diff --git a/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index bd27fd8dad3..66c995b6000 100644 --- a/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -2223,6 +2223,420 @@ tests: request: "100m" limit: "0" expectedError: 'spec.nodeExporterConfig.resources[0].limit: Invalid value: "": limit must be a positive, non-zero quantity' + - name: Should be able to create KubeStateMetricsConfig with valid resources + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + resources: + - name: "cpu" + request: "50m" + limit: "200m" + - name: "memory" + request: "50Mi" + limit: "200Mi" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + resources: + - name: "cpu" + request: "50m" + limit: "200m" + - name: "memory" + request: "50Mi" + limit: "200Mi" + - name: Should be able to create KubeStateMetricsConfig with valid topologySpreadConstraints + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: kube-state-metrics + - maxSkew: 2 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: kube-state-metrics + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: kube-state-metrics + - maxSkew: 2 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: kube-state-metrics + - name: Should be able to create KubeStateMetricsConfig with all fields + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + nodeSelector: + kubernetes.io/os: linux + resources: + - name: "cpu" + request: "50m" + limit: "200m" + tolerations: + - key: "node-role.kubernetes.io/infra" + operator: "Exists" + effect: "NoSchedule" + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: kube-state-metrics + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + nodeSelector: + kubernetes.io/os: linux + resources: + - name: "cpu" + request: "50m" + limit: "200m" + tolerations: + - key: "node-role.kubernetes.io/infra" + operator: "Exists" + effect: "NoSchedule" + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: kube-state-metrics + - name: Should reject KubeStateMetricsConfig with empty object + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: {} + expectedError: 'spec.kubeStateMetricsConfig: Invalid value: 0: spec.kubeStateMetricsConfig in body should have at least 1 properties' + - name: Should reject KubeStateMetricsConfig with too many resources + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + resources: + - name: "cpu" + request: "100m" + - name: "memory" + request: "64Mi" + - name: "hugepages-2Mi" + request: "32Mi" + - name: "hugepages-1Gi" + request: "1Gi" + - name: "ephemeral-storage" + request: "1Gi" + - name: "nvidia.com/gpu" + request: "1" + expectedError: 'spec.kubeStateMetricsConfig.resources: Too many: 6: must have at most 5 items' + - name: Should reject KubeStateMetricsConfig with limit less than request + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + resources: + - name: "cpu" + request: "500m" + limit: "200m" + expectedError: 'spec.kubeStateMetricsConfig.resources[0]: Invalid value: "object": limit must be greater than or equal to request' + - name: Should reject KubeStateMetricsConfig with zero request + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + resources: + - name: "cpu" + request: "0" + expectedError: 'spec.kubeStateMetricsConfig.resources[0].request: Invalid value: "": request must be a positive, non-zero quantity' + - name: Should reject KubeStateMetricsConfig with zero limit + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + resources: + - name: "cpu" + request: "100m" + limit: "0" + expectedError: 'spec.kubeStateMetricsConfig.resources[0].limit: Invalid value: "": limit must be a positive, non-zero quantity' + - name: Should reject KubeStateMetricsConfig with too many topologySpreadConstraints + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "zone1" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone2" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone3" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone4" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone5" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone6" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone7" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone8" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone9" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone10" + whenUnsatisfiable: DoNotSchedule + - maxSkew: 1 + topologyKey: "zone11" + whenUnsatisfiable: DoNotSchedule + expectedError: 'spec.kubeStateMetricsConfig.topologySpreadConstraints: Too many: 11: must have at most 10 items' + - name: Should reject KubeStateMetricsConfig with empty resources array + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + resources: [] + expectedError: 'spec.kubeStateMetricsConfig.resources: Invalid value: 0: spec.kubeStateMetricsConfig.resources in body should have at least 1 items' + - name: Should reject KubeStateMetricsConfig with empty topologySpreadConstraints array + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + topologySpreadConstraints: [] + expectedError: 'spec.kubeStateMetricsConfig.topologySpreadConstraints: Invalid value: 0: spec.kubeStateMetricsConfig.topologySpreadConstraints in body should have at least 1 items' + - name: Should reject KubeStateMetricsConfig with duplicate resource names + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + resources: + - name: "cpu" + request: "100m" + - name: "cpu" + request: "200m" + expectedError: 'spec.kubeStateMetricsConfig.resources[1]: Duplicate value: map[string]interface {}{"name":"cpu"}' + - name: Should reject KubeStateMetricsConfig with duplicate topologySpreadConstraints + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: DoNotSchedule + - maxSkew: 2 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: DoNotSchedule + expectedError: "Duplicate value" + - name: Should be able to create KubeStateMetricsConfig with valid additionalResourceLabels + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + additionalResourceLabels: + - resource: Jobs + labels: + - foo + - bar + - resource: CronJobs + labels: + - "*" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + additionalResourceLabels: + - resource: Jobs + labels: + - foo + - bar + - resource: CronJobs + labels: + - "*" + - name: Should be able to create KubeStateMetricsConfig with single additionalResourceLabels entry + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + additionalResourceLabels: + - resource: Jobs + labels: + - "*" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + additionalResourceLabels: + - resource: Jobs + labels: + - "*" + - name: Should reject KubeStateMetricsConfig with unsupported resource in additionalResourceLabels + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + additionalResourceLabels: + - resource: pods + labels: + - foo + expectedError: 'spec.kubeStateMetricsConfig.additionalResourceLabels[0].resource: Unsupported value: "pods"' + - name: Should reject KubeStateMetricsConfig with empty labels in additionalResourceLabels + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + additionalResourceLabels: + - resource: Jobs + labels: [] + expectedError: "spec.kubeStateMetricsConfig.additionalResourceLabels[0].labels: Invalid value" + - name: Should reject KubeStateMetricsConfig with duplicate resource in additionalResourceLabels + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + additionalResourceLabels: + - resource: Jobs + labels: + - foo + - resource: Jobs + labels: + - bar + expectedError: "Duplicate value" + - name: Should reject KubeStateMetricsConfig with empty additionalResourceLabels + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + additionalResourceLabels: [] + expectedError: "spec.kubeStateMetricsConfig.additionalResourceLabels: Invalid value" + - name: Should reject KubeStateMetricsConfig with empty nodeSelector + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + nodeSelector: {} + expectedError: 'spec.kubeStateMetricsConfig.nodeSelector: Invalid value: 0: spec.kubeStateMetricsConfig.nodeSelector in body should have at least 1 properties' + - name: Should reject KubeStateMetricsConfig with more than 10 nodeSelector entries + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + nodeSelector: + key1: val1 + key2: val2 + key3: val3 + key4: val4 + key5: val5 + key6: val6 + key7: val7 + key8: val8 + key9: val9 + key10: val10 + key11: val11 + expectedError: 'spec.kubeStateMetricsConfig.nodeSelector: Too many: 11: must have at most 10 items' + - name: Should reject KubeStateMetricsConfig with empty tolerations array + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + tolerations: [] + expectedError: 'spec.kubeStateMetricsConfig.tolerations: Invalid value: 0: spec.kubeStateMetricsConfig.tolerations in body should have at least 1 items' + - name: Should reject KubeStateMetricsConfig with more than 10 tolerations + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: ClusterMonitoring + spec: + kubeStateMetricsConfig: + tolerations: + - key: "key1" + operator: "Exists" + effect: "NoSchedule" + - key: "key2" + operator: "Exists" + effect: "NoSchedule" + - key: "key3" + operator: "Exists" + effect: "NoSchedule" + - key: "key4" + operator: "Exists" + effect: "NoSchedule" + - key: "key5" + operator: "Exists" + effect: "NoSchedule" + - key: "key6" + operator: "Exists" + effect: "NoSchedule" + - key: "key7" + operator: "Exists" + effect: "NoSchedule" + - key: "key8" + operator: "Exists" + effect: "NoSchedule" + - key: "key9" + operator: "Exists" + effect: "NoSchedule" + - key: "key10" + operator: "Exists" + effect: "NoSchedule" + - key: "key11" + operator: "Exists" + effect: "NoSchedule" + expectedError: 'spec.kubeStateMetricsConfig.tolerations: Too many: 11: must have at most 10 items' onUpdate: - name: Should reject updating TelemeterClientConfig to empty object initial: | diff --git a/config/v1alpha1/types_cluster_monitoring.go b/config/v1alpha1/types_cluster_monitoring.go index 4dbfb126812..99080ede656 100644 --- a/config/v1alpha1/types_cluster_monitoring.go +++ b/config/v1alpha1/types_cluster_monitoring.go @@ -158,6 +158,12 @@ type ClusterMonitoringSpec struct { // When set, at least one field must be specified within monitoringPluginConfig. // +optional MonitoringPluginConfig MonitoringPluginConfig `json:"monitoringPluginConfig,omitempty,omitzero"` + // kubeStateMetricsConfig is an optional field that can be used to configure the kube-state-metrics + // agent that runs in the openshift-monitoring namespace. kube-state-metrics generates metrics about + // the state of Kubernetes objects such as Deployments, Nodes, and Pods. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + KubeStateMetricsConfig KubeStateMetricsConfig `json:"kubeStateMetricsConfig,omitempty,omitzero"` } // OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent @@ -2514,3 +2520,137 @@ type Audit struct { // +required Profile AuditProfile `json:"profile,omitempty"` } + +// KubeStateMetricsConfig provides configuration options for the kube-state-metrics agent +// that runs in the `openshift-monitoring` namespace. kube-state-metrics generates metrics +// about the state of Kubernetes objects such as Deployments, Nodes, and Pods. +// +kubebuilder:validation:MinProperties=1 +type KubeStateMetricsConfig struct { + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the kube-state-metrics container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 4m + // - name: memory + // request: 40Mi + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how kube-state-metrics Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Defaults are empty/unset. + // When specified, topologySpreadConstraints must contain at least 1 entry and must not contain more than 10 entries. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // additionalResourceLabels defines additional Kubernetes resource labels to expose as metrics + // in kube-state-metrics, in addition to the default set. + // Currently, only "Jobs" and "CronJobs" resources are supported due to cardinality concerns. + // Each entry specifies a resource name and a list of Kubernetes label names to expose. + // Use "*" in the labels list to expose all labels for a given resource. + // additionalResourceLabels is optional. + // When omitted, only the default set of resource labels is exposed. + // Minimum length for this list is 1. + // Maximum length for this list is 2. + // Each resource name must be unique within this list. + // +optional + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=resource + AdditionalResourceLabels []KubeStateMetricsResourceLabels `json:"additionalResourceLabels,omitempty"` +} + +// KubeStateMetricsResourceName is the name of a Kubernetes resource whose labels can be exposed +// as metrics by kube-state-metrics. Currently, only "Jobs" and "CronJobs" are supported +// due to cardinality concerns. +// Valid values are "Jobs" and "CronJobs". +// +kubebuilder:validation:Enum=Jobs;CronJobs +type KubeStateMetricsResourceName string + +const ( + // KubeStateMetricsResourceJobs indicates the Kubernetes Jobs resource. + KubeStateMetricsResourceJobs KubeStateMetricsResourceName = "Jobs" + // KubeStateMetricsResourceCronJobs indicates the Kubernetes CronJobs resource. + KubeStateMetricsResourceCronJobs KubeStateMetricsResourceName = "CronJobs" +) + +// KubeStateMetricsLabelName is