# API Reference Packages: - [monitoring.rhobs/v1alpha1](#monitoringrhobsv1alpha1) - [observability.openshift.io/v1alpha1](#observabilityopenshiftiov1alpha1) # monitoring.rhobs/v1alpha1 Resource Types: - [MonitoringStack](#monitoringstack) - [ThanosQuerier](#thanosquerier) ## MonitoringStack ^{^{[↩ Parent](#monitoringrhobsv1alpha1 )}} MonitoringStack is the Schema for the monitoringstacks API

Name	Type	Description	Required
apiVersion	string	monitoring.rhobs/v1alpha1	true
kind	string	MonitoringStack	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the `metadata` field.	true
spec	object	MonitoringStackSpec is the specification for desired Monitoring Stack	false
status	object	MonitoringStackStatus defines the observed state of MonitoringStack. It should always be reconstructable from the state of the cluster and/or outside world.	false

### MonitoringStack.spec ^{^{[↩ Parent](#monitoringstack)}} MonitoringStackSpec is the specification for desired Monitoring Stack

Name	Type	Description	Required
alertmanagerConfig	object	Define Alertmanager config Default: map[disabled:false]	false
logLevel	enum	Loglevel set log levels of configured components Enum: debug, info, warn, error Default: info	false
namespaceSelector	object	Namespace selector for Monitoring Stack Resources. To monitor everything, set to empty map selector. E.g. namespaceSelector: {}. To monitor resources in the namespace where Monitoring Stack was created in, set to null. E.g. namespaceSelector:.	false
nodeSelector	map[string]string	Define node selector for Monitoring Stack Pods.	false
prometheusConfig	object	Define prometheus config Default: map[replicas:2]	false
resourceSelector	object	Label selector for Monitoring Stack Resources. To monitor everything, set to empty map selector. E.g. resourceSelector: {}. To disable service discovery, set to null. E.g. resourceSelector:.	false
resources	object	Define resources requests and limits for Monitoring Stack Pods. Default: map[limits:map[cpu:500m memory:512Mi] requests:map[cpu:100m memory:256Mi]]	false
retention	string	Time duration to retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms\|s\|m\|h\|d\|w\|y)` (milliseconds seconds minutes hours days weeks years). Default: 120h	false
tolerations	[]object	Define tolerations for Monitoring Stack Pods.	false

### MonitoringStack.spec.alertmanagerConfig ^{^{[↩ Parent](#monitoringstackspec)}} Define Alertmanager config

Name	Type	Description	Required
disabled	boolean	Disables the deployment of Alertmanager. Default: false	false
webTLSConfig	object	Configure TLS options for the Alertmanager web server.	false

### MonitoringStack.spec.alertmanagerConfig.webTLSConfig ^{^{[↩ Parent](#monitoringstackspecalertmanagerconfig)}} Configure TLS options for the Alertmanager web server.

Name	Type	Description	Required
certificate	object	Reference to the TLS public certificate for the web server.	true
certificateAuthority	object	Reference to the root Certificate Authority used to verify the web server's certificate.	true
privateKey	object	Reference to the TLS private key for the web server.	true

### MonitoringStack.spec.alertmanagerConfig.webTLSConfig.certificate ^{^{[↩ Parent](#monitoringstackspecalertmanagerconfigwebtlsconfig)}} Reference to the TLS public certificate for the web server.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	The name of the secret in the object's namespace to select from.	true

### MonitoringStack.spec.alertmanagerConfig.webTLSConfig.certificateAuthority ^{^{[↩ Parent](#monitoringstackspecalertmanagerconfigwebtlsconfig)}} Reference to the root Certificate Authority used to verify the web server's certificate.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	The name of the secret in the object's namespace to select from.	true

### MonitoringStack.spec.alertmanagerConfig.webTLSConfig.privateKey ^{^{[↩ Parent](#monitoringstackspecalertmanagerconfigwebtlsconfig)}} Reference to the TLS private key for the web server.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	The name of the secret in the object's namespace to select from.	true

### MonitoringStack.spec.namespaceSelector ^{^{[↩ Parent](#monitoringstackspec)}} Namespace selector for Monitoring Stack Resources. To monitor everything, set to empty map selector. E.g. namespaceSelector: {}. To monitor resources in the namespace where Monitoring Stack was created in, set to null. E.g. namespaceSelector:.

Name	Type	Description	Required
matchExpressions	[]object	matchExpressions is a list of label selector requirements. The requirements are ANDed.	false
matchLabels	map[string]string	matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.	false

### MonitoringStack.spec.namespaceSelector.matchExpressions[index] ^{^{[↩ Parent](#monitoringstackspecnamespaceselector)}} A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Name	Type	Description	Required
key	string	key is the label key that the selector applies to.	true
operator	string	operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.	true
values	[]string	values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.	false

### MonitoringStack.spec.prometheusConfig ^{^{[↩ Parent](#monitoringstackspec)}} Define prometheus config

Name	Type	Description	Required
enableOtlpHttpReceiver	boolean	Enable Prometheus to accept OpenTelemetry Metrics via the otlp/http protocol. Defaults to the value of `false`. The resulting endpoint is /api/v1/otlp/v1/metrics.	false
enableRemoteWriteReceiver	boolean	Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. Defaults to the value of `false`.	false
externalLabels	map[string]string	Define ExternalLabels for prometheus	false
persistentVolumeClaim	object	Define persistent volume claim for prometheus	false
remoteWrite	[]object	Define remote write for prometheus	false
replicas	integer	Number of replicas/pods to deploy for a Prometheus deployment. Format: int32 Default: 2 Minimum: 0	false
scrapeInterval	string	Default interval between scrapes.	false
webTLSConfig	object	Configure TLS options for the Prometheus web server.	false

### MonitoringStack.spec.prometheusConfig.persistentVolumeClaim ^{^{[↩ Parent](#monitoringstackspecprometheusconfig)}} Define persistent volume claim for prometheus

Name	Type	Description	Required
accessModes	[]string	accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1	false
dataSource	object	dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.	false
dataSourceRef	object	dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.	false
resources	object	resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources	false
selector	object	selector is a label query over volumes to consider for binding.	false
storageClassName	string	storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1	false
volumeAttributesClassName	string	volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).	false
volumeMode	string	volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.	false
volumeName	string	volumeName is the binding reference to the PersistentVolume backing this claim.	false

### MonitoringStack.spec.prometheusConfig.persistentVolumeClaim.dataSource ^{^{[↩ Parent](#monitoringstackspecprometheusconfigpersistentvolumeclaim)}} dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.

Name	Type	Description	Required
kind	string	Kind is the type of resource being referenced	true
name	string	Name is the name of resource being referenced	true
apiGroup	string	APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.	false

### MonitoringStack.spec.prometheusConfig.persistentVolumeClaim.dataSourceRef ^{^{[↩ Parent](#monitoringstackspecprometheusconfigpersistentvolumeclaim)}} dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.

Name	Type	Description	Required
kind	string	Kind is the type of resource being referenced	true
name	string	Name is the name of resource being referenced	true
apiGroup	string	APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.	false
namespace	string	Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.	false

### MonitoringStack.spec.prometheusConfig.persistentVolumeClaim.resources ^{^{[↩ Parent](#monitoringstackspecprometheusconfigpersistentvolumeclaim)}} resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources

Name	Type	Description	Required
limits	map[string]int or string	Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/	false
requests	map[string]int or string	Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/	false

### MonitoringStack.spec.prometheusConfig.persistentVolumeClaim.selector ^{^{[↩ Parent](#monitoringstackspecprometheusconfigpersistentvolumeclaim)}} selector is a label query over volumes to consider for binding.

Name	Type	Description	Required
matchExpressions	[]object	matchExpressions is a list of label selector requirements. The requirements are ANDed.	false
matchLabels	map[string]string	matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.	false

### MonitoringStack.spec.prometheusConfig.persistentVolumeClaim.selector.matchExpressions[index] ^{^{[↩ Parent](#monitoringstackspecprometheusconfigpersistentvolumeclaimselector)}} A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Name	Type	Description	Required
key	string	key is the label key that the selector applies to.	true
operator	string	operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.	true
values	[]string	values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index] ^{^{[↩ Parent](#monitoringstackspecprometheusconfig)}} RemoteWriteSpec defines the configuration to write samples from Prometheus to a remote endpoint.

Name	Type	Description	Required
url	string	The URL of the endpoint to send samples to.	true
authorization	object	Authorization section for the URL. It requires Prometheus >= v2.26.0. Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`.	false
azureAd	object	AzureAD for the URL. It requires Prometheus >= v2.45.0. Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`.	false
basicAuth	object	BasicAuth configuration for the URL. Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`.	false
bearerToken	string	Warning: this field shouldn't be used because the token value appears in clear-text. Prefer using `authorization`. Deprecated: this will be removed in a future release.	false
bearerTokenFile	string	File from which to read bearer token for the URL. Deprecated: this will be removed in a future release. Prefer using `authorization`.	false
enableHTTP2	boolean	Whether to enable HTTP2.	false
followRedirects	boolean	Configure whether HTTP requests follow HTTP 3xx redirects. It requires Prometheus >= v2.26.0.	false
headers	map[string]string	Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. It requires Prometheus >= v2.25.0.	false
messageVersion	enum	The Remote Write message's version to use when writing to the endpoint. `Version1.0` corresponds to the `prometheus.WriteRequest` protobuf message introduced in Remote Write 1.0. `Version2.0` corresponds to the `io.prometheus.write.v2.Request` protobuf message introduced in Remote Write 2.0. When `Version2.0` is selected, Prometheus will automatically be configured to append the metadata of scraped metrics to the WAL. Before setting this field, consult with your remote storage provider what message version it supports. It requires Prometheus >= v2.54.0. Enum: V1.0, V2.0	false
metadataConfig	object	MetadataConfig configures the sending of series metadata to the remote storage.	false
name	string	The name of the remote write queue, it must be unique if specified. The name is used in metrics and logging in order to differentiate queues. It requires Prometheus >= v2.15.0.	false
noProxy	string	`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.	false
oauth2	object	OAuth2 configuration for the URL. It requires Prometheus >= v2.27.0. Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`.	false
proxyConnectHeader	map[string][]object	ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.	false
proxyFromEnvironment	boolean	Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.	false
proxyUrl	string	`proxyURL` defines the HTTP proxy server to use.	false
queueConfig	object	QueueConfig allows tuning of the remote write queue parameters.	false
remoteTimeout	string	Timeout for requests to the remote write endpoint.	false
sendExemplars	boolean	Enables sending of exemplars over remote write. Note that exemplar-storage itself must be enabled using the `spec.enableFeatures` option for exemplars to be scraped in the first place. It requires Prometheus >= v2.27.0.	false
sendNativeHistograms	boolean	Enables sending of native histograms, also known as sparse histograms over remote write. It requires Prometheus >= v2.40.0.	false
sigv4	object	Sigv4 allows to configures AWS's Signature Verification 4 for the URL. It requires Prometheus >= v2.26.0. Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`.	false
tlsConfig	object	TLS Config to use for the URL.	false
writeRelabelConfigs	[]object	The list of remote write relabel configurations.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].authorization ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindex)}} Authorization section for the URL. It requires Prometheus >= v2.26.0. Cannot be set at the same time as `sigv4`, `basicAuth`, `oauth2`, or `azureAd`.

Name	Type	Description	Required
credentials	object	Selects a key of a Secret in the namespace that contains the credentials for authentication.	false
credentialsFile	string	File to read a secret from, mutually exclusive with `credentials`.	false
type	string	Defines the authentication type. The value is case-insensitive. "Basic" is not a supported value. Default: "Bearer"	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].authorization.credentials ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexauthorization)}} Selects a key of a Secret in the namespace that contains the credentials for authentication.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].azureAd ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindex)}} AzureAD for the URL. It requires Prometheus >= v2.45.0. Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `sigv4`.

Name	Type	Description	Required
cloud	enum	The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'. Enum: AzureChina, AzureGovernment, AzurePublic	false
managedIdentity	object	ManagedIdentity defines the Azure User-assigned Managed identity. Cannot be set at the same time as `oauth` or `sdk`.	false
oauth	object	OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity` or `sdk`. It requires Prometheus >= v2.48.0.	false
sdk	object	SDK defines the Azure SDK config that is being used to authenticate. See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as `oauth` or `managedIdentity`. It requires Prometheus >= 2.52.0.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].azureAd.managedIdentity ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexazuread)}} ManagedIdentity defines the Azure User-assigned Managed identity. Cannot be set at the same time as `oauth` or `sdk`.

Name	Type	Description	Required
clientId	string	The client id	true

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].azureAd.oauth ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexazuread)}} OAuth defines the oauth config that is being used to authenticate. Cannot be set at the same time as `managedIdentity` or `sdk`. It requires Prometheus >= v2.48.0.

Name	Type	Description	Required
clientId	string	`clientID` is the clientId of the Azure Active Directory application that is being used to authenticate.	true
clientSecret	object	`clientSecret` specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate.	true
tenantId	string	`tenantId` is the tenant ID of the Azure Active Directory application that is being used to authenticate.	true

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].azureAd.oauth.clientSecret ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexazureadoauth)}} `clientSecret` specifies a key of a Secret containing the client secret of the Azure Active Directory application that is being used to authenticate.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].azureAd.sdk ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexazuread)}} SDK defines the Azure SDK config that is being used to authenticate. See https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication Cannot be set at the same time as `oauth` or `managedIdentity`. It requires Prometheus >= 2.52.0.

Name	Type	Description	Required
tenantId	string	`tenantId` is the tenant ID of the azure active directory application that is being used to authenticate.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].basicAuth ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindex)}} BasicAuth configuration for the URL. Cannot be set at the same time as `sigv4`, `authorization`, `oauth2`, or `azureAd`.

Name	Type	Description	Required
password	object	`password` specifies a key of a Secret containing the password for authentication.	false
username	object	`username` specifies a key of a Secret containing the username for authentication.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].basicAuth.password ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexbasicauth)}} `password` specifies a key of a Secret containing the password for authentication.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].basicAuth.username ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexbasicauth)}} `username` specifies a key of a Secret containing the username for authentication.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].metadataConfig ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindex)}} MetadataConfig configures the sending of series metadata to the remote storage.

Name	Type	Description	Required
send	boolean	Defines whether metric metadata is sent to the remote storage or not.	false
sendInterval	string	Defines how frequently metric metadata is sent to the remote storage.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2 ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindex)}} OAuth2 configuration for the URL. It requires Prometheus >= v2.27.0. Cannot be set at the same time as `sigv4`, `authorization`, `basicAuth`, or `azureAd`.

Name	Type	Description	Required
clientId	object	`clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.	true
clientSecret	object	`clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.	true
tokenUrl	string	`tokenURL` configures the URL to fetch the token from.	true
endpointParams	map[string]string	`endpointParams` configures the HTTP parameters to append to the token URL.	false
noProxy	string	`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names that should be excluded from proxying. IP and domain names can contain port numbers. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.	false
proxyConnectHeader	map[string][]object	ProxyConnectHeader optionally specifies headers to send to proxies during CONNECT requests. It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.	false
proxyFromEnvironment	boolean	Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0.	false
proxyUrl	string	`proxyURL` defines the HTTP proxy server to use.	false
scopes	[]string	`scopes` defines the OAuth2 scopes used for the token request.	false
tlsConfig	object	TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.clientId ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexoauth2)}} `clientId` specifies a key of a Secret or ConfigMap containing the OAuth2 client's ID.

Name	Type	Description	Required
configMap	object	ConfigMap containing data to use for the targets.	false
secret	object	Secret containing data to use for the targets.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.clientId.configMap ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexoauth2clientid)}} ConfigMap containing data to use for the targets.

Name	Type	Description	Required
key	string	The key to select.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the ConfigMap or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.clientId.secret ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexoauth2clientid)}} Secret containing data to use for the targets.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.clientSecret ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexoauth2)}} `clientSecret` specifies a key of a Secret containing the OAuth2 client's secret.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.proxyConnectHeader[key][index] ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexoauth2)}} SecretKeySelector selects a key of a Secret.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexoauth2)}} TLS configuration to use when connecting to the OAuth2 server. It requires Prometheus >= v2.43.0.

Name	Type	Description	Required
ca	object	Certificate authority used when verifying server certificates.	false
cert	object	Client certificate to present when doing client-authentication.	false
insecureSkipVerify	boolean	Disable target certificate validation.	false
keySecret	object	Secret containing the client key file for the targets.	false
maxVersion	enum	Maximum acceptable TLS version. It requires Prometheus >= v2.41.0. Enum: TLS10, TLS11, TLS12, TLS13	false
minVersion	enum	Minimum acceptable TLS version. It requires Prometheus >= v2.35.0. Enum: TLS10, TLS11, TLS12, TLS13	false
serverName	string	Used to verify the hostname for the targets.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig.ca ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexoauth2tlsconfig)}} Certificate authority used when verifying server certificates.

Name	Type	Description	Required
configMap	object	ConfigMap containing data to use for the targets.	false
secret	object	Secret containing data to use for the targets.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig.ca.configMap ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexoauth2tlsconfigca)}} ConfigMap containing data to use for the targets.

Name	Type	Description	Required
key	string	The key to select.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the ConfigMap or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig.ca.secret ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexoauth2tlsconfigca)}} Secret containing data to use for the targets.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig.cert ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexoauth2tlsconfig)}} Client certificate to present when doing client-authentication.

Name	Type	Description	Required
configMap	object	ConfigMap containing data to use for the targets.	false
secret	object	Secret containing data to use for the targets.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig.cert.configMap ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexoauth2tlsconfigcert)}} ConfigMap containing data to use for the targets.

Name	Type	Description	Required
key	string	The key to select.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the ConfigMap or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig.cert.secret ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexoauth2tlsconfigcert)}} Secret containing data to use for the targets.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].oauth2.tlsConfig.keySecret ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexoauth2tlsconfig)}} Secret containing the client key file for the targets.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].proxyConnectHeader[key][index] ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindex)}} SecretKeySelector selects a key of a Secret.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].queueConfig ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindex)}} QueueConfig allows tuning of the remote write queue parameters.

Name	Type	Description	Required
batchSendDeadline	string	BatchSendDeadline is the maximum time a sample will wait in buffer.	false
capacity	integer	Capacity is the number of samples to buffer per shard before we start dropping them.	false
maxBackoff	string	MaxBackoff is the maximum retry delay.	false
maxRetries	integer	MaxRetries is the maximum number of times to retry a batch on recoverable errors.	false
maxSamplesPerSend	integer	MaxSamplesPerSend is the maximum number of samples per send.	false
maxShards	integer	MaxShards is the maximum number of shards, i.e. amount of concurrency.	false
minBackoff	string	MinBackoff is the initial retry delay. Gets doubled for every retry.	false
minShards	integer	MinShards is the minimum number of shards, i.e. amount of concurrency.	false
retryOnRateLimit	boolean	Retry upon receiving a 429 status code from the remote-write storage. This is an experimental feature, it may change in any upcoming release in a breaking way.	false
sampleAgeLimit	string	SampleAgeLimit drops samples older than the limit. It requires Prometheus >= v2.50.0.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].sigv4 ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindex)}} Sigv4 allows to configures AWS's Signature Verification 4 for the URL. It requires Prometheus >= v2.26.0. Cannot be set at the same time as `authorization`, `basicAuth`, `oauth2`, or `azureAd`.

Name	Type	Description	Required
accessKey	object	AccessKey is the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used.	false
profile	string	Profile is the named AWS profile used to authenticate.	false
region	string	Region is the AWS region. If blank, the region from the default credentials chain used.	false
roleArn	string	RoleArn is the named AWS profile used to authenticate.	false
secretKey	object	SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].sigv4.accessKey ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexsigv4)}} AccessKey is the AWS API key. If not specified, the environment variable `AWS_ACCESS_KEY_ID` is used.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].sigv4.secretKey ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindexsigv4)}} SecretKey is the AWS API secret. If not specified, the environment variable `AWS_SECRET_ACCESS_KEY` is used.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindex)}} TLS Config to use for the URL.

Name	Type	Description	Required
ca	object	Certificate authority used when verifying server certificates.	false
caFile	string	Path to the CA cert in the Prometheus container to use for the targets.	false
cert	object	Client certificate to present when doing client-authentication.	false
certFile	string	Path to the client cert file in the Prometheus container for the targets.	false
insecureSkipVerify	boolean	Disable target certificate validation.	false
keyFile	string	Path to the client key file in the Prometheus container for the targets.	false
keySecret	object	Secret containing the client key file for the targets.	false
maxVersion	enum	Maximum acceptable TLS version. It requires Prometheus >= v2.41.0. Enum: TLS10, TLS11, TLS12, TLS13	false
minVersion	enum	Minimum acceptable TLS version. It requires Prometheus >= v2.35.0. Enum: TLS10, TLS11, TLS12, TLS13	false
serverName	string	Used to verify the hostname for the targets.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig.ca ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindextlsconfig)}} Certificate authority used when verifying server certificates.

Name	Type	Description	Required
configMap	object	ConfigMap containing data to use for the targets.	false
secret	object	Secret containing data to use for the targets.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig.ca.configMap ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindextlsconfigca)}} ConfigMap containing data to use for the targets.

Name	Type	Description	Required
key	string	The key to select.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the ConfigMap or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig.ca.secret ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindextlsconfigca)}} Secret containing data to use for the targets.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig.cert ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindextlsconfig)}} Client certificate to present when doing client-authentication.

Name	Type	Description	Required
configMap	object	ConfigMap containing data to use for the targets.	false
secret	object	Secret containing data to use for the targets.	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig.cert.configMap ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindextlsconfigcert)}} ConfigMap containing data to use for the targets.

Name	Type	Description	Required
key	string	The key to select.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the ConfigMap or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig.cert.secret ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindextlsconfigcert)}} Secret containing data to use for the targets.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].tlsConfig.keySecret ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindextlsconfig)}} Secret containing the client key file for the targets.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

### MonitoringStack.spec.prometheusConfig.remoteWrite[index].writeRelabelConfigs[index] ^{^{[↩ Parent](#monitoringstackspecprometheusconfigremotewriteindex)}} RelabelConfig allows dynamic rewriting of the label set for targets, alerts, scraped samples and remote write samples. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config

Name	Type	Description	Required
action	enum	Action to perform based on the regex matching. `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. Default: "Replace" Enum: replace, Replace, keep, Keep, drop, Drop, hashmod, HashMod, labelmap, LabelMap, labeldrop, LabelDrop, labelkeep, LabelKeep, lowercase, Lowercase, uppercase, Uppercase, keepequal, KeepEqual, dropequal, DropEqual Default: replace	false
modulus	integer	Modulus to take of the hash of the source label values. Only applicable when the action is `HashMod`. Format: int64	false
regex	string	Regular expression against which the extracted value is matched.	false
replacement	string	Replacement value against which a Replace action is performed if the regular expression matches. Regex capture groups are available.	false
separator	string	Separator is the string between concatenated SourceLabels.	false
sourceLabels	[]string	The source labels select values from existing labels. Their content is concatenated using the configured Separator and matched against the configured regular expression.	false
targetLabel	string	Label to which the resulting string is written in a replacement. It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, `KeepEqual` and `DropEqual` actions. Regex capture groups are available.	false

### MonitoringStack.spec.prometheusConfig.webTLSConfig ^{^{[↩ Parent](#monitoringstackspecprometheusconfig)}} Configure TLS options for the Prometheus web server.

Name	Type	Description	Required
certificate	object	Reference to the TLS public certificate for the web server.	true
certificateAuthority	object	Reference to the root Certificate Authority used to verify the web server's certificate.	true
privateKey	object	Reference to the TLS private key for the web server.	true

### MonitoringStack.spec.prometheusConfig.webTLSConfig.certificate ^{^{[↩ Parent](#monitoringstackspecprometheusconfigwebtlsconfig)}} Reference to the TLS public certificate for the web server.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	The name of the secret in the object's namespace to select from.	true

### MonitoringStack.spec.prometheusConfig.webTLSConfig.certificateAuthority ^{^{[↩ Parent](#monitoringstackspecprometheusconfigwebtlsconfig)}} Reference to the root Certificate Authority used to verify the web server's certificate.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	The name of the secret in the object's namespace to select from.	true

### MonitoringStack.spec.prometheusConfig.webTLSConfig.privateKey ^{^{[↩ Parent](#monitoringstackspecprometheusconfigwebtlsconfig)}} Reference to the TLS private key for the web server.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	The name of the secret in the object's namespace to select from.	true

### MonitoringStack.spec.resourceSelector ^{^{[↩ Parent](#monitoringstackspec)}} Label selector for Monitoring Stack Resources. To monitor everything, set to empty map selector. E.g. resourceSelector: {}. To disable service discovery, set to null. E.g. resourceSelector:.

Name	Type	Description	Required
matchExpressions	[]object	matchExpressions is a list of label selector requirements. The requirements are ANDed.	false
matchLabels	map[string]string	matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.	false

### MonitoringStack.spec.resourceSelector.matchExpressions[index] ^{^{[↩ Parent](#monitoringstackspecresourceselector)}} A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Name	Type	Description	Required
key	string	key is the label key that the selector applies to.	true
operator	string	operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.	true
values	[]string	values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.	false

### MonitoringStack.spec.resources ^{^{[↩ Parent](#monitoringstackspec)}} Define resources requests and limits for Monitoring Stack Pods.

Name	Type	Description	Required
claims	[]object	Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.	false
limits	map[string]int or string	Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/	false
requests	map[string]int or string	Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/	false

### MonitoringStack.spec.resources.claims[index] ^{^{[↩ Parent](#monitoringstackspecresources)}} ResourceClaim references one entry in PodSpec.ResourceClaims.

Name	Type	Description	Required
name	string	Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.	true
request	string	Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.	false

### MonitoringStack.spec.tolerations[index] ^{^{[↩ Parent](#monitoringstackspec)}} The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .

Name	Type	Description	Required
effect	string	Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.	false
key	string	Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.	false
operator	string	Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.	false
tolerationSeconds	integer	TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. Format: int64	false
value	string	Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.	false

### MonitoringStack.status ^{^{[↩ Parent](#monitoringstack)}} MonitoringStackStatus defines the observed state of MonitoringStack. It should always be reconstructable from the state of the cluster and/or outside world.

Name	Type	Description	Required
conditions	[]object	Conditions provide status information about the MonitoringStack	true

### MonitoringStack.status.conditions[index] ^{^{[↩ Parent](#monitoringstackstatus)}}

Name	Type	Description	Required
lastTransitionTime	string	lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. Format: date-time	true
message	string	message is a human readable message indicating details about the transition. This may be an empty string.	true
reason	string	reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.	true
status	enum	status of the condition Enum: True, False, Unknown, Degraded	true
type	string	type of condition in CamelCase or in foo.example.com/CamelCase. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)	true
observedGeneration	integer	observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. Format: int64 Minimum: 0	false

## ThanosQuerier ^{^{[↩ Parent](#monitoringrhobsv1alpha1 )}} ThanosQuerier outlines the Thanos querier components, managed by this stack

Name	Type	Description	Required
apiVersion	string	monitoring.rhobs/v1alpha1	true
kind	string	ThanosQuerier	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the `metadata` field.	true
spec	object	ThanosQuerierSpec defines a single Thanos Querier instance. This means a label selector by which Monitoring Stack instances to query are selected, and an optional namespace selector and a list of replica labels by which to deduplicate.	false
status	object	ThanosQuerierStatus defines the observed state of ThanosQuerier. It should always be reconstructable from the state of the cluster and/or outside world.	false

### ThanosQuerier.spec ^{^{[↩ Parent](#thanosquerier)}} ThanosQuerierSpec defines a single Thanos Querier instance. This means a label selector by which Monitoring Stack instances to query are selected, and an optional namespace selector and a list of replica labels by which to deduplicate.

Name	Type	Description	Required
selector	object	Selector to select Monitoring stacks to unify	true
namespaceSelector	object	Selector to select which namespaces the Monitoring Stack objects are discovered from.	false
replicaLabels	[]string		false
webTLSConfig	object	Configure TLS options for the Thanos web server.	false

### ThanosQuerier.spec.selector ^{^{[↩ Parent](#thanosquerierspec)}} Selector to select Monitoring stacks to unify

Name	Type	Description	Required
matchExpressions	[]object	matchExpressions is a list of label selector requirements. The requirements are ANDed.	false
matchLabels	map[string]string	matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.	false

### ThanosQuerier.spec.selector.matchExpressions[index] ^{^{[↩ Parent](#thanosquerierspecselector)}} A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Name	Type	Description	Required
key	string	key is the label key that the selector applies to.	true
operator	string	operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.	true
values	[]string	values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.	false

### ThanosQuerier.spec.namespaceSelector ^{^{[↩ Parent](#thanosquerierspec)}} Selector to select which namespaces the Monitoring Stack objects are discovered from.

Name	Type	Description	Required
any	boolean	Boolean describing whether all namespaces are selected in contrast to a list restricting them.	false
matchNames	[]string	List of namespace names.	false

### ThanosQuerier.spec.webTLSConfig ^{^{[↩ Parent](#thanosquerierspec)}} Configure TLS options for the Thanos web server.

Name	Type	Description	Required
certificate	object	Reference to the TLS public certificate for the web server.	true
certificateAuthority	object	Reference to the root Certificate Authority used to verify the web server's certificate.	true
privateKey	object	Reference to the TLS private key for the web server.	true

### ThanosQuerier.spec.webTLSConfig.certificate ^{^{[↩ Parent](#thanosquerierspecwebtlsconfig)}} Reference to the TLS public certificate for the web server.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	The name of the secret in the object's namespace to select from.	true

### ThanosQuerier.spec.webTLSConfig.certificateAuthority ^{^{[↩ Parent](#thanosquerierspecwebtlsconfig)}} Reference to the root Certificate Authority used to verify the web server's certificate.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	The name of the secret in the object's namespace to select from.	true

### ThanosQuerier.spec.webTLSConfig.privateKey ^{^{[↩ Parent](#thanosquerierspecwebtlsconfig)}} Reference to the TLS private key for the web server.

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	The name of the secret in the object's namespace to select from.	true

# observability.openshift.io/v1alpha1 Resource Types: - [Config](#config) - [SignalManager](#signalmanager) - [UIPlugin](#uiplugin) ## Config ^{^{[↩ Parent](#observabilityopenshiftiov1alpha1 )}} Config defines an observability configuration that can deploy operators and resources for observability signal collectors and stores.

Name	Type	Description	Required
apiVersion	string	observability.openshift.io/v1alpha1	true
kind	string	Config	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the `metadata` field.	true
spec	object	ConfigSpec specifies what to install.	false
status	object	FIXME Status	false

### Config.spec ^{^{[↩ Parent](#config)}} ConfigSpec specifies what to install.

Name	Type	Description	Required
defaultInstall	string	DefaultInstall is the default install type for signals that are not listed or are listed without an `install` field. For example, `{ defaultinstall: Default }` with no `signals` field installs all signal types with default settings.	false
installDefinitions	[]object		false
signals	[]object	Signals specifies what to install for each signal type.	false

### Config.spec.installDefinitions[index] ^{^{[↩ Parent](#configspec)}} InstallDefinitionSpec defines a new installation type.

