diff --git a/go.mod b/go.mod index cb6f75ffd2..3afaf709f9 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/onsi/ginkgo/v2 v2.22.2 github.com/onsi/gomega v1.36.2 github.com/openshift/api v0.0.0-20240722135205-ae4f370f361f - github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.79.2 + github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.80.0 github.com/prometheus/common v0.55.0 github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.10.0 @@ -146,13 +146,13 @@ require ( go.opentelemetry.io/proto/otlp v1.4.0 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.31.0 // indirect + golang.org/x/crypto v0.32.0 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect - golang.org/x/net v0.33.0 // indirect + golang.org/x/net v0.34.0 // indirect golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sync v0.10.0 // indirect - golang.org/x/sys v0.28.0 // indirect - golang.org/x/term v0.27.0 // indirect + golang.org/x/sys v0.29.0 // indirect + golang.org/x/term v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.7.0 // indirect golang.org/x/tools v0.28.0 // indirect diff --git a/go.sum b/go.sum index 9e1c924d88..02e8438917 100644 --- a/go.sum +++ b/go.sum @@ -800,8 +800,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= -github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.79.2 h1:DGv150w4UyxnjNHlkCw85R3+lspOxegtdnbpP2vKRrk= -github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.79.2/go.mod h1:AVMP4QEW8xuGWnxaWSpI3kKjP9fDA31nO68zsyREJZA= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.80.0 h1:ckSycH7xHtpcvXsmEY/qEziRhDQKqKqbsHi9kX/BO7A= +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.80.0/go.mod h1:6x4x0t9BP35g4XcjkHE9EB3RxhyfxpdpmZKd/Qyk8+M= github.com/prometheus/alertmanager v0.21.0/go.mod h1:h7tJ81NA0VLWvWEayi1QltevFkLF3KxmC/malTcT8Go= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= @@ -1049,8 +1049,8 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1140,8 +1140,8 @@ golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= -golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= +golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1246,8 +1246,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1255,8 +1255,8 @@ golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= +golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go index aa316dfede..17ee448fb8 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/podmonitor_types.go @@ -181,7 +181,7 @@ type PodMonitorList struct { // More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty"` // List of PodMonitors - Items []*PodMonitor `json:"items"` + Items []PodMonitor `json:"items"` } // DeepCopyObject implements the runtime.Object interface. @@ -239,6 +239,7 @@ type PodMetricsEndpoint struct { // // If empty, Prometheus uses the global scrape timeout unless it is less // than the target's scrape interval value in which the latter is used. + // The value cannot be greater than the scrape interval otherwise the operator will reject the resource. ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"` // TLS configuration to use when scraping the target. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go index e549d32afd..208de742f8 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/probe_types.go @@ -68,6 +68,7 @@ type ProbeSpec struct { Interval Duration `json:"interval,omitempty"` // Timeout for scraping metrics from the Prometheus exporter. // If not specified, the Prometheus global scrape timeout is used. + // The value cannot be greater than the scrape interval otherwise the operator will reject the resource. ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"` // TLS configuration to use when scraping the endpoint. TLSConfig *SafeTLSConfig `json:"tlsConfig,omitempty"` @@ -226,7 +227,7 @@ type ProbeList struct { // More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty"` // List of Probes - Items []*Probe `json:"items"` + Items []Probe `json:"items"` } // DeepCopyObject implements the runtime.Object interface. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go index 9f9d374138..8d78d63254 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheus_types.go @@ -296,6 +296,7 @@ type CommonPrometheusFields struct { // +kubebuilder:default:="30s" ScrapeInterval Duration `json:"scrapeInterval,omitempty"` // Number of seconds to wait until a scrape request times out. + // The value cannot be greater than the scrape interval otherwise the operator will reject the resource. ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"` // The protocols to negotiate during a scrape. It tells clients the @@ -856,6 +857,29 @@ type CommonPrometheusFields struct { // +optional TSDB *TSDBSpec `json:"tsdb,omitempty"` + // File to which scrape failures are logged. + // Reloading the configuration will reopen the file. + // + // If the filename has an empty path, e.g. 'file.log', The Prometheus Pods + // will mount the file into an emptyDir volume at `/var/log/prometheus`. + // If a full path is provided, e.g. '/var/log/prometheus/file.log', you + // must mount a volume in the specified directory and it must be writable. + // It requires Prometheus >= v2.55.0. + // + // +kubebuilder:validation:MinLength=1 + // +optional + ScrapeFailureLogFile *string `json:"scrapeFailureLogFile,omitempty"` + + // The name of the service name used by the underlying StatefulSet(s) as the governing service. + // If defined, the Service must be created before the Prometheus/PrometheusAgent resource in the same namespace and it must define a selector that matches the pod labels. + // If empty, the operator will create and manage a headless service named `prometheus-operated` for Prometheus resources, + // or `prometheus-agent-operated` for PrometheusAgent resources. + // When deploying multiple Prometheus/PrometheusAgent resources in the same namespace, it is recommended to specify a different value for each. + // See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details. + // +optional + // +kubebuilder:validation:MinLength=1 + ServiceName *string `json:"serviceName,omitempty"` + // RuntimeConfig configures the values for the Prometheus process behavior // +optional Runtime *RuntimeConfig `json:"runtime,omitempty"` @@ -957,7 +981,7 @@ type PrometheusList struct { // More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty"` // List of Prometheuses - Items []*Prometheus `json:"items"` + Items []Prometheus `json:"items"` } // DeepCopyObject implements the runtime.Object interface. @@ -2121,6 +2145,13 @@ type ScrapeClass struct { // +optional Default *bool `json:"default,omitempty"` + // The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + // It will only apply if the scrape resource doesn't specify any FallbackScrapeProtocol + // + // It requires Prometheus >= v3.0.0. + // +optional + FallbackScrapeProtocol *ScrapeProtocol `json:"fallbackScrapeProtocol,omitempty"` + // TLSConfig defines the TLS settings to use for the scrape. When the // scrape objects define their own CA, certificate and/or key, they take // precedence over the corresponding scrape class fields. @@ -2191,9 +2222,15 @@ type OTLPConfig struct { PromoteResourceAttributes []string `json:"promoteResourceAttributes,omitempty"` // Configures how the OTLP receiver endpoint translates the incoming metrics. - // If unset, Prometheus uses its default value. // // It requires Prometheus >= v3.0.0. // +optional TranslationStrategy *TranslationStrategyOption `json:"translationStrategy,omitempty"` + + // Enables adding `service.name`, `service.namespace` and `service.instance.id` + // resource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels. + // + // It requires Prometheus >= v3.1.0. + // +optional + KeepIdentifyingResourceAttributes *bool `json:"keepIdentifyingResourceAttributes,omitempty"` } diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheusrule_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheusrule_types.go index 229daa9a0c..28d5d1549e 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheusrule_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/prometheusrule_types.go @@ -127,7 +127,7 @@ type PrometheusRuleList struct { // More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty"` // List of Rules - Items []*PrometheusRule `json:"items"` + Items []PrometheusRule `json:"items"` } // DeepCopyObject implements the runtime.Object interface. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/servicemonitor_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/servicemonitor_types.go index 558dfc3592..6c739ea3b6 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/servicemonitor_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/servicemonitor_types.go @@ -186,7 +186,7 @@ type ServiceMonitorList struct { // More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty"` // List of ServiceMonitors - Items []*ServiceMonitor `json:"items"` + Items []ServiceMonitor `json:"items"` } // DeepCopyObject implements the runtime.Object interface. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/thanos_types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/thanos_types.go index ebea3cd738..b1d7f4846f 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/thanos_types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/thanos_types.go @@ -63,7 +63,7 @@ type ThanosRulerList struct { // More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ListMeta `json:"metadata,omitempty"` // List of Prometheuses - Items []*ThanosRuler `json:"items"` + Items []ThanosRuler `json:"items"` } // ThanosRulerSpec is a specification of the desired behavior of the ThanosRuler. More info: diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/types.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/types.go index 7483e8d24b..8c4fff0679 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/types.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/types.go @@ -361,42 +361,97 @@ type WebHTTPHeaders struct { // WebTLSConfig defines the TLS parameters for HTTPS. // +k8s:openapi-gen=true type WebTLSConfig struct { - // Contains the TLS certificate for the server. + // Secret or ConfigMap containing the TLS certificate for the web server. + // + // Either `keySecret` or `keyFile` must be defined. + // + // It is mutually exclusive with `certFile`. + // + // +optional Cert SecretOrConfigMap `json:"cert,omitempty"` - // Contains the CA certificate for client certificate authentication to the server. - ClientCA SecretOrConfigMap `json:"client_ca,omitempty"` - // Secret containing the TLS key for the server. + // Path to the TLS certificate file in the container for the web server. + // + // Either `keySecret` or `keyFile` must be defined. + // + // It is mutually exclusive with `cert`. + // + // +optional + CertFile *string `json:"certFile,omitempty"` + + // Secret containing the TLS private key for the web server. + // + // Either `cert` or `certFile` must be defined. + // + // It is mutually exclusive with `keyFile`. + // + // +optional KeySecret v1.SecretKeySelector `json:"keySecret,omitempty"` - // Server policy for client authentication. Maps to ClientAuth Policies. + // Path to the TLS private key file in the container for the web server. + // + // If defined, either `cert` or `certFile` must be defined. + // + // It is mutually exclusive with `keySecret`. + // + // +optional + KeyFile *string `json:"keyFile,omitempty"` + + // Secret or ConfigMap containing the CA certificate for client certificate + // authentication to the server. + // + // It is mutually exclusive with `clientCAFile`. + // + // +optional + ClientCA SecretOrConfigMap `json:"client_ca,omitempty"` + // Path to the CA certificate file for client certificate authentication to + // the server. + // + // It is mutually exclusive with `client_ca`. + // + // +optional + ClientCAFile *string `json:"clientCAFile,omitempty"` + // The server policy for client TLS authentication. + // // For more detail on