test: validate podmonitorings with CEL · GoogleCloudPlatform/prometheus-engine@fd42d64 (original) (raw)

`@@ -15,7 +15,7 @@ apiVersion: apiextensions.k8s.io/v1

`

15

15

`kind: CustomResourceDefinition

`

16

16

`metadata:

`

17

17

`annotations:

`

18

``

`-

controller-gen.kubebuilder.io/version: v0.17.1

`

``

18

`+

controller-gen.kubebuilder.io/version: v0.17.1-0.20250103184936-50893dee96da

`

19

19

`name: clusterpodmonitorings.monitoring.googleapis.com

`

20

20

`spec:

`

21

21

`group: monitoring.googleapis.com

`

95

95

` Type is the authentication type. Defaults to Bearer.

`

96

96

` Basic will cause an error, as the BasicAuth object should be used instead.

`

97

97

`type: string

`

``

98

`+

x-kubernetes-validations:

`

``

99

`+

• message: authorization type cannot be set to "basic",

`

``

100

`+

use "basic_auth" instead

`

``

101

`+

rule: self != 'Basic'

`

98

102

`type: object

`

99

103

`basicAuth:

`

100

104

`description: BasicAuth is the HTTP basic authentication credentials

`

`@@ -132,7 +136,6 @@ spec:

`

132

136

`description: Interval at which to scrape metrics. Must be a

`

133

137

`valid Prometheus duration.

`

134

138

`format: duration

`

135

``

`-

pattern: ^((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0)$

`

136

139

`type: string

`

137

140

`metricRelabeling:

`

138

141

`description: |-

`

`@@ -158,7 +161,6 @@ spec:

`

158

161

` - hashmod

`

159

162

` - labeldrop

`

160

163

` - labelkeep

`

161

``

`-

format: relabel_action

`

162

164

`type: string

`

163

165

`modulus:

`

164

166

`description: Modulus to take of the hash of the source

`

`@@ -168,7 +170,14 @@ spec:

`

168

170

`regex:

`

169

171

`description: Regular expression against which the extracted

`

170

172

`value is matched. Defaults to '(.*)'.

`

``

173

`+

maxLength: 100

`

171

174

`type: string

`

``

175

`+

x-kubernetes-validations:

`

``

176

`+

• rule: '!''project_id''.matches(self) && !''location''.matches(self)

`

``

177

`+

&& !''cluster''.matches(self) && !''namespace''.matches(self)

`

``

178

`+

&& !''instance''.matches(self) && !''top_level_controller''.matches(self)

`

``

179

`+

&& !''top_level_controller_type''.matches(self) &&

`

``

180

`+

!''address''.matches(self) && !''cluster''.matches(self)'

`

172

181

`replacement:

`

173

182

`description: |-

`

174

183

` Replacement value against which a regex replace is performed if the

`

`@@ -184,18 +193,29 @@ spec:

`

184

193

` using the configured separator and matched against the configured regular expression

`

185

194

` for the replace, keep, and drop actions.

`

186

195

`items:

`

187

``

`-

format: labelname

`

188

``

`-

pattern: '[a-zA-Z_][a-zA-Z0-9_]*'

`

``

196

`+

pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$

`

189

197

`type: string

`

``

198

`+

maxItems: 100

`

190

199

`type: array

`

191

200

`targetLabel:

`

192

201

`description: |-

`

193

202

` Label to which the resulting value is written in a replace action.

`

194

203

` It is mandatory for replace actions. Regex capture groups are available.

`

195

``

`-

format: labelname

`

196

``

`-

pattern: '[a-zA-Z_][a-zA-Z0-9_]*'

`

``

204

`+

pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$

`

197

205

`type: string

`

``

206

`+

x-kubernetes-validations:

`

``

207

`+

• messageExpression: '''cannot relabel onto protected

`

``

208

`+

label "%s"''.format([self])'

`

``

209

`+

rule: self != 'project_id' && self != 'location' &&

`

``

210

`+

self != 'cluster' && self != 'namespace' && self !=

`

``

211

`+

'job' && self != 'instance' && self != 'top_level_controller'

`

``

212

`+

&& self != 'top_level_controller_type' && self !=

`

``

213

`+

'address'

`

198

214

`type: object

`

``

215

`+

x-kubernetes-validations:

`

``

216

`+

• rule: '!has(self.action) || self.action != ''labeldrop''

`

``

217

`+

|| has(self.regex)'

`

``

218

`+

maxItems: 50

`

199

219

`type: array

`

200

220

`oauth2:

`

201

221

`description: OAuth2 is the OAuth2 client credentials used to

`

`@@ -240,7 +260,10 @@ spec:

`

240

260

` ProxyURL is the HTTP proxy server to use to connect to the targets.

`

241

261

``

242

262

` Encoded passwords are not supported.

`

``

263

`+

maxLength: 2000

`

243

264

`type: string

`

``

265

`+

x-kubernetes-validations:

`

``

266

`+

• rule: isURL(self) && !self.matches('@')

`

244

267

`scopes:

`

245

268

`description: Scopes represents the scopes for the token

`

246

269

`request.

`

`@@ -337,6 +360,11 @@ spec:

`

337

360

``

338

361

` If unset, Prometheus will use Go default minimum version, which is TLS 1.2.

`

339

362

` See MinVersion in https://pkg.go.dev/crypto/tls#Config.

`

``

363

`+

enum:

`

``

364

`+

• TLS10

`

``

365

`+

• TLS11

`

``

366

`+

• TLS12

`

``

367

`+

• TLS13

`

340

368

`type: string

`

341

369

`minVersion:

`

342

370

`description: |-

`

`@@ -345,6 +373,11 @@ spec:

`

345

373

``

346

374

` If unset, Prometheus will use Go default minimum version, which is TLS 1.2.

`

347

375

` See MinVersion in https://pkg.go.dev/crypto/tls#Config.

`

``

376

`+

enum:

`

``

377

`+

• TLS10

`

``

378

`+

• TLS11

`

``

379

`+

• TLS12

`

``

380

`+

• TLS13

`

348

381

`type: string

`

349

382

`serverName:

`

350

383

`description: ServerName is used to verify the hostname

`

`@@ -377,13 +410,22 @@ spec:

`

377

410

` Name or number of the port to scrape.

`

378

411

` The container metadata label is only populated if the port is referenced by name

`

379

412

` because port numbers are not unique across containers.

`

``

413

`+

maxLength: 253

`

``

414

`+

minLength: 1

`

``

415

`+

pattern: ^a-z0-9?$

`

380

416

`x-kubernetes-int-or-string: true

`

``

417

`+

x-kubernetes-validations:

`

``

418

`+

• message: Port is required

`

``

419

`+

rule: self != 0

`

381

420

`proxyUrl:

`

382

421

`description: |-

`

383

422

` ProxyURL is the HTTP proxy server to use to connect to the targets.

`

384

423

``

385

424

` Encoded passwords are not supported.

`

``

425

`+

maxLength: 2000

`

386

426

`type: string

`

``

427

`+

x-kubernetes-validations:

`

``

428

`+

• rule: isURL(self) && !self.matches('@')

`

387

429

`scheme:

`

388

430

`description: Protocol scheme to use to scrape.

`

389

431

`enum:

`

`@@ -395,7 +437,6 @@ spec:

`

395

437

` Timeout for metrics scrapes. Must be a valid Prometheus duration.

`

396

438

` Must not be larger than the scrape interval.

`

397

439

`format: duration

`

398

``

`-

pattern: ^((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0)$

`

399

440

`type: string

`

400

441

`tls:

`

401

442

`description: TLS configures the scrape request's TLS settings.

`

`@@ -487,6 +528,11 @@ spec:

`

487

528

``

488

529

` If unset, Prometheus will use Go default minimum version, which is TLS 1.2.

`

489

530

` See MinVersion in https://pkg.go.dev/crypto/tls#Config.

`

``

531

`+

enum:

`

``

532

`+

• TLS10

`

``

533

`+

• TLS11

`

``

534

`+

• TLS12

`

``

535

`+

• TLS13

`

490

536

`type: string

`

491

537

`minVersion:

`

492

538

`description: |-

`

`@@ -495,6 +541,11 @@ spec:

`

495

541

``

496

542

` If unset, Prometheus will use Go default minimum version, which is TLS 1.2.

`

497

543

` See MinVersion in https://pkg.go.dev/crypto/tls#Config.

`

``

544

`+

enum:

`

``

545

`+

• TLS10

`

``

546

`+

• TLS11

`

``

547

`+

• TLS12

`

``

548

`+

• TLS13

`

498

549

`type: string

`

499

550

`serverName:

`

500

551

`description: ServerName is used to verify the hostname for

`

`@@ -506,13 +557,16 @@ spec:

`

506

557

`when either is provided

`

507

558

`rule: has(self.cert) == has(self.key)

`

508

559

`required:

`

``

560

`+

• interval

`

509

561

` - port

`

510

562

`type: object

`

511

563

`x-kubernetes-validations:

`

512

``

`-

• messageExpression: '''"scrape timeout " + self.timeout + "must

`

513

``

`-

not be greater than scrape interval" + self.interval'''

`

514

``

`-

rule: '!has(self.interval) || !has(self.timeout) || self.interval

`

515

``

`-

<= self.timeout'

`

``

564

`+

• messageExpression: '''scrape timeout (%s) must not be greater

`

``

565

`+

than scrape interval (%s)''.format([self.timeout, self.interval])'

`

``

566

`+

rule: '!has(self.timeout) || self.timeout <= self.interval'

`

``

567

`+

• rule: '((has(self.authorization) ? 1 : 0) + (has(self.basicAuth)

`

``

568

`+

? 1 : 0) + (has(self.oauth2) ? 1 : 0)) <= 1'

`

``

569

`+

maxItems: 100

`

516

570

`minItems: 1

`

517

571

`type: array

`

518

572

`filterRunning:

`

`@@ -626,19 +680,25 @@ spec:

`

626

680

`properties:

`

627

681

`from:

`

628

682

`description: Kubernetes resource label to remap.

`

629

``

`-

format: labelname

`

630

``

`-

pattern: '[a-zA-Z_][a-zA-Z0-9_]*'

`

``

683

`+

pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$

`

631

684

`type: string

`

632

685

`to:

`

633

686

`description: |-

`

634

687

` Remapped Prometheus target label.

`

635

688

`` Defaults to the same name as From.

``

636

``

`-

format: labelname

`

637

``

`-

pattern: '[a-zA-Z_][a-zA-Z0-9_]*'

`

``

689

`+

pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$

`

638

690

`type: string

`

``

691

`+

x-kubernetes-validations:

`

``

692

`+

• messageExpression: '''cannot relabel onto protected label

`

``

693

`+

"%s"''.format([self])'

`

``

694

`+

rule: self != 'project_id' && self != 'location' && self

`

``

695

`+

!= 'cluster' && self != 'namespace' && self != 'job'

`

``

696

`+

&& self != 'instance' && self != 'top_level_controller'

`

``

697

`+

&& self != 'top_level_controller_type' && self != 'address'

`

639

698

`required:

`

640

699

` - from

`

641

700

`type: object

`

``

701

`+

maxItems: 100

`

642

702

`type: array

`

643

703

`metadata:

`

644

704

`description: |-

`