) GetClient() client.Client {
return o.manager.GetClient()
}
diff --git a/pkg/operator/scheme.go b/pkg/operator/scheme.go
index 59a6f4709..c581314f9 100644
--- a/pkg/operator/scheme.go
+++ b/pkg/operator/scheme.go
@@ -5,11 +5,11 @@ import (
otelv1beta1 "github.com/open-telemetry/opentelemetry-operator/apis/v1beta1"
configv1 "github.com/openshift/api/config/v1"
osv1 "github.com/openshift/api/console/v1"
- osv1alpha1 "github.com/openshift/api/console/v1alpha1"
operatorv1 "github.com/openshift/api/operator/v1"
olmv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
monv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
monitoringv1 "github.com/rhobs/obo-prometheus-operator/pkg/apis/monitoring/v1"
+ osv1alpha1 "github.com/rhobs/openshift-api/console/v1alpha1"
persesv1alpha2 "github.com/rhobs/perses-operator/api/v1alpha2"
corev1 "k8s.io/api/core/v1"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
diff --git a/test/e2e/observability_installer_test.go b/test/e2e/observability_installer_test.go
index 66c21b5bb..c679c4d01 100644
--- a/test/e2e/observability_installer_test.go
+++ b/test/e2e/observability_installer_test.go
@@ -98,12 +98,12 @@ func testObservabilityInstallerTracing(t *testing.T) {
},
Spec: obsv1alpha1.ObservabilityInstallerSpec{
Capabilities: &obsv1alpha1.CapabilitiesSpec{
- Tracing: obsv1alpha1.TracingSpec{
+ Tracing: &obsv1alpha1.TracingSpec{
CommonCapabilitiesSpec: obsv1alpha1.CommonCapabilitiesSpec{
Enabled: true,
},
- Storage: obsv1alpha1.TracingStorageSpec{
- ObjectStorageSpec: obsv1alpha1.TracingObjectStorageSpec{
+ Storage: &obsv1alpha1.TracingStorageSpec{
+ ObjectStorageSpec: &obsv1alpha1.TracingObjectStorageSpec{
S3: &obsv1alpha1.S3Spec{
Bucket: "tempo",
Endpoint: "http://minio.minio.svc:9000",