Name	Type	Description	Required
configMap	string	ConfigMap contains deployment bundles for the install type, with key=signal type. FIXME: which way around? install < signal or signal < install	false
install	string	Name of the installation type.	false

### Config.spec.signals[index] ^{^{[↩ Parent](#configspec)}}

Name	Type	Description	Required
signal	string	Name of this signal type.	true
installType	string	Install type for this signal. Optional, if absent use ..defaultInstall	false
namespace	string	Namespace to install to. Optional, each signal type has a default namespace. A signal can be listed multiple times with different `namespace` values, to install in multiple namespaces.	false

## SignalManager ^{^{[↩ Parent](#observabilityopenshiftiov1alpha1 )}} SignalManager is a custom resource to enable observability in the cluster. Each type of observability signal (logs, metrics, network events, ...) requires operators to be installed and resources created to configure collection, processing, and storage of signal data. The SignalManager automatically installs the operators, custom resource definitions, and resources to enable all the desired observability signals in a cluster with default configurations. This means you can get observability up and running quickly and easily, but still customize the details if and when you need to. ## Pattern A "Pattern" is a named set of configurations for each of the observability signals. Choosing a pattern automatically installs required operators (if needed) _and_ creates working resources so you have complete, working, observability stacks. The following patterns are always available, others may be made available. - Default: Installs operators and resources suitable for the most common use cases. The operator owns and manages the resources, and keeps them in the default state. - Custom: Installs operators, but does not create any live resources. The user can create customized resources, they will not be modified by this operator. - Disabled: Do not install any operators, resource definitions, or resources. Custom patterns can be defined in `spec.patterns`. ## Examples Enable all observability components with default settings. kind: SignalManager spec: pattern: Default Disable all observability components except for logging. kind: SignalManager spec: pattern: Disabled signals: name: Log pattern: Default Enable most components with defaults, install the logging operators, but use custom logging resources (created separately) kind: SignalManager spec: pattern: Default signals: name: log pattern: Custom ## Lifecycle and ownership Ownership of resources depends on the pattern: - None: No operators installed, no resources created or reconciled. - Custom: Operators installed but no resources created. User is free to create resources they are not owned or reconciled by this operator. - Default, or any other defined configuration: This operator creates, owns, and reconciles resources to keep them consistent with the chosen pattern. FIXME: Operator may reconcile only part of the resource and allow user to tweak other parts. Needs consideration. COO already uses server-side-apply to do this in some cases. FIXME: Patterns may need to be "parameterized" e.g. with sizing data. How to include such parameters without duplicating existing CRs? FIXME: Define behavior on spec changes: deleting, re-creating, updating resources. Change to Custom should leave resources in place so user can eddit. What to do on change _from_ Custom?

Name	Type	Description	Required
apiVersion	string	observability.openshift.io/v1alpha1	true
kind	string	SignalManager	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the `metadata` field.	true
spec	object	Lists signals and the pattern to deploy them.	false
status	object	Status of the signal manager.	false

### SignalManager.spec ^{^{[↩ Parent](#signalmanager)}} Lists signals and the pattern to deploy them.

Name	Type	Description	Required
pattern	string	The default pattern for signals that are not listed or have no `pattern` field.	true
patterns	[]object	Patterns is a list of custom pattern definitions.	false
signals	[]object	Signals is a list of signal types with the desired pattern.	false

### SignalManager.spec.patterns[index] ^{^{[↩ Parent](#signalmanagerspec)}} PatternSpec defines a custom pattern. on the cluster. Simplest format is a flat YAML file, but we may need more structure to store kustomize scripts, multi-stage deployments, health checks, metadata etc.... Possible storage formats: ConfigMap, PersistentVolume, container image... Patterns should also be usable directly, without depending on this API. Preferably using only kubectl and kustomize.

Name	Type	Description	Required
pattern	string	Name of the pattern.	true

### SignalManager.spec.signals[index] ^{^{[↩ Parent](#signalmanagerspec)}}

Name	Type	Description	Required
name	string	Signal name	true
namespace	string	Namespace to install to. Optional, each signal type has a default namespace.	false
pattern	string	Pattern for this signal. Optional, if absent use the 'Default' pattern.	false

## UIPlugin ^{^{[↩ Parent](#observabilityopenshiftiov1alpha1 )}} UIPlugin defines an observability console plugin.

Name	Type	Description	Required
apiVersion	string	observability.openshift.io/v1alpha1	true
kind	string	UIPlugin	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the `metadata` field.	true
spec	object	UIPluginSpec is the specification for desired state of UIPlugin.	false
status	object	UIPluginStatus defines the observed state of UIPlugin. It should always be reconstructable from the state of the cluster and/or outside world.	false

### UIPlugin.spec ^{^{[↩ Parent](#uiplugin)}} UIPluginSpec is the specification for desired state of UIPlugin.

Name	Type	Description	Required
type	enum	Type defines the UI plugin. Enum: Dashboards, TroubleshootingPanel, DistributedTracing, Logging, Monitoring	true
deployment	object	Deployment allows customizing aspects of the generated deployment hosting the UI Plugin.	false
distributedTracing	object	DistributedTracing contains configuration for the distributed tracing console plugin.	false
logging	object	Logging contains configuration for the logging console plugin. It only applies to UIPlugin Type: Logging.	false
monitoring	object	Monitoring contains configuration for the monitoring console plugin.	false
troubleshootingPanel	object	TroubleshootingPanel contains configuration for the troubleshooting console plugin.	false

### UIPlugin.spec.deployment ^{^{[↩ Parent](#uipluginspec)}} Deployment allows customizing aspects of the generated deployment hosting the UI Plugin.