clientAuth options: // https://golang.org/pkg/crypto/tls/#ClientAuthType - ClientAuthType string `json:"clientAuthType,omitempty"` - // Minimum TLS version that is acceptable. Defaults to TLS12. - MinVersion string `json:"minVersion,omitempty"` - // Maximum TLS version that is acceptable. Defaults to TLS13. - MaxVersion string `json:"maxVersion,omitempty"` - // List of supported cipher suites for TLS versions up to TLS 1.2. If empty, - // Go default cipher suites are used. Available cipher suites are documented - // in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants + // + // +optional + ClientAuthType *string `json:"clientAuthType,omitempty"` + + // Minimum TLS version that is acceptable. + // + // +optional + MinVersion *string `json:"minVersion,omitempty"` + // Maximum TLS version that is acceptable. + // + // +optional + MaxVersion *string `json:"maxVersion,omitempty"` + + // List of supported cipher suites for TLS versions up to TLS 1.2. + // + // If not defined, the Go default cipher suites are used. + // Available cipher suites are documented in the Go documentation: + // https://golang.org/pkg/crypto/tls/#pkg-constants + // + // +optional CipherSuites []string `json:"cipherSuites,omitempty"` - // Controls whether the server selects the - // client's most preferred cipher suite, or the server's most preferred - // cipher suite. If true then the server's preference, as expressed in + + // Controls whether the server selects the client's most preferred cipher + // suite, or the server's most preferred cipher suite. + // + // If true then the server's preference, as expressed in // the order of elements in cipherSuites, is used. + // + // +optional PreferServerCipherSuites *bool `json:"preferServerCipherSuites,omitempty"` + // Elliptic curves that will be used in an ECDHE handshake, in preference - // order. Available curves are documented in the go documentation: + // order. + // + // Available curves are documented in the Go documentation: // https://golang.org/pkg/crypto/tls/#CurveID + // + // +optional CurvePreferences []string `json:"curvePreferences,omitempty"` - // Path to the TLS key file in the Prometheus container for the server. - // Mutually exclusive with `keySecret`. - KeyFile string `json:"keyFile,omitempty"` - // Path to the TLS certificate file in the Prometheus container for the server. - // Mutually exclusive with `cert`. - CertFile string `json:"certFile,omitempty"` - // Path to the CA certificate file for client certificate authentication to the server. - // Mutually exclusive with `client_ca`. - ClientCAFile string `json:"clientCAFile,omitempty"` } // Validate returns an error if one of the WebTLSConfig fields is invalid. @@ -408,36 +463,33 @@ func (c *WebTLSConfig) Validate() error { } if c.ClientCA != (SecretOrConfigMap{}) { - if c.ClientCAFile != "" { + if c.ClientCAFile != nil && *c.ClientCAFile != "" { return errors.New("cannot specify both clientCAFile and clientCA") } if err := c.ClientCA.Validate(); err != nil { - return fmt.Errorf("invalid web tls config: %s", err.Error()) + return fmt.Errorf("invalid client CA: %w", err) } } if c.Cert != (SecretOrConfigMap{}) { - if c.CertFile != "" { + if c.CertFile != nil && *c.CertFile != "" { return errors.New("cannot specify both cert and certFile") } if err := c.Cert.Validate(); err != nil { - return fmt.Errorf("invalid web tls config: %s", err.Error()) + return fmt.Errorf("invalid TLS certificate: %w", err) } } - if c.KeyFile != "" && c.KeySecret != (v1.SecretKeySelector{}) { + if c.KeyFile != nil && *c.KeyFile != "" && c.KeySecret != (v1.SecretKeySelector{}) { return errors.New("cannot specify both keyFile and keySecret") } - hasCert := c.CertFile != "" || c.Cert != (SecretOrConfigMap{}) - hasKey := c.KeyFile != "" || c.KeySecret != (v1.SecretKeySelector{}) - - if !hasKey { - return errors.New("TLS key must be defined") + if (c.KeyFile == nil || *c.KeyFile == "") && c.KeySecret == (v1.SecretKeySelector{}) { + return errors.New("TLS private key must be defined") } - if !hasCert { + if (c.CertFile == nil || *c.CertFile == "") && c.Cert == (SecretOrConfigMap{}) { return errors.New("TLS certificate must be defined") } @@ -493,6 +545,7 @@ type Endpoint struct { // // If empty, Prometheus uses the global scrape timeout unless it is less // than the target's scrape interval value in which the latter is used. + // The value cannot be greater than the scrape interval otherwise the operator will reject the resource. ScrapeTimeout Duration `json:"scrapeTimeout,omitempty"` // TLS configuration to use when scraping the target. diff --git a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/zz_generated.deepcopy.go b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/zz_generated.deepcopy.go index 3b43680ec4..5627632052 100644 --- a/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1/zz_generated.deepcopy.go @@ -1035,6 +1035,16 @@ func (in *CommonPrometheusFields) DeepCopyInto(out *CommonPrometheusFields) { *out = new(TSDBSpec) (*in).DeepCopyInto(*out) } + if in.ScrapeFailureLogFile != nil { + in, out := &in.ScrapeFailureLogFile, &out.ScrapeFailureLogFile + *out = new(string) + **out = **in + } + if in.ServiceName != nil { + in, out := &in.ServiceName, &out.ServiceName + *out = new(string) + **out = **in + } if in.Runtime != nil { in, out := &in.Runtime, &out.Runtime *out = new(RuntimeConfig) @@ -1560,6 +1570,11 @@ func (in *OTLPConfig) DeepCopyInto(out *OTLPConfig) { *out = new(TranslationStrategyOption) **out = **in } + if in.KeepIdentifyingResourceAttributes != nil { + in, out := &in.KeepIdentifyingResourceAttributes, &out.KeepIdentifyingResourceAttributes + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OTLPConfig. @@ -1775,13 +1790,9 @@ func (in *PodMonitorList) DeepCopyInto(out *PodMonitorList) { in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]*PodMonitor, len(*in)) + *out = make([]PodMonitor, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(PodMonitor) - (*in).DeepCopyInto(*out) - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } } @@ -1911,13 +1922,9 @@ func (in *ProbeList) DeepCopyInto(out *ProbeList) { in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]*Probe, len(*in)) + *out = make([]Probe, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(Probe) - (*in).DeepCopyInto(*out) - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } } @@ -2162,13 +2169,9 @@ func (in *PrometheusList) DeepCopyInto(out *PrometheusList) { in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]*Prometheus, len(*in)) + *out = make([]Prometheus, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(Prometheus) - (*in).DeepCopyInto(*out) - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } } @@ -2223,13 +2226,9 @@ func (in *PrometheusRuleList) DeepCopyInto(out *PrometheusRuleList) { in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]*PrometheusRule, len(*in)) + *out = make([]PrometheusRule, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(PrometheusRule) - (*in).DeepCopyInto(*out) - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } } @@ -2968,6 +2967,11 @@ func (in *ScrapeClass) DeepCopyInto(out *ScrapeClass) { *out = new(bool) **out = **in } + if in.FallbackScrapeProtocol != nil { + in, out := &in.FallbackScrapeProtocol, &out.FallbackScrapeProtocol + *out = new(ScrapeProtocol) + **out = **in + } if in.TLSConfig != nil { in, out := &in.TLSConfig, &out.TLSConfig *out = new(TLSConfig) @@ -3059,13 +3063,9 @@ func (in *ServiceMonitorList) DeepCopyInto(out *ServiceMonitorList) { in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]*ServiceMonitor, len(*in)) + *out = make([]ServiceMonitor, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(ServiceMonitor) - (*in).DeepCopyInto(*out) - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } } @@ -3303,13 +3303,9 @@ func (in *ThanosRulerList) DeepCopyInto(out *ThanosRulerList) { in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]*ThanosRuler, len(*in)) + *out = make([]ThanosRuler, len(*in)) for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(ThanosRuler) - (*in).DeepCopyInto(*out) - } + (*in)[i].DeepCopyInto(&(*out)[i]) } } } @@ -3739,8 +3735,38 @@ func (in *WebHTTPHeaders) DeepCopy() *WebHTTPHeaders { func (in *WebTLSConfig) DeepCopyInto(out *WebTLSConfig) { *out = *in in.Cert.DeepCopyInto(&out.Cert) - in.ClientCA.DeepCopyInto(&out.ClientCA) + if in.CertFile != nil { + in, out := &in.CertFile, &out.CertFile + *out = new(string) + **out = **in + } in.KeySecret.DeepCopyInto(&out.KeySecret) + if in.KeyFile != nil { + in, out := &in.KeyFile, &out.KeyFile + *out = new(string) + **out = **in + } + in.ClientCA.DeepCopyInto(&out.ClientCA) + if in.ClientCAFile != nil { + in, out := &in.ClientCAFile, &out.ClientCAFile + *out = new(string) + **out = **in + } + if in.ClientAuthType != nil { + in, out := &in.ClientAuthType, &out.ClientAuthType + *out = new(string) + **out = **in + } + if in.MinVersion != nil { + in, out := &in.MinVersion, &out.MinVersion + *out = new(string) + **out = **in + } + if in.MaxVersion != nil { + in, out := &in.MaxVersion, &out.MaxVersion + *out = new(string) + **out = **in + } if in.CipherSuites != nil { in, out := &in.CipherSuites, &out.CipherSuites *out = make([]string, len(*in)) diff --git a/vendor/golang.org/x/net/http2/config.go b/vendor/golang.org/x/net/http2/config.go index de58dfb8dc..ca645d9a1a 100644 --- a/vendor/golang.org/x/net/http2/config.go +++ b/vendor/golang.org/x/net/http2/config.go @@ -60,7 +60,7 @@ func configFromServer(h1 *http.Server, h2 *Server) http2Config { return conf } -// configFromServer merges configuration settings from h2 and h2.t1.HTTP2 +// configFromTransport merges configuration settings from h2 and h2.t1.HTTP2 // (the net/http Transport). func configFromTransport(h2 *Transport) http2Config { conf := http2Config{ diff --git a/vendor/golang.org/x/net/http2/config_go124.go b/vendor/golang.org/x/net/http2/config_go124.go index e3784123c8..5b516c55ff 100644 --- a/vendor/golang.org/x/net/http2/config_go124.go +++ b/vendor/golang.org/x/net/http2/config_go124.go @@ -13,7 +13,7 @@ func fillNetHTTPServerConfig(conf *http2Config, srv *http.Server) { fillNetHTTPConfig(conf, srv.HTTP2) } -// fillNetHTTPServerConfig sets fields in conf from tr.HTTP2. +// fillNetHTTPTransportConfig sets fields in conf from tr.HTTP2. func fillNetHTTPTransportConfig(conf *http2Config, tr *http.Transport) { fillNetHTTPConfig(conf, tr.HTTP2) } diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index 090d0e1bdb..b2e2ed3373 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -375,6 +375,7 @@ type ClientConn struct { doNotReuse bool // whether conn is marked to not be reused for any future requests closing bool closed bool + closedOnIdle bool // true if conn was closed for idleness seenSettings bool // true if we've seen a settings frame, false otherwise seenSettingsChan chan struct{} // closed when seenSettings is true or frame reading fails wantSettingsAck bool // we sent a SETTINGS frame and haven't heard back @@ -1089,10 +1090,12 @@ func (cc *ClientConn) idleStateLocked() (st clientConnIdleState) { // If this connection has never been used for a request and is closed, // then let it take a request (which will fail). + // If the conn was closed for idleness, we're racing the idle timer; + // don't try to use the conn. (Issue #70515.) // // This avoids a situation where an error early in a connection's lifetime // goes unreported. - if cc.nextStreamID == 1 && cc.streamsReserved == 0 && cc.closed { + if cc.nextStreamID == 1 && cc.streamsReserved == 0 && cc.closed && !cc.closedOnIdle { st.canTakeNewRequest = true } @@ -1155,6 +1158,7 @@ func (cc *ClientConn) closeIfIdle() { return } cc.closed = true + cc.closedOnIdle = true nextID := cc.nextStreamID // TODO: do clients send GOAWAY too? maybe? Just Close: cc.mu.Unlock() @@ -2434,9 +2438,12 @@ func (rl *clientConnReadLoop) cleanup() { // This avoids a situation where new connections are constantly created, // added to the pool, fail, and are removed from the pool, without any error // being surfaced to the user. - const unusedWaitTime = 5 * time.Second + unusedWaitTime := 5 * time.Second + if cc.idleTimeout > 0 && unusedWaitTime > cc.idleTimeout { + unusedWaitTime = cc.idleTimeout + } idleTime := cc.t.now().Sub(cc.lastActive) - if atomic.LoadUint32(&cc.atomicReused) == 0 && idleTime < unusedWaitTime { + if atomic.LoadUint32(&cc.atomicReused) == 0 && idleTime < unusedWaitTime && !cc.closedOnIdle { cc.idleTimer = cc.t.afterFunc(unusedWaitTime-idleTime, func() { cc.t.connPool().MarkDead(cc) }) diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go index 97cb916f2c..be8c002070 100644 --- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go +++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go @@ -246,6 +246,18 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e return sendfile(outfd, infd, offset, count) } +func Dup3(oldfd, newfd, flags int) error { + if oldfd == newfd || flags&^O_CLOEXEC != 0 { + return EINVAL + } + how := F_DUP2FD + if flags&O_CLOEXEC != 0 { + how = F_DUP2FD_CLOEXEC + } + _, err := fcntl(oldfd, how, newfd) + return err +} + /* * Exposed directly */ diff --git a/vendor/golang.org/x/sys/windows/dll_windows.go b/vendor/golang.org/x/sys/windows/dll_windows.go index 4e613cf633..3ca814f54d 100644 --- a/vendor/golang.org/x/sys/windows/dll_windows.go +++ b/vendor/golang.org/x/sys/windows/dll_windows.go @@ -43,8 +43,8 @@ type DLL struct { // LoadDLL loads DLL file into memory. // // Warning: using LoadDLL without an absolute path name is subject to -// DLL preloading attacks. To safely load a system DLL, use LazyDLL -// with System set to true, or use LoadLibraryEx directly. +// DLL preloading attacks. To safely load a system DLL, use [NewLazySystemDLL], +// or use [LoadLibraryEx] directly. func LoadDLL(name string) (dll *DLL, err error) { namep, err := UTF16PtrFromString(name) if err != nil { @@ -271,6 +271,9 @@ func (d *LazyDLL) NewProc(name string) *LazyProc { } // NewLazyDLL creates new LazyDLL associated with DLL file. +// +// Warning: using NewLazyDLL without an absolute path name is subject to +// DLL preloading attacks. To safely load a system DLL, use [NewLazySystemDLL]. func NewLazyDLL(name string) *LazyDLL { return &LazyDLL{Name: name} } @@ -410,7 +413,3 @@ func loadLibraryEx(name string, system bool) (*DLL, error) { } return &DLL{Name: name, Handle: h}, nil } - -type errString string - -func (s errString) Error() string { return string(s) } diff --git a/vendor/modules.txt b/vendor/modules.txt index d171d95c4d..048e8eb976 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -519,7 +519,7 @@ github.com/pkg/errors # github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 ## explicit github.com/pmezard/go-difflib/difflib -# github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.79.2 +# github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.80.0 ## explicit; go 1.23.0 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1 @@ -781,7 +781,7 @@ go.uber.org/zap/internal/exit go.uber.org/zap/internal/pool go.uber.org/zap/internal/stacktrace go.uber.org/zap/zapcore -# golang.org/x/crypto v0.31.0 +# golang.org/x/crypto v0.32.0 ## explicit; go 1.20 golang.org/x/crypto/argon2 golang.org/x/crypto/blake2b @@ -792,7 +792,7 @@ golang.org/x/crypto/curve25519 ## explicit; go 1.20 golang.org/x/exp/constraints golang.org/x/exp/slices -# golang.org/x/net v0.33.0 +# golang.org/x/net v0.34.0 ## explicit; go 1.18 golang.org/x/net/context golang.org/x/net/html @@ -816,14 +816,14 @@ golang.org/x/oauth2/internal ## explicit; go 1.18 golang.org/x/sync/errgroup golang.org/x/sync/singleflight -# golang.org/x/sys v0.28.0 +# golang.org/x/sys v0.29.0 ## explicit; go 1.18 golang.org/x/sys/cpu golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows golang.org/x/sys/windows/registry -# golang.org/x/term v0.27.0 +# golang.org/x/term v0.28.0 ## explicit; go 1.18 golang.org/x/term # golang.org/x/text v0.21.0