the name of a Kubernetes label to expose as a metric +// via kube-state-metrics. Use "*" to expose all labels for a resource. +// Must be either the wildcard "*" or a valid Kubernetes label key. +// A valid label key has an optional DNS subdomain prefix followed by a "/" and a name segment, +// or just a name segment without a prefix. The name segment must be 63 characters or fewer, +// beginning and ending with an alphanumeric character, with dashes, underscores, dots, and +// alphanumerics in between. +// Must be at least 1 character and at most 253 characters in length. +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:XValidation:rule="self == '*' || self.matches('^[a-zA-Z0-9][a-zA-Z0-9_./-]*[a-zA-Z0-9]$') || self.matches('^[a-zA-Z0-9]$')",message="must be a valid Kubernetes label key or the wildcard '*'" +type KubeStateMetricsLabelName string + +// KubeStateMetricsResourceLabels defines which Kubernetes labels to expose as metrics +// for a given resource type in kube-state-metrics. +type KubeStateMetricsResourceLabels struct { + // resource is the Kubernetes resource name whose labels should be exposed as metrics. + // Currently, only "Jobs" and "CronJobs" are supported due to cardinality concerns. + // Valid values are "Jobs" and "CronJobs". + // This field is required. + // +required + Resource KubeStateMetricsResourceName `json:"resource,omitempty"` + // labels is the list of Kubernetes label names to expose as metrics for this resource. + // Use "*" to expose all labels for the specified resource. + // This field is required. + // Each label name must be unique within this list. + // Minimum length for this list is 1. + // Maximum length for this list is 50. + // +required + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=50 + // +listType=set + Labels []KubeStateMetricsLabelName `json:"labels,omitempty"` +} diff --git a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml index 6c184ff5b4d..45792279974 100644 --- a/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml +++ b/config/v1alpha1/zz_generated.crd-manifests/0000_10_config-operator_01_clustermonitorings.crd.yaml @@ -896,6 +896,418 @@ spec: and forbidden otherwise rule: 'self.deploymentMode == ''CustomConfig'' ? has(self.customConfig) : !has(self.customConfig)' + kubeStateMetricsConfig: + description: |- + kubeStateMetricsConfig is an optional field that can be used to configure the kube-state-metrics + agent that runs in the openshift-monitoring namespace. kube-state-metrics generates metrics about + the state of Kubernetes objects such as Deployments, Nodes, and Pods. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + additionalResourceLabels: + description: |- + additionalResourceLabels defines additional Kubernetes resource labels to expose as metrics + in kube-state-metrics, in addition to the default set. + Currently, only "Jobs" and "CronJobs" resources are supported due to cardinality concerns. + Each entry specifies a resource name and a list of Kubernetes label names to expose. + Use "*" in the labels list to expose all labels for a given resource. + additionalResourceLabels is optional. + When omitted, only the default set of resource labels is exposed. + Minimum length for this list is 1. + Maximum length for this list is 2. + Each resource name must be unique within this list. + items: + description: |- + KubeStateMetricsResourceLabels defines which Kubernetes labels to expose as metrics + for a given resource type in kube-state-metrics. + properties: + labels: + description: |- + labels is the list of Kubernetes label names to expose as metrics for this resource. + Use "*" to expose all labels for the specified resource. + This field is required. + Each label name must be unique within this list. + Minimum length for this list is 1. + Maximum length for this list is 50. + items: + description: |- + KubeStateMetricsLabelName is the name of a Kubernetes label to expose as a metric + via kube-state-metrics. Use "*" to expose all labels for a resource. + Must be either the wildcard "*" or a valid Kubernetes label key. + A valid label key has an optional DNS subdomain prefix followed by a "/" and a name segment, + or just a name segment without a prefix. The name segment must be 63 characters or fewer, + beginning and ending with an alphanumeric character, with dashes, underscores, dots, and + alphanumerics in between. + Must be at least 1 character and at most 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid Kubernetes label key or the + wildcard '*' + rule: self == '*' || self.matches('^[a-zA-Z0-9][a-zA-Z0-9_./-]*[a-zA-Z0-9]$') + || self.matches('^[a-zA-Z0-9]$') + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: set + resource: + description: |- + resource is the Kubernetes resource name whose labels should be exposed as metrics. + Currently, only "Jobs" and "CronJobs" are supported due to cardinality concerns. + Valid values are "Jobs" and "CronJobs". + This field is required. + enum: + - Jobs + - CronJobs + type: string + required: + - labels + - resource + type: object + maxItems: 2 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - resource + x-kubernetes-list-type: map + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + maxProperties: 10 + minProperties: 1 + type: object + resources: + description: |- + resources defines the compute resource requests and limits for the kube-state-metrics container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + This field is optional. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + This is a simplified API that maps to Kubernetes ResourceRequirements. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + Maximum length for this list is 5. + Minimum length for this list is 1. + Each resource name must be unique within this list. + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how kube-state-metrics Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Defaults are empty/unset. + When specified, topologySpreadConstraints must contain at least 1 entry and must not contain more than 10 entries. + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + type: object metricsServerConfig: description: |- metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. diff --git a/config/v1alpha1/zz_generated.deepcopy.go b/config/v1alpha1/zz_generated.deepcopy.go index d690c688b2f..dbf983fc97b 100644 --- a/config/v1alpha1/zz_generated.deepcopy.go +++ b/config/v1alpha1/zz_generated.deepcopy.go @@ -451,6 +451,7 @@ func (in *ClusterMonitoringSpec) DeepCopyInto(out *ClusterMonitoringSpec) { in.ThanosQuerierConfig.DeepCopyInto(&out.ThanosQuerierConfig) in.NodeExporterConfig.DeepCopyInto(&out.NodeExporterConfig) in.MonitoringPluginConfig.DeepCopyInto(&out.MonitoringPluginConfig) + in.KubeStateMetricsConfig.DeepCopyInto(&out.KubeStateMetricsConfig) return } @@ -751,6 +752,78 @@ func (in *KeyConfig) DeepCopy() *KeyConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeStateMetricsConfig) DeepCopyInto(out *KubeStateMetricsConfig) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.AdditionalResourceLabels != nil { + in, out := &in.AdditionalResourceLabels, &out.AdditionalResourceLabels + *out = make([]KubeStateMetricsResourceLabels, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeStateMetricsConfig. +func (in *KubeStateMetricsConfig) DeepCopy() *KubeStateMetricsConfig { + if in == nil { + return nil + } + out := new(KubeStateMetricsConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeStateMetricsResourceLabels) DeepCopyInto(out *KubeStateMetricsResourceLabels) { + *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make([]KubeStateMetricsLabelName, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeStateMetricsResourceLabels. +func (in *KubeStateMetricsResourceLabels) DeepCopy() *KubeStateMetricsResourceLabels { + if in == nil { + return nil + } + out := new(KubeStateMetricsResourceLabels) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Label) DeepCopyInto(out *Label) { *out = *in diff --git a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml index 407415920fd..1056498ae06 100644 --- a/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml +++ b/config/v1alpha1/zz_generated.featuregated-crd-manifests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml @@ -896,6 +896,418 @@ spec: and forbidden otherwise rule: 'self.deploymentMode == ''CustomConfig'' ? has(self.customConfig) : !has(self.customConfig)' + kubeStateMetricsConfig: + description: |- + kubeStateMetricsConfig is an optional field that can be used to configure the kube-state-metrics + agent that runs in the openshift-monitoring namespace. kube-state-metrics generates metrics about + the state of Kubernetes objects such as Deployments, Nodes, and Pods. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + additionalResourceLabels: + description: |- + additionalResourceLabels defines additional Kubernetes resource labels to expose as metrics + in kube-state-metrics, in addition to the default set. + Currently, only "Jobs" and "CronJobs" resources are supported due to cardinality concerns. + Each entry specifies a resource name and a list of Kubernetes label names to expose. + Use "*" in the labels list to expose all labels for a given resource. + additionalResourceLabels is optional. + When omitted, only the default set of resource labels is exposed. + Minimum length for this list is 1. + Maximum length for this list is 2. + Each resource name must be unique within this list. + items: + description: |- + KubeStateMetricsResourceLabels defines which Kubernetes labels to expose as metrics + for a given resource type in kube-state-metrics. + properties: + labels: + description: |- + labels is the list of Kubernetes label names to expose as metrics for this resource. + Use "*" to expose all labels for the specified resource. + This field is required. + Each label name must be unique within this list. + Minimum length for this list is 1. + Maximum length for this list is 50. + items: + description: |- + KubeStateMetricsLabelName is the name of a Kubernetes label to expose as a metric + via kube-state-metrics. Use "*" to expose all labels for a resource. + Must be either the wildcard "*" or a valid Kubernetes label key. + A valid label key has an optional DNS subdomain prefix followed by a "/" and a name segment, + or just a name segment without a prefix. The name segment must be 63 characters or fewer, + beginning and ending with an alphanumeric character, with dashes, underscores, dots, and + alphanumerics in between. + Must be at least 1 character and at most 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid Kubernetes label key or the + wildcard '*' + rule: self == '*' || self.matches('^[a-zA-Z0-9][a-zA-Z0-9_./-]*[a-zA-Z0-9]$') + || self.matches('^[a-zA-Z0-9]$') + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: set + resource: + description: |- + resource is the Kubernetes resource name whose labels should be exposed as metrics. + Currently, only "Jobs" and "CronJobs" are supported due to cardinality concerns. + Valid values are "Jobs" and "CronJobs". + This field is required. + enum: + - Jobs + - CronJobs + type: string + required: + - labels + - resource + type: object + maxItems: 2 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - resource + x-kubernetes-list-type: map + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + maxProperties: 10 + minProperties: 1 + type: object + resources: + description: |- + resources defines the compute resource requests and limits for the kube-state-metrics container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + This field is optional. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + This is a simplified API that maps to Kubernetes ResourceRequirements. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + Maximum length for this list is 5. + Minimum length for this list is 1. + Each resource name must be unique within this list. + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how kube-state-metrics Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Defaults are empty/unset. + When specified, topologySpreadConstraints must contain at least 1 entry and must not contain more than 10 entries. + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + type: object metricsServerConfig: description: |- metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. diff --git a/config/v1alpha1/zz_generated.swagger_doc_generated.go b/config/v1alpha1/zz_generated.swagger_doc_generated.go index ae91964235b..0619a23b0da 100644 --- a/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -183,6 +183,7 @@ var map_ClusterMonitoringSpec = map[string]string{ "thanosQuerierConfig": "thanosQuerierConfig is an optional field that can be used to configure the Thanos Querier component that runs in the openshift-monitoring namespace. The Thanos Querier provides a global query view by aggregating and deduplicating metrics from multiple Prometheus instances. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default deploys the Thanos Querier on linux nodes with 5m CPU and 12Mi memory requests, and no custom tolerations or topology spread constraints. When set, at least one field must be specified within thanosQuerierConfig.", "nodeExporterConfig": "nodeExporterConfig is an optional field that can be used to configure the node-exporter agent that runs as a DaemonSet in the openshift-monitoring namespace. The node-exporter agent collects hardware and OS-level metrics from every node in the cluster. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", "monitoringPluginConfig": "monitoringPluginConfig is an optional field that can be used to configure the monitoring plugin that runs as a dynamic plugin of the OpenShift web console. The monitoring plugin provides the monitoring UI in the OpenShift web console for visualizing metrics, alerts, and dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default deploys the monitoring-plugin as a single-replica Deployment on linux nodes with 10m CPU and 50Mi memory requests, and no custom tolerations or topology spread constraints. When set, at least one field must be specified within monitoringPluginConfig.", + "kubeStateMetricsConfig": "kubeStateMetricsConfig is an optional field that can be used to configure the kube-state-metrics agent that runs in the openshift-monitoring namespace. kube-state-metrics generates metrics about the state of Kubernetes objects such as Deployments, Nodes, and Pods. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } func (ClusterMonitoringSpec) SwaggerDoc() map[string]string { @@ -236,6 +237,29 @@ func (KeepEqualActionConfig) SwaggerDoc() map[string]string { return map_KeepEqualActionConfig } +var map_KubeStateMetricsConfig = map[string]string{ + "": "KubeStateMetricsConfig provides configuration options for the kube-state-metrics agent that runs in the `openshift-monitoring` namespace. kube-state-metrics generates metrics about the state of Kubernetes objects such as Deployments, Nodes, and Pods.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "resources": "resources defines the compute resource requests and limits for the kube-state-metrics container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how kube-state-metrics Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Defaults are empty/unset. When specified, topologySpreadConstraints must contain at least 1 entry and must not contain more than 10 entries. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "additionalResourceLabels": "additionalResourceLabels defines additional Kubernetes resource labels to expose as metrics in kube-state-metrics, in addition to the default set. Currently, only \"Jobs\" and \"CronJobs\" resources are supported due to cardinality concerns. Each entry specifies a resource name and a list of Kubernetes label names to expose. Use \"*\" in the labels list to expose all labels for a given resource. additionalResourceLabels is optional. When omitted, only the default set of resource labels is exposed. Minimum length for this list is 1. Maximum length for this list is 2. Each resource name must be unique within this list.", +} + +func (KubeStateMetricsConfig) SwaggerDoc() map[string]string { + return map_KubeStateMetricsConfig +} + +var map_KubeStateMetricsResourceLabels = map[string]string{ + "": "KubeStateMetricsResourceLabels defines which Kubernetes labels to expose as metrics for a given resource type in kube-state-metrics.", + "resource": "resource is the Kubernetes resource name whose labels should be exposed as metrics. Currently, only \"Jobs\" and \"CronJobs\" are supported due to cardinality concerns. Valid values are \"Jobs\" and \"CronJobs\". This field is required.", + "labels": "labels is the list of Kubernetes label names to expose as metrics for this resource. Use \"*\" to expose all labels for the specified resource. This field is required. Each label name must be unique within this list. Minimum length for this list is 1. Maximum length for this list is 50.", +} + +func (KubeStateMetricsResourceLabels) SwaggerDoc() map[string]string { + return map_KubeStateMetricsResourceLabels +} + var map_Label = map[string]string{ "": "Label represents a key/value pair for external labels.", "key": "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 2aa177bbfc1..aa219376262 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -487,6 +487,8 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus": schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref), "github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig": schema_openshift_api_config_v1alpha1_KeepEqualActionConfig(ref), "github.com/openshift/api/config/v1alpha1.KeyConfig": schema_openshift_api_config_v1alpha1_KeyConfig(ref), + "github.com/openshift/api/config/v1alpha1.KubeStateMetricsConfig": schema_openshift_api_config_v1alpha1_KubeStateMetricsConfig(ref), + "github.com/openshift/api/config/v1alpha1.KubeStateMetricsResourceLabels": schema_openshift_api_config_v1alpha1_KubeStateMetricsResourceLabels(ref), "github.com/openshift/api/config/v1alpha1.Label": schema_openshift_api_config_v1alpha1_Label(ref), "github.com/openshift/api/config/v1alpha1.LabelMapActionConfig": schema_openshift_api_config_v1alpha1_LabelMapActionConfig(ref), "github.com/openshift/api/config/v1alpha1.LowercaseActionConfig": schema_openshift_api_config_v1alpha1_LowercaseActionConfig(ref), @@ -23434,11 +23436,18 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref common.Refer Ref: ref("github.com/openshift/api/config/v1alpha1.MonitoringPluginConfig"), }, }, + "kubeStateMetricsConfig": { + SchemaProps: spec.SchemaProps{ + Description: "kubeStateMetricsConfig is an optional field that can be used to configure the kube-state-metrics agent that runs in the openshift-monitoring namespace. kube-state-metrics generates metrics about the state of Kubernetes objects such as Deployments, Nodes, and Pods. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.KubeStateMetricsConfig"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.MetricsServerConfig", "github.com/openshift/api/config/v1alpha1.MonitoringPluginConfig", "github.com/openshift/api/config/v1alpha1.NodeExporterConfig", "github.com/openshift/api/config/v1alpha1.OpenShiftStateMetricsConfig", "github.com/openshift/api/config/v1alpha1.PrometheusConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorAdmissionWebhookConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig", "github.com/openshift/api/config/v1alpha1.TelemeterClientConfig", "github.com/openshift/api/config/v1alpha1.ThanosQuerierConfig", "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"}, + "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.KubeStateMetricsConfig", "github.com/openshift/api/config/v1alpha1.MetricsServerConfig", "github.com/openshift/api/config/v1alpha1.MonitoringPluginConfig", "github.com/openshift/api/config/v1alpha1.NodeExporterConfig", "github.com/openshift/api/config/v1alpha1.OpenShiftStateMetricsConfig", "github.com/openshift/api/config/v1alpha1.PrometheusConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorAdmissionWebhookConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig", "github.com/openshift/api/config/v1alpha1.TelemeterClientConfig", "github.com/openshift/api/config/v1alpha1.ThanosQuerierConfig", "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"}, } } @@ -23922,6 +23931,164 @@ func schema_openshift_api_config_v1alpha1_KeyConfig(ref common.ReferenceCallback } } +func schema_openshift_api_config_v1alpha1_KubeStateMetricsConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "KubeStateMetricsConfig provides configuration options for the kube-state-metrics agent that runs in the `openshift-monitoring` namespace. kube-state-metrics generates metrics about the state of Kubernetes objects such as Deployments, Nodes, and Pods.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "nodeSelector": { + SchemaProps: spec.SchemaProps{ + Description: "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resources defines the compute resource requests and limits for the kube-state-metrics container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), + }, + }, + }, + }, + }, + "tolerations": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "topologySpreadConstraints": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "topologyKey", + "whenUnsatisfiable", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "topologySpreadConstraints defines rules for how kube-state-metrics Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Defaults are empty/unset. When specified, topologySpreadConstraints must contain at least 1 entry and must not contain more than 10 entries. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "additionalResourceLabels": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "resource", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "additionalResourceLabels defines additional Kubernetes resource labels to expose as metrics in kube-state-metrics, in addition to the default set. Currently, only \"Jobs\" and \"CronJobs\" resources are supported due to cardinality concerns. Each entry specifies a resource name and a list of Kubernetes label names to expose. Use \"*\" in the labels list to expose all labels for a given resource. additionalResourceLabels is optional. When omitted, only the default set of resource labels is exposed. Minimum length for this list is 1. Maximum length for this list is 2. Each resource name must be unique within this list.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.KubeStateMetricsResourceLabels"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.ContainerResource", "github.com/openshift/api/config/v1alpha1.KubeStateMetricsResourceLabels", corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_config_v1alpha1_KubeStateMetricsResourceLabels(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "KubeStateMetricsResourceLabels defines which Kubernetes labels to expose as metrics for a given resource type in kube-state-metrics.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "resource": { + SchemaProps: spec.SchemaProps{ + Description: "resource is the Kubernetes resource name whose labels should be exposed as metrics. Currently, only \"Jobs\" and \"CronJobs\" are supported due to cardinality concerns. Valid values are \"Jobs\" and \"CronJobs\". This field is required.", + Type: []string{"string"}, + Format: "", + }, + }, + "labels": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "labels is the list of Kubernetes label names to expose as metrics for this resource. Use \"*\" to expose all labels for the specified resource. This field is required. Each label name must be unique within this list. Minimum length for this list is 1. Maximum length for this list is 50.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + Required: []string{"resource", "labels"}, + }, + }, + } +} + func schema_openshift_api_config_v1alpha1_Label(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/openapi/openapi.json b/openapi/openapi.json index 5311926e17c..c512e48c669 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -22323,7 +22323,7 @@ "type": "object", "properties": { "allowedRegistries": { - "description": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "description": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. Each entry must be a valid registry scope in the format hostname[:port][/path], optionally prefixed with \"*.\" for wildcard subdomains (e.g., \"*.example.com\"). The hostname must consist of valid DNS labels separated by dots, where each label contains only alphanumeric characters and hyphens and does not start or end with a hyphen. Entries must not be empty, must not include tags (e.g., \":latest\") or digests (e.g., \"@sha256:...\"), and must be at most 256 characters in length. The list may contain at most 1024 entries.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", "type": "array", "items": { "type": "string", @@ -22332,7 +22332,7 @@ "x-kubernetes-list-type": "atomic" }, "blockedRegistries": { - "description": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "description": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. Each entry must be a valid registry scope in the format hostname[:port][/path], optionally prefixed with \"*.\" for wildcard subdomains (e.g., \"*.example.com\"). The hostname must consist of valid DNS labels separated by dots, where each label contains only alphanumeric characters and hyphens and does not start or end with a hyphen. Entries must not be empty, must not include tags (e.g., \":latest\") or digests (e.g., \"@sha256:...\"), and must be at most 256 characters in length. The list may contain at most 1024 entries.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", "type": "array", "items": { "type": "string", @@ -22350,7 +22350,7 @@ "x-kubernetes-list-type": "set" }, "insecureRegistries": { - "description": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", + "description": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. Each entry must be a valid registry scope in the format hostname[:port][/path], optionally prefixed with \"*.\" for wildcard subdomains (e.g., \"*.example.com\"). The hostname must consist of valid DNS labels separated by dots, where each label contains only alphanumeric characters and hyphens and does not start or end with a hyphen. Entries must not be empty, must not include tags (e.g., \":latest\") or digests (e.g., \"@sha256:...