Name	Type	Description	Required
nodeSelector	map[string]string	Define a label-selector for nodes which the Pods should be scheduled on. When no selector is specified it will default to a value only selecting Linux nodes ("kubernetes.io/os=linux").	false
tolerations	[]object	Define the tolerations used for the deployment.	false

### UIPlugin.spec.deployment.tolerations[index] ^{^{[↩ Parent](#uipluginspecdeployment)}} The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .

Name	Type	Description	Required
effect	string	Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.	false
key	string	Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.	false
operator	string	Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.	false
tolerationSeconds	integer	TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. Format: int64	false
value	string	Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.	false

### UIPlugin.spec.distributedTracing ^{^{[↩ Parent](#uipluginspec)}} DistributedTracing contains configuration for the distributed tracing console plugin.

Name	Type	Description	Required
timeout	string	Timeout is the maximum duration before a query timeout. The value is expected to be a sequence of digits followed by a unit suffix, which can be 's' (seconds) or 'm' (minutes).	false

### UIPlugin.spec.logging ^{^{[↩ Parent](#uipluginspec)}} Logging contains configuration for the logging console plugin. It only applies to UIPlugin Type: Logging.

Name	Type	Description	Required
logsLimit	integer	LogsLimit is the max number of entries returned for a query. Format: int32 Minimum: 0	false
lokiStack	object	LokiStack points to the LokiStack instance of which logs should be displayed. It always references a LokiStack in the "openshift-logging" namespace.	false
timeout	string	Timeout is the maximum duration before a query timeout. The value is expected to be a sequence of digits followed by an optional unit suffix, which can be 's' (seconds) or 'm' (minutes). If the unit is omitted, it defaults to seconds.	false

### UIPlugin.spec.logging.lokiStack ^{^{[↩ Parent](#uipluginspeclogging)}} LokiStack points to the LokiStack instance of which logs should be displayed. It always references a LokiStack in the "openshift-logging" namespace.

Name	Type	Description	Required
name	string	Name of the LokiStack resource.	false
namespace	string		false

### UIPlugin.spec.monitoring ^{^{[↩ Parent](#uipluginspec)}} Monitoring contains configuration for the monitoring console plugin.

Name	Type	Description	Required
acm	object	ACM points to the alertmanager and thanosQuerier instance services of which it should create a proxy to.	false
incidents	object	Incidents feature flag enablement	false
perses	object	Perses points to the perses instance service of which it should create a proxy to.	false

### UIPlugin.spec.monitoring.acm ^{^{[↩ Parent](#uipluginspecmonitoring)}} ACM points to the alertmanager and thanosQuerier instance services of which it should create a proxy to.

Name	Type	Description	Required
alertmanager	object	Alertmanager points to the alertmanager instance of which it should create a proxy to.	true
enabled	boolean	Indicates if ACM-related feature(s) should be enabled	true
thanosQuerier	object	ThanosQuerier points to the thanos-querier service of which it should create a proxy to.	true

### UIPlugin.spec.monitoring.acm.alertmanager ^{^{[↩ Parent](#uipluginspecmonitoringacm)}} Alertmanager points to the alertmanager instance of which it should create a proxy to.

Name	Type	Description	Required
url	string	Url of the Alertmanager to proxy to.	true

### UIPlugin.spec.monitoring.acm.thanosQuerier ^{^{[↩ Parent](#uipluginspecmonitoringacm)}} ThanosQuerier points to the thanos-querier service of which it should create a proxy to.

Name	Type	Description	Required
url	string	Url of the ThanosQuerier to proxy to.	true

### UIPlugin.spec.monitoring.incidents ^{^{[↩ Parent](#uipluginspecmonitoring)}} Incidents feature flag enablement

Name	Type	Description	Required
enabled	boolean	Indicates if incidents-related feature(s) should be enabled.	true

### UIPlugin.spec.monitoring.perses ^{^{[↩ Parent](#uipluginspecmonitoring)}} Perses points to the perses instance service of which it should create a proxy to.

Name	Type	Description	Required
enabled	boolean	Indicates if perses-related feature(s) should be enabled	true

### UIPlugin.spec.troubleshootingPanel ^{^{[↩ Parent](#uipluginspec)}} TroubleshootingPanel contains configuration for the troubleshooting console plugin.

Name	Type	Description	Required
timeout	string	Timeout is the maximum duration before a query timeout. The value is expected to be a sequence of digits followed by a unit suffix, which can be 's' (seconds) or 'm' (minutes).	false

### UIPlugin.status ^{^{[↩ Parent](#uiplugin)}} UIPluginStatus defines the observed state of UIPlugin. It should always be reconstructable from the state of the cluster and/or outside world.

Name	Type	Description	Required
conditions	[]object	Conditions provide status information about the plugin.	true

### UIPlugin.status.conditions[index] ^{^{[↩ Parent](#uipluginstatus)}}

Name	Type	Description	Required
lastTransitionTime	string	lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. Format: date-time	true
message	string	message is a human readable message indicating details about the transition. This may be an empty string.	true
reason	string	reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.	true
status	enum	status of the condition Enum: True, False, Unknown, Degraded	true
type	string	type of condition in CamelCase or in foo.example.com/CamelCase. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)	true
observedGeneration	integer	observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. Format: int64 Minimum: 0	false