\"), and must be at most 256 characters in length. The list may contain at most 1024 entries.", "type": "array", "items": { "type": "string", @@ -24271,6 +24271,11 @@ "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AlertmanagerConfig" }, + "kubeStateMetricsConfig": { + "description": "kubeStateMetricsConfig is an optional field that can be used to configure the kube-state-metrics agent that runs in the openshift-monitoring namespace. kube-state-metrics generates metrics about the state of Kubernetes objects such as Deployments, Nodes, and Pods. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.KubeStateMetricsConfig" + }, "metricsServerConfig": { "description": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", "default": {}, @@ -24605,6 +24610,89 @@ } ] }, + "com.github.openshift.api.config.v1alpha1.KubeStateMetricsConfig": { + "description": "KubeStateMetricsConfig provides configuration options for the kube-state-metrics agent that runs in the `openshift-monitoring` namespace. kube-state-metrics generates metrics about the state of Kubernetes objects such as Deployments, Nodes, and Pods.", + "type": "object", + "properties": { + "additionalResourceLabels": { + "description": "additionalResourceLabels defines additional Kubernetes resource labels to expose as metrics in kube-state-metrics, in addition to the default set. Currently, only \"Jobs\" and \"CronJobs\" resources are supported due to cardinality concerns. Each entry specifies a resource name and a list of Kubernetes label names to expose. Use \"*\" in the labels list to expose all labels for a given resource. additionalResourceLabels is optional. When omitted, only the default set of resource labels is exposed. Maximum length for this list is 2. Minimum length for this list is 1. Each resource name must be unique within this list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.KubeStateMetricsResourceLabels" + }, + "x-kubernetes-list-map-keys": [ + "resource" + ], + "x-kubernetes-list-type": "map" + }, + "nodeSelector": { + "description": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "resources": { + "description": "resources defines the compute resource requests and limits for the kube-state-metrics container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "tolerations": { + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + }, + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how kube-state-metrics Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Defaults are empty/unset. When specified, topologySpreadConstraints must contain at least 1 entry and must not contain more than 10 entries. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1alpha1.KubeStateMetricsResourceLabels": { + "description": "KubeStateMetricsResourceLabels defines which Kubernetes labels to expose as metrics for a given resource type in kube-state-metrics.", + "type": "object", + "required": [ + "resource", + "labels" + ], + "properties": { + "labels": { + "description": "labels is the list of Kubernetes label names to expose as metrics for this resource. Use \"*\" to expose all labels for the specified resource. This field is required. Each label name must be unique within this list. Minimum length for this list is 1. Maximum length for this list is 50.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "resource": { + "description": "resource is the Kubernetes resource name whose labels should be exposed as metrics. Currently, only \"Jobs\" and \"CronJobs\" are supported due to cardinality concerns. Valid values are \"Jobs\" and \"CronJobs\". This field is required.", + "type": "string" + } + } + }, "com.github.openshift.api.config.v1alpha1.Label": { "description": "Label represents a key/value pair for external labels.", "type": "object", @@ -24844,6 +24932,11 @@ "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.NodeExporterCollectorProcessesConfig" }, + "softirqs": { + "description": "softirqs configures the softirqs collector, which exposes detailed softirq statistics from /proc/softirqs. softirqs is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Enable when you need visibility into kernel softirq processing across CPUs.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.NodeExporterCollectorSoftirqsConfig" + }, "systemd": { "description": "systemd configures the systemd collector, which collects statistics on the systemd daemon and its managed services. systemd is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is disabled. Enabling this collector with a long list of selected units may produce metrics with high cardinality. If you enable this collector, closely monitor the prometheus-k8s deployment for excessive memory usage. Enable when you need metrics for specific units; scope units carefully.", "default": {}, @@ -25002,6 +25095,23 @@ } } }, + "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorSoftirqsConfig": { + "description": "NodeExporterCollectorSoftirqsConfig provides configuration for the softirqs collector of the node-exporter agent. The softirqs collector exposes detailed softirq statistics from /proc/softirqs. It is disabled by default.", + "type": "object", + "required": [ + "collectionPolicy" + ], + "properties": { + "collectionPolicy": { + "description": "collectionPolicy declares whether the softirqs collector collects metrics. This field is required. Valid values are \"Collect\" and \"DoNotCollect\". When set to \"Collect\", the softirqs collector is active and softirq statistics are collected. When set to \"DoNotCollect\", the softirqs collector is inactive.\n\nPossible enum values:\n - `\"Collect\"` means the collector is active and will produce metrics.\n - `\"DoNotCollect\"` means the collector is inactive and will not produce metrics.", + "type": "string", + "enum": [ + "Collect", + "DoNotCollect" + ] + } + } + }, "com.github.openshift.api.config.v1alpha1.NodeExporterCollectorSystemdCollectConfig": { "description": "NodeExporterCollectorSystemdCollectConfig holds configuration options for the systemd collector when it is actively collecting metrics. At least one field must be specified.", "type": "object", diff --git a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml index 6c184ff5b4d..45792279974 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_clustermonitorings.crd.yaml @@ -896,6 +896,418 @@ spec: and forbidden otherwise rule: 'self.deploymentMode == ''CustomConfig'' ? has(self.customConfig) : !has(self.customConfig)' + kubeStateMetricsConfig: + description: |- + kubeStateMetricsConfig is an optional field that can be used to configure the kube-state-metrics + agent that runs in the openshift-monitoring namespace. kube-state-metrics generates metrics about + the state of Kubernetes objects such as Deployments, Nodes, and Pods. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + minProperties: 1 + properties: + additionalResourceLabels: + description: |- + additionalResourceLabels defines additional Kubernetes resource labels to expose as metrics + in kube-state-metrics, in addition to the default set. + Currently, only "Jobs" and "CronJobs" resources are supported due to cardinality concerns. + Each entry specifies a resource name and a list of Kubernetes label names to expose. + Use "*" in the labels list to expose all labels for a given resource. + additionalResourceLabels is optional. + When omitted, only the default set of resource labels is exposed. + Minimum length for this list is 1. + Maximum length for this list is 2. + Each resource name must be unique within this list. + items: + description: |- + KubeStateMetricsResourceLabels defines which Kubernetes labels to expose as metrics + for a given resource type in kube-state-metrics. + properties: + labels: + description: |- + labels is the list of Kubernetes label names to expose as metrics for this resource. + Use "*" to expose all labels for the specified resource. + This field is required. + Each label name must be unique within this list. + Minimum length for this list is 1. + Maximum length for this list is 50. + items: + description: |- + KubeStateMetricsLabelName is the name of a Kubernetes label to expose as a metric + via kube-state-metrics. Use "*" to expose all labels for a resource. + Must be either the wildcard "*" or a valid Kubernetes label key. + A valid label key has an optional DNS subdomain prefix followed by a "/" and a name segment, + or just a name segment without a prefix. The name segment must be 63 characters or fewer, + beginning and ending with an alphanumeric character, with dashes, underscores, dots, and + alphanumerics in between. + Must be at least 1 character and at most 253 characters in length. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: must be a valid Kubernetes label key or the + wildcard '*' + rule: self == '*' || self.matches('^[a-zA-Z0-9][a-zA-Z0-9_./-]*[a-zA-Z0-9]$') + || self.matches('^[a-zA-Z0-9]$') + maxItems: 50 + minItems: 1 + type: array + x-kubernetes-list-type: set + resource: + description: |- + resource is the Kubernetes resource name whose labels should be exposed as metrics. + Currently, only "Jobs" and "CronJobs" are supported due to cardinality concerns. + Valid values are "Jobs" and "CronJobs". + This field is required. + enum: + - Jobs + - CronJobs + type: string + required: + - labels + - resource + type: object + maxItems: 2 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - resource + x-kubernetes-list-type: map + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector defines the nodes on which the Pods are scheduled. + nodeSelector is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default value is `kubernetes.io/os: linux`. + When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + maxProperties: 10 + minProperties: 1 + type: object + resources: + description: |- + resources defines the compute resource requests and limits for the kube-state-metrics container. + This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + When not specified, defaults are used by the platform. Requests cannot exceed limits. + This field is optional. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + This is a simplified API that maps to Kubernetes ResourceRequirements. + The current default values are: + resources: + - name: cpu + request: 4m + - name: memory + request: 40Mi + Maximum length for this list is 5. + Minimum length for this list is 1. + Each resource name must be unique within this list. + items: + description: ContainerResource defines a single resource requirement + for a container. + properties: + limit: + anyOf: + - type: integer + - type: string + description: |- + limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + This field is optional. + When request is specified, limit cannot be less than request. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: limit must be a positive, non-zero quantity + rule: quantity(self).isGreaterThan(quantity('0')) + name: + description: |- + name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + This field is required. + name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist only of alphanumeric characters, + `-`, `_` and `.` and must start and end with an alphanumeric + character + rule: '!format.qualifiedName().validate(self).hasValue()' + request: + anyOf: + - type: integer + - type: string + description: |- + request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + This field is optional. + When limit is specified, request cannot be greater than limit. + The value must be greater than 0 when specified. + maxLength: 20 + minLength: 1 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + x-kubernetes-validations: + - message: request must be a positive, non-zero quantity + rule: quantity(self).isGreaterThan(quantity('0')) + required: + - name + type: object + x-kubernetes-validations: + - message: at least one of request or limit must be set + rule: has(self.request) || has(self.limit) + - message: limit must be greater than or equal to request + rule: '!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) + >= 0' + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + tolerations: + description: |- + tolerations defines tolerations for the pods. + tolerations is optional. + + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + Defaults are empty/unset. + When specified, tolerations must contain at least 1 entry and must not contain more than 10 entries. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + topologySpreadConstraints defines rules for how kube-state-metrics Pods should be distributed + across topology domains such as zones, nodes, or other user-defined labels. + topologySpreadConstraints is optional. + This helps improve high availability and resource efficiency by avoiding placing + too many replicas in the same failure domain. + + When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + Defaults are empty/unset. + When specified, topologySpreadConstraints must contain at least 1 entry and must not contain more than 10 entries. + Entries must have unique topologyKey and whenUnsatisfiable pairs. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + type: object metricsServerConfig: description: |- metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace.