From a647eb4e8baa1a8ed32c4625a7fc673c28f9947a Mon Sep 17 00:00:00 2001 From: PeterYurkovich Date: Thu, 12 Jun 2025 14:24:09 -0400 Subject: [PATCH 1/7] feat: update perses to include rbac Signed-off-by: Gabriel Bernal Signed-off-by: PeterYurkovich --- Makefile | 2 +- ...bility-operator.clusterserviceversion.yaml | 4 +- bundle/manifests/perses.dev_perses.yaml | 798 ++++++++++++------ .../perses.dev_persesdashboards.yaml | 2 + .../perses.dev_persesdatasources.yaml | 108 ++- .../manifests/perses_v1_serviceaccount.yaml | 5 + cmd/operator/main.go | 2 +- deploy/operator/kustomization.yaml | 2 +- deploy/perses/crds/perses.dev_perses.yaml | 798 ++++++++++++------ .../crds/perses.dev_persesdashboards.yaml | 2 + .../crds/perses.dev_persesdatasources.yaml | 108 ++- deploy/perses/perses-operator-deployment.yaml | 2 +- go.mod | 86 +- go.sum | 208 +++-- pkg/controllers/uiplugin/accelerators.go | 26 +- pkg/controllers/uiplugin/components.go | 10 +- pkg/controllers/uiplugin/controller.go | 2 +- pkg/controllers/uiplugin/monitoring.go | 54 +- pkg/operator/scheme.go | 2 +- 19 files changed, 1568 insertions(+), 653 deletions(-) create mode 100644 bundle/manifests/perses_v1_serviceaccount.yaml diff --git a/Makefile b/Makefile index 4732c8998..6e725ca5e 100644 --- a/Makefile +++ b/Makefile @@ -60,7 +60,7 @@ generate-prom-operator-crds: $(CONTROLLER_GEN) .PHONY: generate-perses-op-crds generate-perses-op-crds: $(CONTROLLER_GEN) $(CONTROLLER_GEN) crd \ - paths=github.com/perses/perses-operator/api/... \ + paths=github.com/rhobs/perses-operator/api/... \ output:dir=. \ output:crd:dir=./deploy/perses/crds diff --git a/bundle/manifests/observability-operator.clusterserviceversion.yaml b/bundle/manifests/observability-operator.clusterserviceversion.yaml index 206ce092a..efbc87224 100644 --- a/bundle/manifests/observability-operator.clusterserviceversion.yaml +++ b/bundle/manifests/observability-operator.clusterserviceversion.yaml @@ -929,7 +929,7 @@ spec: - --images=alertmanager=quay.io/prometheus/alertmanager:v0.26.0 - --images=prometheus=quay.io/prometheus/prometheus:v2.49.1 - --images=thanos=quay.io/thanos/thanos:v0.33.0 - - --images=perses=quay.io/persesdev/perses:v0.50.3 + - --images=perses=quay.io/openshift-observability-ui/perses:v0.51-go-1.23 env: - name: NAMESPACE valueFrom: @@ -1006,7 +1006,7 @@ spec: operator: Exists weight: 1 containers: - - image: quay.io/persesdev/perses-operator:v0.1.12 + - image: quay.io/openshift-observability-ui/perses-operator:v0.2-go-1.23 livenessProbe: httpGet: path: /healthz diff --git a/bundle/manifests/perses.dev_perses.yaml b/bundle/manifests/perses.dev_perses.yaml index be293efd9..8aa9bb241 100644 --- a/bundle/manifests/perses.dev_perses.yaml +++ b/bundle/manifests/perses.dev_perses.yaml @@ -12,6 +12,8 @@ spec: kind: Perses listKind: PersesList plural: perses + shortNames: + - per singular: perses scope: Namespaced versions: @@ -968,6 +970,96 @@ spec: client: description: Perses client configuration properties: + basicAuth: + description: BasicAuth basic auth config for perses client + properties: + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + password_path: + description: Path to password + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + username: + description: Username for basic auth + type: string + required: + - password_path + - type + - username + type: object + kubernetesAuth: + description: KubernetesAuth configuration for perses client + properties: + enable: + description: Enable kubernetes auth for perses client + type: boolean + required: + - enable + type: object + oauth: + description: OAuth configuration for perses client + properties: + authStyle: + description: |- + AuthStyle optionally specifies how the endpoint wants the + client ID & client secret sent. The zero value means to + auto-detect. + type: integer + clientIDPath: + description: Path to client id + type: string + clientSecretPath: + description: Path to client secret + type: string + endpointParams: + additionalProperties: + items: + type: string + type: array + description: EndpointParams specifies additional parameters + for requests to the token endpoint. + type: object + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + scopes: + description: Scope specifies optional requested permissions. + items: + type: string + type: array + tokenURL: + description: |- + TokenURL is the resource server's token endpoint + URL. This is a constant specific to each server. + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - tokenURL + - type + type: object tls: description: TLS the equivalent to the tls_config for perses client properties: @@ -978,14 +1070,18 @@ spec: description: Path to Certificate type: string name: - description: Name of certificate k8s resource (when type + description: Name of basic auth k8s resource (when type is secret or configmap) type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string privateKeyPath: description: Path to Private key certificate type: string type: - description: Type source type of certificate + description: Type source type of secret enum: - secret - configmap @@ -1008,14 +1104,18 @@ spec: description: Path to Certificate type: string name: - description: Name of certificate k8s resource (when type + description: Name of basic auth k8s resource (when type is secret or configmap) type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string privateKeyPath: description: Path to Private key certificate type: string type: - description: Type source type of certificate + description: Type source type of secret enum: - secret - configmap @@ -1034,6 +1134,41 @@ spec: api_prefix: description: Use it in case you want to prefix the API path. type: string + dashboard: + description: Dashboard contains the configuration for the dashboard + feature. + properties: + custom_lint_rules: + items: + properties: + assertion: + description: |- + Assertion is a CEL expression that validates the extracted value. + Refer to https://github.com/google/cel-spec/blob/master/doc/langdef.md for the syntax. + type: string + disable: + description: Disable is a flag to disable the rule. + type: boolean + message: + description: Message is displayed if the assertion fails. + type: string + name: + description: Name of the rule + type: string + target: + description: |- + Target is a JSONPath expression to extract the relevant portion of the dashboard data. + Refer to https://goessner.net/articles/JsonPath/ for the syntax. + type: string + required: + - assertion + - disable + - message + - name + - target + type: object + type: array + type: object database: description: Database contains the different configuration depending on the database you want to use @@ -1214,6 +1349,273 @@ spec: - write_timeout type: object type: object + datasource: + description: Datasource contains the configuration for the datasource. + properties: + disable_local: + description: |- + DisableLocal when used is preventing the possibility to add a datasource directly in the dashboard spec. + It will also disable the associated proxy. + type: boolean + global: + properties: + disable: + description: |- + Disable is used to disable the global datasource feature. + It will also remove the associated proxy. + Also, since the global variable depends on the global datasource, it will also disable the global variable feature. + type: boolean + discovery: + description: |- + Discovery is the configuration that helps to generate a list of global datasource based on the discovery chosen. + Be careful: the data coming from the discovery will totally override what exists in the database. + Note that this is an experimental feature. Behavior and config may change in the future. + items: + properties: + http_sd: + description: |- + HTTP-based service discovery provides a more generic way to generate a set of global datasource and serves as an interface to plug in custom service discovery mechanisms. + It fetches an HTTP endpoint containing a list of zero or more global datasources. + The target must reply with an HTTP 200 response. + The HTTP header Content-Type must be application/json, and the body must be valid array of JSON. + properties: + authorization: + description: The HTTP authorization credentials + for the targets. + properties: + credentials: + type: string + credentialsFile: + type: string + type: + type: string + type: object + basic_auth: + properties: + password: + type: string + passwordFile: + description: PasswordFile is a path to a + file that contains a password + type: string + username: + type: string + required: + - username + type: object + headers: + additionalProperties: + type: string + type: object + native_auth: + properties: + login: + type: string + password: + type: string + required: + - login + - password + type: object + oauth: + properties: + authStyle: + description: |- + AuthStyle optionally specifies how the endpoint wants the + client ID & client secret sent. The zero value means to + auto-detect. + type: integer + clientID: + description: ClientID is the application's + ID. + type: string + clientSecret: + description: ClientSecret is the application's + secret. + type: string + clientSecretFile: + type: string + endpointParams: + additionalProperties: + items: + type: string + type: array + description: EndpointParams specifies additional + parameters for requests to the token endpoint. + type: object + scopes: + description: Scope specifies optional requested + permissions. + items: + type: string + type: array + tokenURL: + description: |- + TokenURL is the resource server's token endpoint + URL. This is a constant specific to each server. + type: string + required: + - authStyle + - clientID + - clientSecret + - clientSecretFile + - endpointParams + - scopes + - tokenURL + type: object + tls_config: + description: TLSConfig to use to connect to + the targets. + properties: + ca: + description: Text of the CA cert to use + for the targets. + type: string + caFile: + description: The CA cert to use for the + targets. + type: string + cert: + description: Text of the client cert file + for the targets. + type: string + certFile: + description: The client cert file for the + targets. + type: string + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + key: + description: Text of the client key file + for the targets. + type: string + keyFile: + description: The client key file for the + targets. + type: string + maxVersion: + description: |- + Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default maximum version, which is TLS 1.3. + See MaxVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + minVersion: + description: |- + Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default minimum version, which is TLS 1.2. + See MinVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + serverName: + description: Used to verify the hostname + for the targets. + type: string + type: object + url: + format: uri + type: string + required: + - url + type: object + kubernetes_sd: + description: |- + Kubernetes SD configurations allow retrieving global datasource from Kubernetes' REST API + and always staying synchronized with the cluster state. + properties: + datasource_plugin_kind: + description: DatasourcePluginKind is the name + of the datasource plugin that should be filled + when creating datasources found. + type: string + labels: + additionalProperties: + type: string + description: The labels used to filter the list + of resource when contacting the Kubernetes + API. + type: object + namespace: + description: |- + Kubernetes namespace to constraint the query to only one namespace. + Leave empty if you are looking for datasource cross-namespace. + type: string + pod_configuration: + description: Configuration when you want to + discover the pods in Kubernetes + properties: + container_name: + description: Name of the container the target + address points to. + type: string + container_port_name: + description: Name of the container port. + type: string + container_port_number: + description: Number of the container port. + format: int32 + type: integer + enable: + description: If set to true, Perses server + will discovery the pod + type: boolean + type: object + service_configuration: + description: Configuration when you want to + discover the services in Kubernetes + properties: + enable: + description: If set to true, Perses server + will discovery the service + type: boolean + port_name: + description: Name of the service port for + the target. + type: string + port_number: + description: Number of the service port + for the target. + format: int32 + type: integer + service_type: + description: The type of the service. + type: string + type: object + required: + - datasource_plugin_kind + - namespace + type: object + name: + description: The name of the discovery config. It + is used for logging purposes only + type: string + refresh_interval: + description: Refresh interval to re-query the endpoint. + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + required: + - name + type: object + type: array + required: + - disable + type: object + project: + properties: + disable: + description: |- + Disable is used to disable the project datasource feature. + It will also remove the associated proxy. + type: boolean + required: + - disable + type: object + required: + - disable_local + - global + - project + type: object ephemeral_dashboard: description: EphemeralDashboard contains the config about the ephemeral dashboard feature @@ -1285,6 +1687,8 @@ spec: properties: disable_custom: type: boolean + disable_zoom: + type: boolean options: items: format: duration @@ -1293,234 +1697,31 @@ spec: type: array required: - disable_custom + - disable_zoom type: object required: - disable - explorer type: object - global_datasource_discovery: - description: |- - GlobalDatasourceDiscovery is the configuration that helps to generate a list of global datasource based on the discovery chosen. - Be careful: the data coming from the discovery will totally override what exists in the database. - Note that this is an experimental feature. Behavior and config may change in the future. - items: - properties: - discovery_name: - description: The name of the discovery config. It is used - for logging purposes only - type: string - http_sd: - description: |- - HTTP-based service discovery provides a more generic way to generate a set of global datasource and serves as an interface to plug in custom service discovery mechanisms. - It fetches an HTTP endpoint containing a list of zero or more global datasources. - The target must reply with an HTTP 200 response. - The HTTP header Content-Type must be application/json, and the body must be valid array of JSON. - properties: - authorization: - description: The HTTP authorization credentials for - the targets. - properties: - credentials: - type: string - credentialsFile: - type: string - type: - type: string - type: object - basic_auth: - properties: - password: - type: string - passwordFile: - description: PasswordFile is a path to a file that - contains a password - type: string - username: - type: string - required: - - username - type: object - headers: - additionalProperties: - type: string - type: object - native_auth: - properties: - login: - type: string - password: - type: string - required: - - login - - password - type: object - oauth: - properties: - authStyle: - description: |- - AuthStyle optionally specifies how the endpoint wants the - client ID & client secret sent. The zero value means to - auto-detect. - type: integer - clientID: - description: ClientID is the application's ID. - type: string - clientSecret: - description: ClientSecret is the application's secret. - type: string - clientSecretfile: - type: string - endpointParams: - additionalProperties: - items: - type: string - type: array - description: EndpointParams specifies additional - parameters for requests to the token endpoint. - type: object - scopes: - description: Scope specifies optional requested - permissions. - items: - type: string - type: array - tokenURL: - description: |- - TokenURL is the resource server's token endpoint - URL. This is a constant specific to each server. - type: string - required: - - authStyle - - clientID - - clientSecret - - clientSecretfile - - endpointParams - - scopes - - tokenURL - type: object - tls_config: - description: TLSConfig to use to connect to the targets. - properties: - ca: - description: Text of the CA cert to use for the - targets. - type: string - caFile: - description: The CA cert to use for the targets. - type: string - cert: - description: Text of the client cert file for the - targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - key: - description: Text of the client key file for the - targets. - type: string - keyFile: - description: The client key file for the targets. - type: string - maxVersion: - description: |- - Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). - If unset, Perses will use Go default maximum version, which is TLS 1.3. - See MaxVersion in https://pkg.go.dev/crypto/tls#Config. - type: string - minVersion: - description: |- - Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). - If unset, Perses will use Go default minimum version, which is TLS 1.2. - See MinVersion in https://pkg.go.dev/crypto/tls#Config. - type: string - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object - url: - type: object - required: - - url - type: object - kubernetes_sd: - description: |- - Kubernetes SD configurations allow retrieving global datasource from Kubernetes' REST API - and always staying synchronized with the cluster state. - properties: - datasource_plugin_kind: - description: DatasourcePluginKind is the name of the - datasource plugin that should be filled when creating - datasources found. - type: string - labels: - additionalProperties: - type: string - description: The labels used to filter the list of resource - when contacting the Kubernetes API. - type: object - namespace: - description: |- - Kubernetes namespace to constraint the query to only one namespace. - Leave empty if you are looking for datasource cross-namespace. - type: string - pod_configuration: - description: Configuration when you want to discover - the pods in Kubernetes - properties: - container_name: - description: Name of the container the target address - points to. - type: string - container_port_name: - description: Name of the container port. - type: string - container_port_number: - description: Number of the container port. - format: int32 - type: integer - enable: - description: If set to true, Perses server will - discovery the pod - type: boolean - type: object - service_configuration: - description: Configuration when you want to discover - the services in Kubernetes - properties: - enable: - description: If set to true, Perses server will - discovery the service - type: boolean - port_name: - description: Name of the service port for the target. - type: string - port_number: - description: Number of the service port for the - target. - format: int32 - type: integer - service_type: - description: The type of the service. - type: string - type: object - required: - - datasource_plugin_kind - - namespace - type: object - refresh_interval: - description: Refresh interval to re-query the endpoint. - format: duration - pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ - type: string - required: - - discovery_name - type: object - type: array + plugin: + description: Plugin contains the config for runtime plugins. + properties: + archive_path: + description: |- + ArchivePath is the path to the directory containing the archived plugins + When Perses is starting, it will extract the content of the archive in the folder specified in the `folder` attribute. + type: string + enable_dev: + description: DevEnvironment is the configuration to use when + developing a plugin + type: boolean + path: + description: Path is the path to the directory containing + the runtime plugins + type: string + required: + - enable_dev + type: object provisioning: description: Provisioning contains the provisioning config that can be used if you want to provide default resources. @@ -1536,8 +1737,10 @@ spec: type: string type: object schemas: - description: Schemas contain the configuration to get access to - the CUE schemas + description: |- + Schemas contain the configuration to get access to the CUE schemas + DEPRECATED. + Please remove it from your config. properties: datasources_path: type: string @@ -1578,11 +1781,21 @@ spec: properties: enable_native: type: boolean + kubernetes: + properties: + enabled: + type: boolean + kubeconfig: + type: string + required: + - enabled + type: object oauth: items: properties: auth_url: - type: object + format: uri + type: string client_credentials: properties: client_id: @@ -1613,7 +1826,8 @@ spec: custom_login_property: type: string device_auth_url: - type: object + format: uri + type: string device_code: properties: client_id: @@ -1693,7 +1907,8 @@ spec: name: type: string redirect_uri: - type: object + format: uri + type: string scopes: items: type: string @@ -1701,9 +1916,11 @@ spec: slug_id: type: string token_url: - type: object + format: uri + type: string user_infos_url: - type: object + format: uri + type: string required: - auth_url - client_id @@ -1767,7 +1984,8 @@ spec: disable_pkce: type: boolean discovery_url: - type: object + format: uri + type: string http: properties: timeout: @@ -1826,11 +2044,13 @@ spec: - tls_config type: object issuer: - type: object + format: uri + type: string name: type: string redirect_uri: - type: object + format: uri + type: string scopes: items: type: string @@ -1852,6 +2072,7 @@ spec: type: array required: - enable_native + - kubernetes type: object refresh_token_ttl: description: |- @@ -1899,6 +2120,8 @@ spec: - scopes type: object type: array + kubernetes: + type: boolean type: object cookie: description: Cookie configuration @@ -1916,6 +2139,34 @@ spec: required: - secure type: object + cors: + description: Configuration for the CORS middleware. + properties: + allow_credentials: + type: boolean + allow_headers: + items: + type: string + type: array + allow_methods: + items: + type: string + type: array + allow_origins: + items: + type: string + type: array + enable: + type: boolean + expose_headers: + items: + type: string + type: array + max_age: + type: integer + required: + - enable + type: object enable_auth: description: |- When it is true, the authentication and authorization config are considered. @@ -1942,6 +2193,39 @@ spec: - enable_auth - readonly type: object + variable: + description: Variable contains the configuration for the variable. + properties: + disable_local: + description: DisableLocal when used is preventing the possibility + to add a variable directly in the dashboard spec. + type: boolean + global: + properties: + disable: + description: |- + Disable is used to disable the global variable feature. + Note that if the global datasource is disabled, the global variable will also be disabled. + type: boolean + required: + - disable + type: object + project: + properties: + disable: + description: |- + Disable is used to disable the project variable feature. + Note that if the global datasource and the project datasource are disabled, + then the project variable will also be disabled. + type: boolean + required: + - disable + type: object + required: + - disable_local + - global + - project + type: object type: object containerPort: format: int32 @@ -2286,6 +2570,30 @@ spec: name: type: string type: object + serviceAccountName: + description: ServiceAccountName is the name of the service account + to use for the perses deployment or statefulset. + type: string + storage: + default: + size: 1Gi + description: Storage configuration used by the StatefulSet + properties: + size: + anyOf: + - type: integer + - type: string + description: |- + Size of the storage. + cannot be decreased. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + description: |- + StorageClass to use for PVCs. + If not specified, will use the default storage class + type: string + type: object tls: description: tls specifies the tls configuration for the perses instance properties: @@ -2296,14 +2604,18 @@ spec: description: Path to Certificate type: string name: - description: Name of certificate k8s resource (when type is + description: Name of basic auth k8s resource (when type is secret or configmap) type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string privateKeyPath: description: Path to Private key certificate type: string type: - description: Type source type of certificate + description: Type source type of secret enum: - secret - configmap @@ -2326,14 +2638,18 @@ spec: description: Path to Certificate type: string name: - description: Name of certificate k8s resource (when type is + description: Name of basic auth k8s resource (when type is secret or configmap) type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string privateKeyPath: description: Path to Private key certificate type: string type: - description: Type source type of certificate + description: Type source type of secret enum: - secret - configmap diff --git a/bundle/manifests/perses.dev_persesdashboards.yaml b/bundle/manifests/perses.dev_persesdashboards.yaml index 227f2bb6d..9fb82297f 100644 --- a/bundle/manifests/perses.dev_persesdashboards.yaml +++ b/bundle/manifests/perses.dev_persesdashboards.yaml @@ -12,6 +12,8 @@ spec: kind: PersesDashboard listKind: PersesDashboardList plural: persesdashboards + shortNames: + - perdb singular: persesdashboard scope: Namespaced versions: diff --git a/bundle/manifests/perses.dev_persesdatasources.yaml b/bundle/manifests/perses.dev_persesdatasources.yaml index cd4124363..ed7681572 100644 --- a/bundle/manifests/perses.dev_persesdatasources.yaml +++ b/bundle/manifests/perses.dev_persesdatasources.yaml @@ -12,6 +12,8 @@ spec: kind: PersesDatasource listKind: PersesDatasourceList plural: persesdatasources + shortNames: + - perds singular: persesdatasource scope: Namespaced versions: @@ -41,6 +43,96 @@ spec: properties: client: properties: + basicAuth: + description: BasicAuth basic auth config for perses client + properties: + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + password_path: + description: Path to password + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + username: + description: Username for basic auth + type: string + required: + - password_path + - type + - username + type: object + kubernetesAuth: + description: KubernetesAuth configuration for perses client + properties: + enable: + description: Enable kubernetes auth for perses client + type: boolean + required: + - enable + type: object + oauth: + description: OAuth configuration for perses client + properties: + authStyle: + description: |- + AuthStyle optionally specifies how the endpoint wants the + client ID & client secret sent. The zero value means to + auto-detect. + type: integer + clientIDPath: + description: Path to client id + type: string + clientSecretPath: + description: Path to client secret + type: string + endpointParams: + additionalProperties: + items: + type: string + type: array + description: EndpointParams specifies additional parameters + for requests to the token endpoint. + type: object + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + scopes: + description: Scope specifies optional requested permissions. + items: + type: string + type: array + tokenURL: + description: |- + TokenURL is the resource server's token endpoint + URL. This is a constant specific to each server. + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - tokenURL + - type + type: object tls: description: TLS the equivalent to the tls_config for perses client properties: @@ -51,14 +143,18 @@ spec: description: Path to Certificate type: string name: - description: Name of certificate k8s resource (when type + description: Name of basic auth k8s resource (when type is secret or configmap) type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string privateKeyPath: description: Path to Private key certificate type: string type: - description: Type source type of certificate + description: Type source type of secret enum: - secret - configmap @@ -81,14 +177,18 @@ spec: description: Path to Certificate type: string name: - description: Name of certificate k8s resource (when type + description: Name of basic auth k8s resource (when type is secret or configmap) type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string privateKeyPath: description: Path to Private key certificate type: string type: - description: Type source type of certificate + description: Type source type of secret enum: - secret - configmap diff --git a/bundle/manifests/perses_v1_serviceaccount.yaml b/bundle/manifests/perses_v1_serviceaccount.yaml new file mode 100644 index 000000000..d92825f97 --- /dev/null +++ b/bundle/manifests/perses_v1_serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + name: perses diff --git a/cmd/operator/main.go b/cmd/operator/main.go index ee038368c..0e7348296 100644 --- a/cmd/operator/main.go +++ b/cmd/operator/main.go @@ -50,7 +50,7 @@ var defaultImages = map[string]string{ "health-analyzer": "quay.io/openshiftanalytics/cluster-health-analyzer:v0.5.0", "ui-monitoring-pf5": "quay.io/openshift-observability-ui/monitoring-console-plugin:v0.4.2", "ui-monitoring": "quay.io/openshift-observability-ui/monitoring-console-plugin:v0.5.1", - "perses": "quay.io/openshift-observability-ui/perses:v0.51.1", + "perses": "quay.io/openshift-observability-ui/perses:v0.51.1-go-1.23", } func imagesUsed() []string { diff --git a/deploy/operator/kustomization.yaml b/deploy/operator/kustomization.yaml index 9fb5777dd..c31a7b915 100644 --- a/deploy/operator/kustomization.yaml +++ b/deploy/operator/kustomization.yaml @@ -41,7 +41,7 @@ patches: - patch: |- - op: add path: /spec/template/spec/containers/0/args/- - value: --images=perses=quay.io/persesdev/perses:v0.50.3 + value: --images=perses=quay.io/openshift-observability-ui/perses:v0.51-go-1.23 target: group: apps kind: Deployment diff --git a/deploy/perses/crds/perses.dev_perses.yaml b/deploy/perses/crds/perses.dev_perses.yaml index 0888e80df..783db9d94 100644 --- a/deploy/perses/crds/perses.dev_perses.yaml +++ b/deploy/perses/crds/perses.dev_perses.yaml @@ -11,6 +11,8 @@ spec: kind: Perses listKind: PersesList plural: perses + shortNames: + - per singular: perses scope: Namespaced versions: @@ -967,6 +969,96 @@ spec: client: description: Perses client configuration properties: + basicAuth: + description: BasicAuth basic auth config for perses client + properties: + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + password_path: + description: Path to password + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + username: + description: Username for basic auth + type: string + required: + - password_path + - type + - username + type: object + kubernetesAuth: + description: KubernetesAuth configuration for perses client + properties: + enable: + description: Enable kubernetes auth for perses client + type: boolean + required: + - enable + type: object + oauth: + description: OAuth configuration for perses client + properties: + authStyle: + description: |- + AuthStyle optionally specifies how the endpoint wants the + client ID & client secret sent. The zero value means to + auto-detect. + type: integer + clientIDPath: + description: Path to client id + type: string + clientSecretPath: + description: Path to client secret + type: string + endpointParams: + additionalProperties: + items: + type: string + type: array + description: EndpointParams specifies additional parameters + for requests to the token endpoint. + type: object + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + scopes: + description: Scope specifies optional requested permissions. + items: + type: string + type: array + tokenURL: + description: |- + TokenURL is the resource server's token endpoint + URL. This is a constant specific to each server. + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - tokenURL + - type + type: object tls: description: TLS the equivalent to the tls_config for perses client properties: @@ -977,14 +1069,18 @@ spec: description: Path to Certificate type: string name: - description: Name of certificate k8s resource (when type + description: Name of basic auth k8s resource (when type is secret or configmap) type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string privateKeyPath: description: Path to Private key certificate type: string type: - description: Type source type of certificate + description: Type source type of secret enum: - secret - configmap @@ -1007,14 +1103,18 @@ spec: description: Path to Certificate type: string name: - description: Name of certificate k8s resource (when type + description: Name of basic auth k8s resource (when type is secret or configmap) type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string privateKeyPath: description: Path to Private key certificate type: string type: - description: Type source type of certificate + description: Type source type of secret enum: - secret - configmap @@ -1033,6 +1133,41 @@ spec: api_prefix: description: Use it in case you want to prefix the API path. type: string + dashboard: + description: Dashboard contains the configuration for the dashboard + feature. + properties: + custom_lint_rules: + items: + properties: + assertion: + description: |- + Assertion is a CEL expression that validates the extracted value. + Refer to https://github.com/google/cel-spec/blob/master/doc/langdef.md for the syntax. + type: string + disable: + description: Disable is a flag to disable the rule. + type: boolean + message: + description: Message is displayed if the assertion fails. + type: string + name: + description: Name of the rule + type: string + target: + description: |- + Target is a JSONPath expression to extract the relevant portion of the dashboard data. + Refer to https://goessner.net/articles/JsonPath/ for the syntax. + type: string + required: + - assertion + - disable + - message + - name + - target + type: object + type: array + type: object database: description: Database contains the different configuration depending on the database you want to use @@ -1213,6 +1348,273 @@ spec: - write_timeout type: object type: object + datasource: + description: Datasource contains the configuration for the datasource. + properties: + disable_local: + description: |- + DisableLocal when used is preventing the possibility to add a datasource directly in the dashboard spec. + It will also disable the associated proxy. + type: boolean + global: + properties: + disable: + description: |- + Disable is used to disable the global datasource feature. + It will also remove the associated proxy. + Also, since the global variable depends on the global datasource, it will also disable the global variable feature. + type: boolean + discovery: + description: |- + Discovery is the configuration that helps to generate a list of global datasource based on the discovery chosen. + Be careful: the data coming from the discovery will totally override what exists in the database. + Note that this is an experimental feature. Behavior and config may change in the future. + items: + properties: + http_sd: + description: |- + HTTP-based service discovery provides a more generic way to generate a set of global datasource and serves as an interface to plug in custom service discovery mechanisms. + It fetches an HTTP endpoint containing a list of zero or more global datasources. + The target must reply with an HTTP 200 response. + The HTTP header Content-Type must be application/json, and the body must be valid array of JSON. + properties: + authorization: + description: The HTTP authorization credentials + for the targets. + properties: + credentials: + type: string + credentialsFile: + type: string + type: + type: string + type: object + basic_auth: + properties: + password: + type: string + passwordFile: + description: PasswordFile is a path to a + file that contains a password + type: string + username: + type: string + required: + - username + type: object + headers: + additionalProperties: + type: string + type: object + native_auth: + properties: + login: + type: string + password: + type: string + required: + - login + - password + type: object + oauth: + properties: + authStyle: + description: |- + AuthStyle optionally specifies how the endpoint wants the + client ID & client secret sent. The zero value means to + auto-detect. + type: integer + clientID: + description: ClientID is the application's + ID. + type: string + clientSecret: + description: ClientSecret is the application's + secret. + type: string + clientSecretFile: + type: string + endpointParams: + additionalProperties: + items: + type: string + type: array + description: EndpointParams specifies additional + parameters for requests to the token endpoint. + type: object + scopes: + description: Scope specifies optional requested + permissions. + items: + type: string + type: array + tokenURL: + description: |- + TokenURL is the resource server's token endpoint + URL. This is a constant specific to each server. + type: string + required: + - authStyle + - clientID + - clientSecret + - clientSecretFile + - endpointParams + - scopes + - tokenURL + type: object + tls_config: + description: TLSConfig to use to connect to + the targets. + properties: + ca: + description: Text of the CA cert to use + for the targets. + type: string + caFile: + description: The CA cert to use for the + targets. + type: string + cert: + description: Text of the client cert file + for the targets. + type: string + certFile: + description: The client cert file for the + targets. + type: string + insecureSkipVerify: + description: Disable target certificate + validation. + type: boolean + key: + description: Text of the client key file + for the targets. + type: string + keyFile: + description: The client key file for the + targets. + type: string + maxVersion: + description: |- + Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default maximum version, which is TLS 1.3. + See MaxVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + minVersion: + description: |- + Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). + If unset, Perses will use Go default minimum version, which is TLS 1.2. + See MinVersion in https://pkg.go.dev/crypto/tls#Config. + type: string + serverName: + description: Used to verify the hostname + for the targets. + type: string + type: object + url: + format: uri + type: string + required: + - url + type: object + kubernetes_sd: + description: |- + Kubernetes SD configurations allow retrieving global datasource from Kubernetes' REST API + and always staying synchronized with the cluster state. + properties: + datasource_plugin_kind: + description: DatasourcePluginKind is the name + of the datasource plugin that should be filled + when creating datasources found. + type: string + labels: + additionalProperties: + type: string + description: The labels used to filter the list + of resource when contacting the Kubernetes + API. + type: object + namespace: + description: |- + Kubernetes namespace to constraint the query to only one namespace. + Leave empty if you are looking for datasource cross-namespace. + type: string + pod_configuration: + description: Configuration when you want to + discover the pods in Kubernetes + properties: + container_name: + description: Name of the container the target + address points to. + type: string + container_port_name: + description: Name of the container port. + type: string + container_port_number: + description: Number of the container port. + format: int32 + type: integer + enable: + description: If set to true, Perses server + will discovery the pod + type: boolean + type: object + service_configuration: + description: Configuration when you want to + discover the services in Kubernetes + properties: + enable: + description: If set to true, Perses server + will discovery the service + type: boolean + port_name: + description: Name of the service port for + the target. + type: string + port_number: + description: Number of the service port + for the target. + format: int32 + type: integer + service_type: + description: The type of the service. + type: string + type: object + required: + - datasource_plugin_kind + - namespace + type: object + name: + description: The name of the discovery config. It + is used for logging purposes only + type: string + refresh_interval: + description: Refresh interval to re-query the endpoint. + format: duration + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + required: + - name + type: object + type: array + required: + - disable + type: object + project: + properties: + disable: + description: |- + Disable is used to disable the project datasource feature. + It will also remove the associated proxy. + type: boolean + required: + - disable + type: object + required: + - disable_local + - global + - project + type: object ephemeral_dashboard: description: EphemeralDashboard contains the config about the ephemeral dashboard feature @@ -1284,6 +1686,8 @@ spec: properties: disable_custom: type: boolean + disable_zoom: + type: boolean options: items: format: duration @@ -1292,234 +1696,31 @@ spec: type: array required: - disable_custom + - disable_zoom type: object required: - disable - explorer type: object - global_datasource_discovery: - description: |- - GlobalDatasourceDiscovery is the configuration that helps to generate a list of global datasource based on the discovery chosen. - Be careful: the data coming from the discovery will totally override what exists in the database. - Note that this is an experimental feature. Behavior and config may change in the future. - items: - properties: - discovery_name: - description: The name of the discovery config. It is used - for logging purposes only - type: string - http_sd: - description: |- - HTTP-based service discovery provides a more generic way to generate a set of global datasource and serves as an interface to plug in custom service discovery mechanisms. - It fetches an HTTP endpoint containing a list of zero or more global datasources. - The target must reply with an HTTP 200 response. - The HTTP header Content-Type must be application/json, and the body must be valid array of JSON. - properties: - authorization: - description: The HTTP authorization credentials for - the targets. - properties: - credentials: - type: string - credentialsFile: - type: string - type: - type: string - type: object - basic_auth: - properties: - password: - type: string - passwordFile: - description: PasswordFile is a path to a file that - contains a password - type: string - username: - type: string - required: - - username - type: object - headers: - additionalProperties: - type: string - type: object - native_auth: - properties: - login: - type: string - password: - type: string - required: - - login - - password - type: object - oauth: - properties: - authStyle: - description: |- - AuthStyle optionally specifies how the endpoint wants the - client ID & client secret sent. The zero value means to - auto-detect. - type: integer - clientID: - description: ClientID is the application's ID. - type: string - clientSecret: - description: ClientSecret is the application's secret. - type: string - clientSecretfile: - type: string - endpointParams: - additionalProperties: - items: - type: string - type: array - description: EndpointParams specifies additional - parameters for requests to the token endpoint. - type: object - scopes: - description: Scope specifies optional requested - permissions. - items: - type: string - type: array - tokenURL: - description: |- - TokenURL is the resource server's token endpoint - URL. This is a constant specific to each server. - type: string - required: - - authStyle - - clientID - - clientSecret - - clientSecretfile - - endpointParams - - scopes - - tokenURL - type: object - tls_config: - description: TLSConfig to use to connect to the targets. - properties: - ca: - description: Text of the CA cert to use for the - targets. - type: string - caFile: - description: The CA cert to use for the targets. - type: string - cert: - description: Text of the client cert file for the - targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - key: - description: Text of the client key file for the - targets. - type: string - keyFile: - description: The client key file for the targets. - type: string - maxVersion: - description: |- - Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). - If unset, Perses will use Go default maximum version, which is TLS 1.3. - See MaxVersion in https://pkg.go.dev/crypto/tls#Config. - type: string - minVersion: - description: |- - Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). - If unset, Perses will use Go default minimum version, which is TLS 1.2. - See MinVersion in https://pkg.go.dev/crypto/tls#Config. - type: string - serverName: - description: Used to verify the hostname for the - targets. - type: string - type: object - url: - type: object - required: - - url - type: object - kubernetes_sd: - description: |- - Kubernetes SD configurations allow retrieving global datasource from Kubernetes' REST API - and always staying synchronized with the cluster state. - properties: - datasource_plugin_kind: - description: DatasourcePluginKind is the name of the - datasource plugin that should be filled when creating - datasources found. - type: string - labels: - additionalProperties: - type: string - description: The labels used to filter the list of resource - when contacting the Kubernetes API. - type: object - namespace: - description: |- - Kubernetes namespace to constraint the query to only one namespace. - Leave empty if you are looking for datasource cross-namespace. - type: string - pod_configuration: - description: Configuration when you want to discover - the pods in Kubernetes - properties: - container_name: - description: Name of the container the target address - points to. - type: string - container_port_name: - description: Name of the container port. - type: string - container_port_number: - description: Number of the container port. - format: int32 - type: integer - enable: - description: If set to true, Perses server will - discovery the pod - type: boolean - type: object - service_configuration: - description: Configuration when you want to discover - the services in Kubernetes - properties: - enable: - description: If set to true, Perses server will - discovery the service - type: boolean - port_name: - description: Name of the service port for the target. - type: string - port_number: - description: Number of the service port for the - target. - format: int32 - type: integer - service_type: - description: The type of the service. - type: string - type: object - required: - - datasource_plugin_kind - - namespace - type: object - refresh_interval: - description: Refresh interval to re-query the endpoint. - format: duration - pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ - type: string - required: - - discovery_name - type: object - type: array + plugin: + description: Plugin contains the config for runtime plugins. + properties: + archive_path: + description: |- + ArchivePath is the path to the directory containing the archived plugins + When Perses is starting, it will extract the content of the archive in the folder specified in the `folder` attribute. + type: string + enable_dev: + description: DevEnvironment is the configuration to use when + developing a plugin + type: boolean + path: + description: Path is the path to the directory containing + the runtime plugins + type: string + required: + - enable_dev + type: object provisioning: description: Provisioning contains the provisioning config that can be used if you want to provide default resources. @@ -1535,8 +1736,10 @@ spec: type: string type: object schemas: - description: Schemas contain the configuration to get access to - the CUE schemas + description: |- + Schemas contain the configuration to get access to the CUE schemas + DEPRECATED. + Please remove it from your config. properties: datasources_path: type: string @@ -1577,11 +1780,21 @@ spec: properties: enable_native: type: boolean + kubernetes: + properties: + enabled: + type: boolean + kubeconfig: + type: string + required: + - enabled + type: object oauth: items: properties: auth_url: - type: object + format: uri + type: string client_credentials: properties: client_id: @@ -1612,7 +1825,8 @@ spec: custom_login_property: type: string device_auth_url: - type: object + format: uri + type: string device_code: properties: client_id: @@ -1692,7 +1906,8 @@ spec: name: type: string redirect_uri: - type: object + format: uri + type: string scopes: items: type: string @@ -1700,9 +1915,11 @@ spec: slug_id: type: string token_url: - type: object + format: uri + type: string user_infos_url: - type: object + format: uri + type: string required: - auth_url - client_id @@ -1766,7 +1983,8 @@ spec: disable_pkce: type: boolean discovery_url: - type: object + format: uri + type: string http: properties: timeout: @@ -1825,11 +2043,13 @@ spec: - tls_config type: object issuer: - type: object + format: uri + type: string name: type: string redirect_uri: - type: object + format: uri + type: string scopes: items: type: string @@ -1851,6 +2071,7 @@ spec: type: array required: - enable_native + - kubernetes type: object refresh_token_ttl: description: |- @@ -1898,6 +2119,8 @@ spec: - scopes type: object type: array + kubernetes: + type: boolean type: object cookie: description: Cookie configuration @@ -1915,6 +2138,34 @@ spec: required: - secure type: object + cors: + description: Configuration for the CORS middleware. + properties: + allow_credentials: + type: boolean + allow_headers: + items: + type: string + type: array + allow_methods: + items: + type: string + type: array + allow_origins: + items: + type: string + type: array + enable: + type: boolean + expose_headers: + items: + type: string + type: array + max_age: + type: integer + required: + - enable + type: object enable_auth: description: |- When it is true, the authentication and authorization config are considered. @@ -1941,6 +2192,39 @@ spec: - enable_auth - readonly type: object + variable: + description: Variable contains the configuration for the variable. + properties: + disable_local: + description: DisableLocal when used is preventing the possibility + to add a variable directly in the dashboard spec. + type: boolean + global: + properties: + disable: + description: |- + Disable is used to disable the global variable feature. + Note that if the global datasource is disabled, the global variable will also be disabled. + type: boolean + required: + - disable + type: object + project: + properties: + disable: + description: |- + Disable is used to disable the project variable feature. + Note that if the global datasource and the project datasource are disabled, + then the project variable will also be disabled. + type: boolean + required: + - disable + type: object + required: + - disable_local + - global + - project + type: object type: object containerPort: format: int32 @@ -2285,6 +2569,30 @@ spec: name: type: string type: object + serviceAccountName: + description: ServiceAccountName is the name of the service account + to use for the perses deployment or statefulset. + type: string + storage: + default: + size: 1Gi + description: Storage configuration used by the StatefulSet + properties: + size: + anyOf: + - type: integer + - type: string + description: |- + Size of the storage. + cannot be decreased. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClass: + description: |- + StorageClass to use for PVCs. + If not specified, will use the default storage class + type: string + type: object tls: description: tls specifies the tls configuration for the perses instance properties: @@ -2295,14 +2603,18 @@ spec: description: Path to Certificate type: string name: - description: Name of certificate k8s resource (when type is + description: Name of basic auth k8s resource (when type is secret or configmap) type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string privateKeyPath: description: Path to Private key certificate type: string type: - description: Type source type of certificate + description: Type source type of secret enum: - secret - configmap @@ -2325,14 +2637,18 @@ spec: description: Path to Certificate type: string name: - description: Name of certificate k8s resource (when type is + description: Name of basic auth k8s resource (when type is secret or configmap) type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string privateKeyPath: description: Path to Private key certificate type: string type: - description: Type source type of certificate + description: Type source type of secret enum: - secret - configmap diff --git a/deploy/perses/crds/perses.dev_persesdashboards.yaml b/deploy/perses/crds/perses.dev_persesdashboards.yaml index 1f49c12a4..4e883961a 100644 --- a/deploy/perses/crds/perses.dev_persesdashboards.yaml +++ b/deploy/perses/crds/perses.dev_persesdashboards.yaml @@ -11,6 +11,8 @@ spec: kind: PersesDashboard listKind: PersesDashboardList plural: persesdashboards + shortNames: + - perdb singular: persesdashboard scope: Namespaced versions: diff --git a/deploy/perses/crds/perses.dev_persesdatasources.yaml b/deploy/perses/crds/perses.dev_persesdatasources.yaml index 6169c8c29..6f6f9f48f 100644 --- a/deploy/perses/crds/perses.dev_persesdatasources.yaml +++ b/deploy/perses/crds/perses.dev_persesdatasources.yaml @@ -11,6 +11,8 @@ spec: kind: PersesDatasource listKind: PersesDatasourceList plural: persesdatasources + shortNames: + - perds singular: persesdatasource scope: Namespaced versions: @@ -40,6 +42,96 @@ spec: properties: client: properties: + basicAuth: + description: BasicAuth basic auth config for perses client + properties: + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + password_path: + description: Path to password + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + username: + description: Username for basic auth + type: string + required: + - password_path + - type + - username + type: object + kubernetesAuth: + description: KubernetesAuth configuration for perses client + properties: + enable: + description: Enable kubernetes auth for perses client + type: boolean + required: + - enable + type: object + oauth: + description: OAuth configuration for perses client + properties: + authStyle: + description: |- + AuthStyle optionally specifies how the endpoint wants the + client ID & client secret sent. The zero value means to + auto-detect. + type: integer + clientIDPath: + description: Path to client id + type: string + clientSecretPath: + description: Path to client secret + type: string + endpointParams: + additionalProperties: + items: + type: string + type: array + description: EndpointParams specifies additional parameters + for requests to the token endpoint. + type: object + name: + description: Name of basic auth k8s resource (when type is + secret or configmap) + type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string + scopes: + description: Scope specifies optional requested permissions. + items: + type: string + type: array + tokenURL: + description: |- + TokenURL is the resource server's token endpoint + URL. This is a constant specific to each server. + type: string + type: + description: Type source type of secret + enum: + - secret + - configmap + - file + type: string + required: + - tokenURL + - type + type: object tls: description: TLS the equivalent to the tls_config for perses client properties: @@ -50,14 +142,18 @@ spec: description: Path to Certificate type: string name: - description: Name of certificate k8s resource (when type + description: Name of basic auth k8s resource (when type is secret or configmap) type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string privateKeyPath: description: Path to Private key certificate type: string type: - description: Type source type of certificate + description: Type source type of secret enum: - secret - configmap @@ -80,14 +176,18 @@ spec: description: Path to Certificate type: string name: - description: Name of certificate k8s resource (when type + description: Name of basic auth k8s resource (when type is secret or configmap) type: string + namespace: + description: Namsespace of certificate k8s resource (when + type is secret or configmap) + type: string privateKeyPath: description: Path to Private key certificate type: string type: - description: Type source type of certificate + description: Type source type of secret enum: - secret - configmap diff --git a/deploy/perses/perses-operator-deployment.yaml b/deploy/perses/perses-operator-deployment.yaml index 288958aab..f879ad4ef 100644 --- a/deploy/perses/perses-operator-deployment.yaml +++ b/deploy/perses/perses-operator-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: containers: - name: perses-operator - image: quay.io/persesdev/perses-operator:v0.1.12 + image: quay.io/openshift-observability-ui/perses-operator:v0.2-go-1.23 securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/go.mod b/go.mod index 4547c0b50..36113a4a3 100644 --- a/go.mod +++ b/go.mod @@ -1,18 +1,17 @@ module github.com/rhobs/observability-operator -go 1.23.4 +go 1.23.7 -toolchain go1.23.7 +toolchain go1.23.10 require ( + github.com/go-jose/go-jose/v4 v4.0.5 // indirect github.com/go-logr/logr v1.4.2 github.com/google/go-cmp v0.7.0 github.com/openshift/api v0.0.0-20240404200104-96ed2d49b255 - github.com/perses/perses v0.50.3 - github.com/perses/perses-operator v0.1.10 github.com/pkg/errors v0.9.1 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.80.1 - github.com/prometheus/common v0.63.0 + github.com/prometheus/common v0.64.0 github.com/rhobs/obo-prometheus-operator v0.80.1-rhobs1 github.com/rhobs/obo-prometheus-operator/pkg/apis/monitoring v0.80.1-rhobs1 go.uber.org/zap v1.27.0 @@ -20,21 +19,30 @@ require ( golang.org/x/mod v0.24.0 gopkg.in/yaml.v3 v3.0.1 gotest.tools/v3 v3.5.2 - k8s.io/api v0.32.3 - k8s.io/apiextensions-apiserver v0.32.2 - k8s.io/apimachinery v0.32.3 - k8s.io/apiserver v0.32.2 - k8s.io/client-go v0.32.3 - k8s.io/component-base v0.32.2 k8s.io/utils v0.0.0-20241210054802-24370beab758 - sigs.k8s.io/controller-runtime v0.20.3 + sigs.k8s.io/controller-runtime v0.20.4 ) require ( + github.com/rhobs/perses v0.0.0-20250612171017-5d7686af9ae4 + github.com/rhobs/perses-operator v0.1.10-0.20250612173146-78eb619430df + k8s.io/api v0.32.5 + k8s.io/apiextensions-apiserver v0.32.1 + k8s.io/apimachinery v0.32.5 + k8s.io/apiserver v0.32.5 + k8s.io/client-go v0.32.5 + k8s.io/component-base v0.32.5 +) + +require ( + cel.dev/expr v0.23.1 // indirect + github.com/PaesslerAG/gval v1.2.4 // indirect + github.com/PaesslerAG/jsonpath v0.1.2-0.20240726212847-3a740cf7976f // indirect + github.com/antlr4-go/antlr/v4 v4.13.0 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/brunoga/deep v1.2.4 // indirect + github.com/brunoga/deep v1.2.5 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/dennwc/varint v1.0.0 // indirect @@ -46,7 +54,6 @@ require ( github.com/facette/natsort v0.0.0-20181210072756-2cd4dd1e2dcb // indirect github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect - github.com/go-jose/go-jose/v4 v4.0.5 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/analysis v0.23.0 // indirect @@ -62,20 +69,20 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.1.3 // indirect + github.com/google/cel-go v0.25.0 // indirect github.com/google/gnostic-models v0.6.9 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/gorilla/websocket v1.5.3 // indirect + github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/jpillora/backoff v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.11 // indirect - github.com/labstack/echo/v4 v4.13.3 // indirect + github.com/labstack/echo/v4 v4.13.4 // indirect github.com/labstack/gommon v0.4.2 // indirect github.com/mailru/easyjson v0.9.0 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/metalmatze/signal v0.0.0-20210307161603-1c9aa721a97a // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect @@ -90,47 +97,52 @@ require ( github.com/oklog/ulid v1.3.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect - github.com/perses/common v0.27.0 // indirect + github.com/perses/common v0.27.1-0.20250326140707-96e439b14e0e // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus-community/prom-label-proxy v0.11.0 // indirect github.com/prometheus/alertmanager v0.28.0 // indirect - github.com/prometheus/client_golang v1.21.1 // indirect - github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/client_golang v1.22.0 // indirect + github.com/prometheus/client_model v0.6.2 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/prometheus/prometheus v0.301.0 // indirect github.com/rhobs/obo-prometheus-operator/pkg/client v0.80.1-rhobs1 // indirect + github.com/shopspring/decimal v1.4.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/spf13/cobra v1.9.1 // indirect github.com/spf13/pflag v1.0.6 // indirect + github.com/stoewer/go-strcase v1.3.0 // indirect github.com/stretchr/testify v1.10.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/valyala/fasttemplate v1.2.2 // indirect github.com/x448/float16 v0.8.4 // indirect - github.com/zitadel/oidc/v3 v3.36.1 // indirect - github.com/zitadel/schema v1.3.0 // indirect + github.com/zitadel/oidc/v3 v3.38.1 // indirect + github.com/zitadel/schema v1.3.1 // indirect go.mongodb.org/mongo-driver v1.17.2 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/otel v1.34.0 // indirect - go.opentelemetry.io/otel/metric v1.34.0 // indirect - go.opentelemetry.io/otel/trace v1.34.0 // indirect + go.opentelemetry.io/otel v1.35.0 // indirect + go.opentelemetry.io/otel/metric v1.35.0 // indirect + go.opentelemetry.io/otel/trace v1.35.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.36.0 // indirect - golang.org/x/net v0.37.0 // indirect - golang.org/x/oauth2 v0.28.0 // indirect - golang.org/x/sync v0.12.0 // indirect - golang.org/x/sys v0.31.0 // indirect - golang.org/x/term v0.30.0 // indirect - golang.org/x/text v0.23.0 // indirect - golang.org/x/time v0.9.0 // indirect + golang.org/x/crypto v0.38.0 // indirect + golang.org/x/net v0.40.0 // indirect + golang.org/x/oauth2 v0.30.0 // indirect + golang.org/x/sync v0.14.0 // indirect + golang.org/x/sys v0.33.0 // indirect + golang.org/x/term v0.32.0 // indirect + golang.org/x/text v0.25.0 // indirect + golang.org/x/time v0.11.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/protobuf v1.36.5 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 // indirect + google.golang.org/protobuf v1.36.6 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect + k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect + sigs.k8s.io/randfill v1.0.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index 6303295c4..9d0da5357 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +cel.dev/expr v0.23.1 h1:K4KOtPCJQjVggkARsjG9RWXP6O4R73aHeJMa/dmCQQg= +cel.dev/expr v0.23.1/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw= cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs= cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q= cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= @@ -13,12 +15,20 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkY github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/DATA-DOG/go-sqlmock v1.4.1/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= +github.com/PaesslerAG/gval v1.2.2/go.mod h1:XRFLwvmkTEdYziLdaCeCa5ImcGVrfQbeNUbVR+C6xac= +github.com/PaesslerAG/gval v1.2.4 h1:rhX7MpjJlcxYwL2eTTYIOBUyEKZ+A96T9vQySWkVUiU= +github.com/PaesslerAG/gval v1.2.4/go.mod h1:XRFLwvmkTEdYziLdaCeCa5ImcGVrfQbeNUbVR+C6xac= +github.com/PaesslerAG/jsonpath v0.1.0/go.mod h1:4BzmtoM/PI8fPO4aQGIusjGxGir2BzcV0grWtFzq1Y8= +github.com/PaesslerAG/jsonpath v0.1.2-0.20240726212847-3a740cf7976f h1:TxDCeKRCgHea2hUiMOjWwqzWmrIGqSOZYkEPuClXzDo= +github.com/PaesslerAG/jsonpath v0.1.2-0.20240726212847-3a740cf7976f/go.mod h1:zTyVtYhYjcHpfCtqnCMxejgp0pEEwb/xJzhn05NrkJk= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b h1:mimo19zliBX/vSQ6PWWSL9lK8qwHozUj03+zLoEB8O0= github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b/go.mod h1:fvzegU4vN3H1qMT+8wDmzjAcDONcgo2/SZ/TyfdUOFs= +github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= +github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= @@ -33,8 +43,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/brunoga/deep v1.2.4 h1:Aj9E9oUbE+ccbyh35VC/NHlzzjfIVU69BXu2mt2LmL8= -github.com/brunoga/deep v1.2.4/go.mod h1:GDV6dnXqn80ezsLSZ5Wlv1PdKAWAO4L5PnKYtv2dgaI= +github.com/brunoga/deep v1.2.5 h1:bigq4eooqbeJXfvTfZBn3AH3B1iW+rtetxVeh0GiLrg= +github.com/brunoga/deep v1.2.5/go.mod h1:GDV6dnXqn80ezsLSZ5Wlv1PdKAWAO4L5PnKYtv2dgaI= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -104,8 +114,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= -github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8= +github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -115,6 +125,8 @@ github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/cel-go v0.25.0 h1:jsFw9Fhn+3y2kBbltZR4VEz5xKkcIFRPDnuEzAGv5GY= +github.com/google/cel-go v0.25.0/go.mod h1:hjEb6r5SuOSlhCHmFoLzu8HGCERvIsDAbxDAyNU/MmI= github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -125,8 +137,8 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= -github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= +github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -135,8 +147,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gT github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o= github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk= -github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= -github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= +github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA= github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc h1:GN2Lv3MGO7AS6PrRoT6yV5+wkrOpcszoIsO4+4ds248= github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc/go.mod h1:+JKpmjMGhpgPL+rXZ5nsZieVzvarn86asRlBg4uNGnk= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -154,8 +166,8 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= -github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= +github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= +github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -167,15 +179,14 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/labstack/echo/v4 v4.13.3 h1:pwhpCPrTl5qry5HRdM5FwdXnhXSLSY+WE+YQSeCaafY= -github.com/labstack/echo/v4 v4.13.3/go.mod h1:o90YNEeQWjDozo584l7AwhJMHN0bOC4tAfg+Xox9q5g= +github.com/labstack/echo/v4 v4.13.4 h1:oTZZW+T3s9gAu5L8vmzihV7/lkXGZuITzTQkTEhcXEA= +github.com/labstack/echo/v4 v4.13.4/go.mod h1:g63b33BZ5vZzcIUF8AtRH40DrTlXnx4UMC8rBdndmjQ= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= -github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= +github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -206,22 +217,18 @@ github.com/nexucis/lamenv v0.5.2/go.mod h1:HusJm6ltmmT7FMG8A750mOLuME6SHCsr2iFYx github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= -github.com/onsi/ginkgo/v2 v2.23.0 h1:FA1xjp8ieYDzlgS5ABTpdUDB7wtngggONc8a7ku2NqQ= -github.com/onsi/ginkgo/v2 v2.23.0/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM= -github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= -github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= +github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus= +github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8= +github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y= +github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/openshift/api v0.0.0-20240404200104-96ed2d49b255 h1:OPEl/rl/Bt8soLkMUex9PZu9PJB59VPFnaPh/n1Pb3I= github.com/openshift/api v0.0.0-20240404200104-96ed2d49b255/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= -github.com/perses/common v0.27.0 h1:MtqDz/qzkKcj0T1DkTMS2+pJEjw2gw4Bac6n4C2OCNQ= -github.com/perses/common v0.27.0/go.mod h1:d7uE0LIysDf7bor9/g6exyFEg8nfRqbCxrezBUYXo2I= -github.com/perses/perses v0.50.3 h1:BHlU9qkCFCUSP4HP5p9GwophWcxm5Vnu6Fsrx8Fb/+w= -github.com/perses/perses v0.50.3/go.mod h1:oqfHLOrXERvEqECShqXPjHXqVukQxcoaaTM6ySRF7hU= -github.com/perses/perses-operator v0.1.10 h1:eZkvKjWny39SavrQ8ejCh8LWPqVhVxlqg4zUpzDNWlo= -github.com/perses/perses-operator v0.1.10/go.mod h1:cuUp/6WiTn9VrEfJJwuR9ILUJaK/NfOs/7MOYyGbByQ= +github.com/perses/common v0.27.1-0.20250326140707-96e439b14e0e h1:AormqtWdtHdoQyGO90U1fRoElR0XQHmP0W9oJUsCOZY= +github.com/perses/common v0.27.1-0.20250326140707-96e439b14e0e/go.mod h1:CMTbKu0uWCFKgo4oDVoT8GcMC0bKyDH4cNG3GVfi+rA= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -240,17 +247,17 @@ github.com/prometheus/alertmanager v0.28.0/go.mod h1:/okSnb2LlodbMlRoOWQEKtqI/co github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_golang v1.21.1 h1:DOvXXTqVzvkIewV/CDPFdejpMCGeMcbGCQ8YOmu+Ibk= -github.com/prometheus/client_golang v1.21.1/go.mod h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg= +github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= +github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= -github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= +github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= -github.com/prometheus/common v0.63.0 h1:YR/EIY1o3mEFP/kZCD7iDMnLPlGyuU2Gb3HIcXnA98k= -github.com/prometheus/common v0.63.0/go.mod h1:VVFF/fBIoToEnWRVkYoXEkq3R3paCoxG9PXP74SnV18= +github.com/prometheus/common v0.64.0 h1:pdZeA+g617P7oGv1CzdTzyeShxAGrTBsolKNOLQPGO4= +github.com/prometheus/common v0.64.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= @@ -266,9 +273,16 @@ github.com/rhobs/obo-prometheus-operator/pkg/apis/monitoring v0.80.1-rhobs1 h1:Y github.com/rhobs/obo-prometheus-operator/pkg/apis/monitoring v0.80.1-rhobs1/go.mod h1:BkCsHUsmtN0H45bszS8X8ZBU71RlScoUcQZxF5RpvC8= github.com/rhobs/obo-prometheus-operator/pkg/client v0.80.1-rhobs1 h1:G5O8HeMAMXYthKNyodtfO/jkY1gTeSbY1SykBgzRgQY= github.com/rhobs/obo-prometheus-operator/pkg/client v0.80.1-rhobs1/go.mod h1:MTDYtuwui/WwVLOhCOIr1LSD1qWTOKGjx1J8e+Td/CY= -github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= -github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/rhobs/perses v0.0.0-20250612171017-5d7686af9ae4 h1:IxpxGJ/fbnRkZZYFm17NMedFyEuOKuf4TS23g+6jMvU= +github.com/rhobs/perses v0.0.0-20250612171017-5d7686af9ae4/go.mod h1:Mxs4sXawWiV50qokKG1UZCV9NJEdJWsALY71/z38NKA= +github.com/rhobs/perses-operator v0.1.10-0.20250612173146-78eb619430df h1:rwtqpvrowEF6EjSiO3PPcqC6s2jo7NU3VsGU6yrpxTg= +github.com/rhobs/perses-operator v0.1.10-0.20250612173146-78eb619430df/go.mod h1:G7eHFpIaBYMlqUZGsfTu2290i7ZXS9pc5TYicCj6+W0= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= +github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= @@ -277,13 +291,20 @@ github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= +github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= @@ -294,26 +315,28 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/zitadel/oidc/v3 v3.36.1 h1:1AT1NqKKEqAwx4GmKJZ9fYkWH2WIn/VKMfQ46nBtRf0= -github.com/zitadel/oidc/v3 v3.36.1/go.mod h1:dApGZLvWZTHRuxmcbQlW5d2XVjVYR3vGOdq536igmTs= -github.com/zitadel/schema v1.3.0 h1:kQ9W9tvIwZICCKWcMvCEweXET1OcOyGEuFbHs4o5kg0= -github.com/zitadel/schema v1.3.0/go.mod h1:NptN6mkBDFvERUCvZHlvWmmME+gmZ44xzwRXwhzsbtc= +github.com/zitadel/oidc/v3 v3.38.1 h1:VTf1Bv/33UbSwJnIWbfEIdpUGYKfoHetuBNIqVTcjvA= +github.com/zitadel/oidc/v3 v3.38.1/go.mod h1:muukzAasaWmn3vBwEVMglJfuTE0PKCvLJGombPwXIRw= +github.com/zitadel/schema v1.3.1 h1:QT3kwiRIRXXLVAs6gCK/u044WmUVh6IlbLXUsn6yRQU= +github.com/zitadel/schema v1.3.1/go.mod h1:071u7D2LQacy1HAN+YnMd/mx1qVE2isb0Mjeqg46xnU= go.mongodb.org/mongo-driver v1.17.2 h1:gvZyk8352qSfzyZ2UMWcpDpMSGEr1eqE4T793SqyhzM= go.mongodb.org/mongo-driver v1.17.2/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I= -go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY= -go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI= -go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ= -go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE= -go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A= -go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU= -go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k= -go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ= +go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ= +go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y= +go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M= +go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE= +go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY= +go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg= +go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs= +go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= +go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= +go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= @@ -324,8 +347,8 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= -golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= +golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8= +golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw= golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 h1:nDVHiLt8aIbd/VzvPWN6kSOPE7+F/fNFDSXLVYkE/Iw= golang.org/x/exp v0.0.0-20250305212735-054e65f0b394/go.mod h1:sIifuuw/Yco/y6yb6+bDNfyeQ/MdPUy/hKEMYQV17cM= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -338,17 +361,17 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c= -golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= -golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc= -golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= +golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY= +golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= +golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= +golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= -golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ= +golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -357,24 +380,23 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= -golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= -golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= +golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= +golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg= +golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= -golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= -golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= -golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4= +golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA= +golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0= +golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU= -golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ= +golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU= +golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -383,13 +405,14 @@ gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= google.golang.org/api v0.213.0 h1:KmF6KaDyFqB417T68tMPbVmmwtIXs2VB60OJKIHB0xQ= google.golang.org/api v0.213.0/go.mod h1:V0T5ZhNUUNpYAlL306gFZPFt5F5D/IeyLoktduYYnvQ= -google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250122153221-138b5a5a4fd4 h1:yrTuav+chrF0zF/joFGICKTzYv7mh/gr9AgEXrVU8ao= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250122153221-138b5a5a4fd4/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50= -google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ= -google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw= -google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= -google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463 h1:hE3bRWtU6uceqlh4fhrSnUyjKHMKB9KrTLLG+bc0ddM= +google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463/go.mod h1:U90ffi8eUL9MwPcrJylN5+Mk2v3vuPDptd5yyNUiRR8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 h1:e0AIkUUhxyBKh6ssZNrAMeqhA7RKUj42346d1y02i2g= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/grpc v1.71.0 h1:kF77BGdPTQ4/JZWMlb9VpJ5pa25aqvVqogsxNHHdeBg= +google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= +google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= +google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -410,29 +433,32 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= -k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls= -k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k= -k8s.io/apiextensions-apiserver v0.32.2 h1:2YMk285jWMk2188V2AERy5yDwBYrjgWYggscghPCvV4= -k8s.io/apiextensions-apiserver v0.32.2/go.mod h1:GPwf8sph7YlJT3H6aKUWtd0E+oyShk/YHWQHf/OOgCA= -k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U= -k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= -k8s.io/apiserver v0.32.2 h1:WzyxAu4mvLkQxwD9hGa4ZfExo3yZZaYzoYvvVDlM6vw= -k8s.io/apiserver v0.32.2/go.mod h1:PEwREHiHNU2oFdte7BjzA1ZyjWjuckORLIK/wLV5goM= -k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU= -k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY= -k8s.io/component-base v0.32.2 h1:1aUL5Vdmu7qNo4ZsE+569PV5zFatM9hl+lb3dEea2zU= -k8s.io/component-base v0.32.2/go.mod h1:PXJ61Vx9Lg+P5mS8TLd7bCIr+eMJRQTyXe8KvkrvJq0= +k8s.io/api v0.32.5 h1:uqjjsYo1kTJr5NIcoIaP9F+TgXgADH7nKQx91FDAhtk= +k8s.io/api v0.32.5/go.mod h1:bXXFU3fGCZ/eFMZvfHZC69PeGbXEL4zzjuPVzOxHF64= +k8s.io/apiextensions-apiserver v0.32.1 h1:hjkALhRUeCariC8DiVmb5jj0VjIc1N0DREP32+6UXZw= +k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto= +k8s.io/apimachinery v0.32.5 h1:6We3aJ6crC0ap8EhsEXcgX3LpI6SEjubpiOMXLROwPM= +k8s.io/apimachinery v0.32.5/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/apiserver v0.32.5 h1:phmm2EOUVFI+cLiq8Grtuh166fTt/qgvkGPkpgzp5uY= +k8s.io/apiserver v0.32.5/go.mod h1:5bfueS1tgARVWVXRJBMI5mHoCmev0jOvbxebai/kiqc= +k8s.io/client-go v0.32.5 h1:huFmQMzgWu0z4kbWsuZci+Gt4Fo72I4CcrvhToZ/Qp0= +k8s.io/client-go v0.32.5/go.mod h1:Qchw6f9WIVrur7DKojAHpRgGLcANT0RLIvF39Jz58xA= +k8s.io/component-base v0.32.5 h1:2HiX+m3s9Iz5CMqdCVDH2V942UqzQvjuhcXb4W+KCsg= +k8s.io/component-base v0.32.5/go.mod h1:jDsPNFFElv9m27TcYxlpEX7TZ3vdgx2g4PaqMUHpV/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg= -k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas= +k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4= +k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8= k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.20.3 h1:I6Ln8JfQjHH7JbtCD2HCYHoIzajoRxPNuvhvcDbZgkI= -sigs.k8s.io/controller-runtime v0.20.3/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= +sigs.k8s.io/controller-runtime v0.20.4 h1:X3c+Odnxz+iPTRobG4tp092+CvBU9UK0t/bRf+n0DGU= +sigs.k8s.io/controller-runtime v0.20.4/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= -sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk= -sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= +sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc= +sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/pkg/controllers/uiplugin/accelerators.go b/pkg/controllers/uiplugin/accelerators.go index 48b90213b..7587918b2 100644 --- a/pkg/controllers/uiplugin/accelerators.go +++ b/pkg/controllers/uiplugin/accelerators.go @@ -1,11 +1,11 @@ package uiplugin import ( - persesv1alpha1 "github.com/perses/perses-operator/api/v1alpha1" - persesv1 "github.com/perses/perses/pkg/model/api/v1" - "github.com/perses/perses/pkg/model/api/v1/common" - "github.com/perses/perses/pkg/model/api/v1/dashboard" - "github.com/perses/perses/pkg/model/api/v1/variable" + persesv1alpha1 "github.com/rhobs/perses-operator/api/v1alpha1" + persesv1 "github.com/rhobs/perses/pkg/model/api/v1" + "github.com/rhobs/perses/pkg/model/api/v1/common" + "github.com/rhobs/perses/pkg/model/api/v1/dashboard" + "github.com/rhobs/perses/pkg/model/api/v1/variable" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/utils/ptr" ) @@ -13,9 +13,9 @@ import ( func newAcceleratorsDatasource(namespace string) *persesv1alpha1.PersesDatasource { return &persesv1alpha1.PersesDatasource{ TypeMeta: metav1.TypeMeta{ - APIVersion: persesv1alpha1.GroupVersion.String(), - Kind: "PersesDatasource", - }, + APIVersion: persesv1alpha1.GroupVersion.String(), + Kind: "PersesDatasource", + }, ObjectMeta: metav1.ObjectMeta{ Name: "accelerators-thanos-querier-datasource", Namespace: namespace, @@ -48,7 +48,9 @@ func newAcceleratorsDatasource(namespace string) *persesv1alpha1.PersesDatasourc TLS: &persesv1alpha1.TLS{ Enable: true, CaCert: &persesv1alpha1.Certificate{ - Type: persesv1alpha1.CertificateTypeFile, + SecretSource: persesv1alpha1.SecretSource{ + Type: persesv1alpha1.SecretSourceTypeFile, + }, CertPath: "/ca/service-ca.crt", }, }, @@ -60,9 +62,9 @@ func newAcceleratorsDatasource(namespace string) *persesv1alpha1.PersesDatasourc func newAcceleratorsDashboard(namespace string) *persesv1alpha1.PersesDashboard { return &persesv1alpha1.PersesDashboard{ TypeMeta: metav1.TypeMeta{ - APIVersion: persesv1alpha1.GroupVersion.String(), - Kind: "PersesDashboard", - }, + APIVersion: persesv1alpha1.GroupVersion.String(), + Kind: "PersesDashboard", + }, ObjectMeta: metav1.ObjectMeta{ Name: "accelerators-dashboard", Namespace: namespace, diff --git a/pkg/controllers/uiplugin/components.go b/pkg/controllers/uiplugin/components.go index 6786a74ee..47a50bc4d 100644 --- a/pkg/controllers/uiplugin/components.go +++ b/pkg/controllers/uiplugin/components.go @@ -66,7 +66,7 @@ func pluginComponentReconcilers(plugin *uiv1alpha1.UIPlugin, pluginInfo UIPlugin namespace := pluginInfo.ResourceNamespace components := []reconciler.Reconciler{ - reconciler.NewUpdater(newServiceAccount(pluginInfo, namespace), plugin), + reconciler.NewUpdater(newServiceAccount(pluginInfo.Name, namespace), plugin), reconciler.NewUpdater(newDeployment(pluginInfo, namespace, plugin.Spec.Deployment), plugin), reconciler.NewUpdater(newService(pluginInfo, namespace), plugin), } @@ -122,11 +122,13 @@ func pluginComponentReconcilers(plugin *uiv1alpha1.UIPlugin, pluginInfo UIPlugin } if pluginInfo.PersesImage != "" { + persesServiceAccountName := "perses" + serviceAccountSuffix + components = append(components, reconciler.NewUpdater(newServiceAccount("perses", namespace), plugin)) + components = append(components, reconciler.NewUpdater(newClusterRoleBinding(namespace, persesServiceAccountName, "system:auth-delegator", persesServiceAccountName+":system:auth-delegator"), plugin)) components = append(components, reconciler.NewUpdater(newPerses(namespace, pluginInfo.PersesImage), plugin)) components = append(components, reconciler.NewUpdater(newAcceleratorsDatasource(namespace), plugin)) components = append(components, reconciler.NewUpdater(newAcceleratorsDashboard(namespace), plugin)) } - return components } @@ -155,14 +157,14 @@ func newClusterRoleBinding(namespace string, serviceAccountName string, roleName } } -func newServiceAccount(info UIPluginInfo, namespace string) *corev1.ServiceAccount { +func newServiceAccount(name string, namespace string) *corev1.ServiceAccount { return &corev1.ServiceAccount{ TypeMeta: metav1.TypeMeta{ APIVersion: corev1.SchemeGroupVersion.String(), Kind: "ServiceAccount", }, ObjectMeta: metav1.ObjectMeta{ - Name: info.Name + serviceAccountSuffix, + Name: name + serviceAccountSuffix, Namespace: namespace, }, } diff --git a/pkg/controllers/uiplugin/controller.go b/pkg/controllers/uiplugin/controller.go index 044940fbd..3bb7b0125 100644 --- a/pkg/controllers/uiplugin/controller.go +++ b/pkg/controllers/uiplugin/controller.go @@ -10,7 +10,7 @@ import ( osv1 "github.com/openshift/api/console/v1" osv1alpha1 "github.com/openshift/api/console/v1alpha1" operatorv1 "github.com/openshift/api/operator/v1" - persesv1alpha1 "github.com/perses/perses-operator/api/v1alpha1" + persesv1alpha1 "github.com/rhobs/perses-operator/api/v1alpha1" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" diff --git a/pkg/controllers/uiplugin/monitoring.go b/pkg/controllers/uiplugin/monitoring.go index 046543195..b4f166448 100644 --- a/pkg/controllers/uiplugin/monitoring.go +++ b/pkg/controllers/uiplugin/monitoring.go @@ -7,9 +7,10 @@ import ( osv1 "github.com/openshift/api/console/v1" osv1alpha1 "github.com/openshift/api/console/v1alpha1" - persesv1alpha1 "github.com/perses/perses-operator/api/v1alpha1" - persesconfig "github.com/perses/perses/pkg/model/api/config" - "github.com/perses/perses/pkg/model/api/v1/common" + persesv1alpha1 "github.com/rhobs/perses-operator/api/v1alpha1" + persesconfig "github.com/rhobs/perses/pkg/model/api/config" + "github.com/rhobs/perses/pkg/model/api/v1/common" + persesrole "github.com/rhobs/perses/pkg/model/api/v1/role" "golang.org/x/mod/semver" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -282,7 +283,28 @@ func newPerses(namespace string, persesImage string) *persesv1alpha1.Perses { Config: persesv1alpha1.PersesConfig{ Config: persesconfig.Config{ Security: persesconfig.Security{ - EnableAuth: false, + EnableAuth: true, + Authorization: persesconfig.AuthorizationConfig{ + Kubernetes: true, + GuestPermissions: []*persesrole.Permission{ + { + Actions: []persesrole.Action{ + "read", + }, + Scopes: []persesrole.Scope{ + "*", + }, + }, + }, + }, + Authentication: persesconfig.AuthenticationConfig{ + DisableSignUp: true, + Providers: persesconfig.AuthProviders{ + KubernetesProvider: persesconfig.KubernetesProvider{ + Enabled: true, + }, + }, + }, }, Database: persesconfig.Database{ File: &persesconfig.File{ @@ -290,7 +312,7 @@ func newPerses(namespace string, persesImage string) *persesv1alpha1.Perses { Extension: persesconfig.YAMLExtension, }, }, - Schemas: persesconfig.Schemas{ + Schemas: &persesconfig.Schemas{ PanelsPath: "/etc/perses/cue/schemas/panels", QueriesPath: "/etc/perses/cue/schemas/queries", DatasourcesPath: "/etc/perses/cue/schemas/datasources", @@ -304,14 +326,20 @@ func newPerses(namespace string, persesImage string) *persesv1alpha1.Perses { TLS: &persesv1alpha1.TLS{ Enable: true, UserCert: &persesv1alpha1.Certificate{ - Type: persesv1alpha1.CertificateTypeSecret, - Name: name, + SecretSource: persesv1alpha1.SecretSource{ + Type: persesv1alpha1.SecretSourceTypeSecret, + Name: name, + Namespace: namespace, + }, CertPath: "tls.crt", PrivateKeyPath: "tls.key", }, CaCert: &persesv1alpha1.Certificate{ - Type: persesv1alpha1.CertificateTypeConfigMap, - Name: "openshift-service-ca.crt", + SecretSource: persesv1alpha1.SecretSource{ + Type: persesv1alpha1.SecretSourceTypeConfigMap, + Name: "openshift-service-ca.crt", + Namespace: namespace, + }, CertPath: "service-ca.crt", }, }, @@ -319,8 +347,11 @@ func newPerses(namespace string, persesImage string) *persesv1alpha1.Perses { TLS: &persesv1alpha1.TLS{ Enable: true, CaCert: &persesv1alpha1.Certificate{ - Type: persesv1alpha1.CertificateTypeConfigMap, - Name: "openshift-service-ca.crt", + SecretSource: persesv1alpha1.SecretSource{ + Type: persesv1alpha1.SecretSourceTypeConfigMap, + Name: "openshift-service-ca.crt", + Namespace: namespace, + }, CertPath: "service-ca.crt", }, }, @@ -330,6 +361,7 @@ func newPerses(namespace string, persesImage string) *persesv1alpha1.Perses { "service.beta.openshift.io/serving-cert-secret-name": name, }, }, + ServiceAccountName: "perses" + serviceAccountSuffix, }, } } diff --git a/pkg/operator/scheme.go b/pkg/operator/scheme.go index 0b8154906..2400732c4 100644 --- a/pkg/operator/scheme.go +++ b/pkg/operator/scheme.go @@ -4,9 +4,9 @@ import ( osv1 "github.com/openshift/api/console/v1" osv1alpha1 "github.com/openshift/api/console/v1alpha1" operatorv1 "github.com/openshift/api/operator/v1" - persesv1alpha1 "github.com/perses/perses-operator/api/v1alpha1" monv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" monitoringv1 "github.com/rhobs/obo-prometheus-operator/pkg/apis/monitoring/v1" + persesv1alpha1 "github.com/rhobs/perses-operator/api/v1alpha1" corev1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/runtime" From dbd919fe7d16e3c954716a9a51206530486789e2 Mon Sep 17 00:00:00 2001 From: PeterYurkovich Date: Tue, 17 Jun 2025 14:53:22 -0400 Subject: [PATCH 2/7] fix: perses guest permissions --- pkg/controllers/uiplugin/monitoring.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pkg/controllers/uiplugin/monitoring.go b/pkg/controllers/uiplugin/monitoring.go index b4f166448..4807b044f 100644 --- a/pkg/controllers/uiplugin/monitoring.go +++ b/pkg/controllers/uiplugin/monitoring.go @@ -289,10 +289,15 @@ func newPerses(namespace string, persesImage string) *persesv1alpha1.Perses { GuestPermissions: []*persesrole.Permission{ { Actions: []persesrole.Action{ - "read", + "*", }, Scopes: []persesrole.Scope{ - "*", + "Folder", + "GlobalDatasource", + "GlobalSecret", + "GlobalVariable", + "Secret", + "Variable", }, }, }, From e0d117139b50e9c829ef6940f4893c80d893620f Mon Sep 17 00:00:00 2001 From: PeterYurkovich Date: Tue, 17 Jun 2025 14:53:35 -0400 Subject: [PATCH 3/7] fix: perses config format --- pkg/controllers/uiplugin/monitoring.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/controllers/uiplugin/monitoring.go b/pkg/controllers/uiplugin/monitoring.go index 4807b044f..c03a12106 100644 --- a/pkg/controllers/uiplugin/monitoring.go +++ b/pkg/controllers/uiplugin/monitoring.go @@ -360,6 +360,9 @@ func newPerses(namespace string, persesImage string) *persesv1alpha1.Perses { CertPath: "service-ca.crt", }, }, + KubernetesAuth: &persesv1alpha1.KubernetesAuth{ + Enable: true, + }, }, Service: &persesv1alpha1.PersesService{ Annotations: map[string]string{ From 6e8e2bdab46756f65a16ed3896fc646de5c2e3b7 Mon Sep 17 00:00:00 2001 From: PeterYurkovich Date: Tue, 17 Jun 2025 14:53:55 -0400 Subject: [PATCH 4/7] fix: add perses clusterrole and binding --- pkg/controllers/uiplugin/components.go | 2 ++ pkg/controllers/uiplugin/monitoring.go | 25 +++++++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/pkg/controllers/uiplugin/components.go b/pkg/controllers/uiplugin/components.go index 47a50bc4d..13c1c9252 100644 --- a/pkg/controllers/uiplugin/components.go +++ b/pkg/controllers/uiplugin/components.go @@ -125,6 +125,8 @@ func pluginComponentReconcilers(plugin *uiv1alpha1.UIPlugin, pluginInfo UIPlugin persesServiceAccountName := "perses" + serviceAccountSuffix components = append(components, reconciler.NewUpdater(newServiceAccount("perses", namespace), plugin)) components = append(components, reconciler.NewUpdater(newClusterRoleBinding(namespace, persesServiceAccountName, "system:auth-delegator", persesServiceAccountName+":system:auth-delegator"), plugin)) + components = append(components, reconciler.NewUpdater(newPersesClusterRole(), plugin)) + components = append(components, reconciler.NewUpdater(newClusterRoleBinding(namespace, persesServiceAccountName, "perses-cr", persesServiceAccountName+":perses-cr"), plugin)) components = append(components, reconciler.NewUpdater(newPerses(namespace, pluginInfo.PersesImage), plugin)) components = append(components, reconciler.NewUpdater(newAcceleratorsDatasource(namespace), plugin)) components = append(components, reconciler.NewUpdater(newAcceleratorsDashboard(namespace), plugin)) diff --git a/pkg/controllers/uiplugin/monitoring.go b/pkg/controllers/uiplugin/monitoring.go index c03a12106..aae2933e9 100644 --- a/pkg/controllers/uiplugin/monitoring.go +++ b/pkg/controllers/uiplugin/monitoring.go @@ -13,6 +13,7 @@ import ( persesrole "github.com/rhobs/perses/pkg/model/api/v1/role" "golang.org/x/mod/semver" corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" @@ -373,3 +374,27 @@ func newPerses(namespace string, persesImage string) *persesv1alpha1.Perses { }, } } + +func newPersesClusterRole() *rbacv1.ClusterRole { + return &rbacv1.ClusterRole{ + TypeMeta: metav1.TypeMeta{ + APIVersion: rbacv1.SchemeGroupVersion.String(), + Kind: "ClusterRole", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "perses-cr", + }, + Rules: []rbacv1.PolicyRule{ + { + APIGroups: []string{""}, + Resources: []string{"namespaces"}, + Verbs: []string{"list", "get"}, + }, + { + APIGroups: []string{"perses.dev"}, + Resources: []string{"persesdashboards", "persesdatasources"}, + Verbs: []string{"get", "list", "watch", "create", "update", "delete", "patch"}, + }, + }, + } +} From e620962fef338fdaf4f2c86e30008732660ceb8d Mon Sep 17 00:00:00 2001 From: PeterYurkovich Date: Tue, 17 Jun 2025 18:12:26 -0400 Subject: [PATCH 5/7] feat: add perses roles --- ...c.authorization.k8s.io_v1_clusterrole.yaml | 30 +++++++++++++++++++ ...c.authorization.k8s.io_v1_clusterrole.yaml | 26 ++++++++++++++++ ...c.authorization.k8s.io_v1_clusterrole.yaml | 30 +++++++++++++++++++ ...c.authorization.k8s.io_v1_clusterrole.yaml | 26 ++++++++++++++++ deploy/perses/kustomization.yaml | 5 ++++ .../perses/persesdashboard_editor_role.yaml | 30 +++++++++++++++++++ .../perses/persesdashboard_viewer_role.yaml | 26 ++++++++++++++++ .../perses/persesdatasource_editor_role.yaml | 30 +++++++++++++++++++ .../perses/persesdatasource_viewer_role.yaml | 26 ++++++++++++++++ 9 files changed, 229 insertions(+) create mode 100644 bundle/manifests/persesdashboard-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 bundle/manifests/persesdashboard-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 bundle/manifests/persesdatasource-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 bundle/manifests/persesdatasource-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 deploy/perses/persesdashboard_editor_role.yaml create mode 100644 deploy/perses/persesdashboard_viewer_role.yaml create mode 100644 deploy/perses/persesdatasource_editor_role.yaml create mode 100644 deploy/perses/persesdatasource_viewer_role.yaml diff --git a/bundle/manifests/persesdashboard-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/persesdashboard-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 000000000..a2896f3d5 --- /dev/null +++ b/bundle/manifests/persesdashboard-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: perses-operator + app.kubernetes.io/instance: persesdashboard-editor-role + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: perses-operator + name: persesdashboard-editor-role +rules: +- apiGroups: + - perses.dev + resources: + - persesdashboards + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - perses.dev + resources: + - persesdashboards/status + verbs: + - get diff --git a/bundle/manifests/persesdashboard-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/persesdashboard-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 000000000..7a5c61653 --- /dev/null +++ b/bundle/manifests/persesdashboard-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: perses-operator + app.kubernetes.io/instance: persesdashboard-viewer-role + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: perses-operator + name: persesdashboard-viewer-role +rules: +- apiGroups: + - perses.dev + resources: + - persesdashboards + verbs: + - get + - list + - watch +- apiGroups: + - perses.dev + resources: + - persesdashboards/status + verbs: + - get diff --git a/bundle/manifests/persesdatasource-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/persesdatasource-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 000000000..8fabe863d --- /dev/null +++ b/bundle/manifests/persesdatasource-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: perses-operator + app.kubernetes.io/instance: persesdatasource-editor-role + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: perses-operator + name: persesdatasource-editor-role +rules: +- apiGroups: + - perses.dev + resources: + - persesdatasources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - perses.dev + resources: + - persesdatasources/status + verbs: + - get diff --git a/bundle/manifests/persesdatasource-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/persesdatasource-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 000000000..c63a26be7 --- /dev/null +++ b/bundle/manifests/persesdatasource-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: perses-operator + app.kubernetes.io/instance: persesdatasource-viewer-role + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: perses-operator + name: persesdatasource-viewer-role +rules: +- apiGroups: + - perses.dev + resources: + - persesdatasources + verbs: + - get + - list + - watch +- apiGroups: + - perses.dev + resources: + - persesdatasources/status + verbs: + - get diff --git a/deploy/perses/kustomization.yaml b/deploy/perses/kustomization.yaml index 960c29248..18ccf47d7 100644 --- a/deploy/perses/kustomization.yaml +++ b/deploy/perses/kustomization.yaml @@ -7,3 +7,8 @@ resources: - perses-operator-cluster-role.yaml - perses-operator-service-account.yaml - perses-operator-cluster-role-binding.yaml +- persesdashboard_editor_role.yaml +- persesdashboard_viewer_role.yaml +- persesdatasource_editor_role.yaml +- persesdatasource_viewer_role.yaml + diff --git a/deploy/perses/persesdashboard_editor_role.yaml b/deploy/perses/persesdashboard_editor_role.yaml new file mode 100644 index 000000000..1853add0c --- /dev/null +++ b/deploy/perses/persesdashboard_editor_role.yaml @@ -0,0 +1,30 @@ +# permissions for end users to edit persesdashboards. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: persesdashboard-editor-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: perses-operator + app.kubernetes.io/part-of: perses-operator + name: persesdashboard-editor-role +rules: + - apiGroups: + - perses.dev + resources: + - persesdashboards + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - perses.dev + resources: + - persesdashboards/status + verbs: + - get diff --git a/deploy/perses/persesdashboard_viewer_role.yaml b/deploy/perses/persesdashboard_viewer_role.yaml new file mode 100644 index 000000000..c52e52e77 --- /dev/null +++ b/deploy/perses/persesdashboard_viewer_role.yaml @@ -0,0 +1,26 @@ +# permissions for end users to view persesdashboards. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: persesdashboard-viewer-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: perses-operator + app.kubernetes.io/part-of: perses-operator + name: persesdashboard-viewer-role +rules: + - apiGroups: + - perses.dev + resources: + - persesdashboards + verbs: + - get + - list + - watch + - apiGroups: + - perses.dev + resources: + - persesdashboards/status + verbs: + - get diff --git a/deploy/perses/persesdatasource_editor_role.yaml b/deploy/perses/persesdatasource_editor_role.yaml new file mode 100644 index 000000000..cac90549d --- /dev/null +++ b/deploy/perses/persesdatasource_editor_role.yaml @@ -0,0 +1,30 @@ +# permissions for end users to edit persesdatasources. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: persesdatasource-editor-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: perses-operator + app.kubernetes.io/part-of: perses-operator + name: persesdatasource-editor-role +rules: + - apiGroups: + - perses.dev + resources: + - persesdatasources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - perses.dev + resources: + - persesdatasources/status + verbs: + - get diff --git a/deploy/perses/persesdatasource_viewer_role.yaml b/deploy/perses/persesdatasource_viewer_role.yaml new file mode 100644 index 000000000..93b938d3b --- /dev/null +++ b/deploy/perses/persesdatasource_viewer_role.yaml @@ -0,0 +1,26 @@ +# permissions for end users to view persesdatasources. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: clusterrole + app.kubernetes.io/instance: persesdatasource-viewer-role + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: perses-operator + app.kubernetes.io/part-of: perses-operator + name: persesdatasource-viewer-role +rules: + - apiGroups: + - perses.dev + resources: + - persesdatasources + verbs: + - get + - list + - watch + - apiGroups: + - perses.dev + resources: + - persesdatasources/status + verbs: + - get From d605d7316138271f7385871f5b997ff7f81ecd1e Mon Sep 17 00:00:00 2001 From: Gabriel Bernal Date: Tue, 24 Jun 2025 15:33:37 +0200 Subject: [PATCH 6/7] fix: update perses image Signed-off-by: Gabriel Bernal --- .../observability-operator.clusterserviceversion.yaml | 4 ++-- deploy/operator/kustomization.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bundle/manifests/observability-operator.clusterserviceversion.yaml b/bundle/manifests/observability-operator.clusterserviceversion.yaml index efbc87224..4a9987a4d 100644 --- a/bundle/manifests/observability-operator.clusterserviceversion.yaml +++ b/bundle/manifests/observability-operator.clusterserviceversion.yaml @@ -42,7 +42,7 @@ metadata: categories: Monitoring certified: "false" containerImage: observability-operator:1.2.0 - createdAt: "2025-06-24T10:23:06Z" + createdAt: "2025-06-24T11:30:26Z" description: A Go based Kubernetes operator to setup and manage highly available Monitoring Stack using Prometheus, Alertmanager and Thanos Querier. operatorframework.io/cluster-monitoring: "true" @@ -929,7 +929,7 @@ spec: - --images=alertmanager=quay.io/prometheus/alertmanager:v0.26.0 - --images=prometheus=quay.io/prometheus/prometheus:v2.49.1 - --images=thanos=quay.io/thanos/thanos:v0.33.0 - - --images=perses=quay.io/openshift-observability-ui/perses:v0.51-go-1.23 + - --images=perses=quay.io/openshift-observability-ui/perses:v0.51.1-go-1.23 env: - name: NAMESPACE valueFrom: diff --git a/deploy/operator/kustomization.yaml b/deploy/operator/kustomization.yaml index c31a7b915..4482cda4c 100644 --- a/deploy/operator/kustomization.yaml +++ b/deploy/operator/kustomization.yaml @@ -41,7 +41,7 @@ patches: - patch: |- - op: add path: /spec/template/spec/containers/0/args/- - value: --images=perses=quay.io/openshift-observability-ui/perses:v0.51-go-1.23 + value: --images=perses=quay.io/openshift-observability-ui/perses:v0.51.1-go-1.23 target: group: apps kind: Deployment From 356c08fd37816a4855156d19989ddbd112fc125e Mon Sep 17 00:00:00 2001 From: Gabriel Bernal Date: Tue, 24 Jun 2025 16:46:18 +0200 Subject: [PATCH 7/7] fix: remove deprecated schema --- pkg/controllers/uiplugin/monitoring.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/pkg/controllers/uiplugin/monitoring.go b/pkg/controllers/uiplugin/monitoring.go index aae2933e9..07ab9cea3 100644 --- a/pkg/controllers/uiplugin/monitoring.go +++ b/pkg/controllers/uiplugin/monitoring.go @@ -3,13 +3,11 @@ package uiplugin import ( "fmt" "strings" - "time" osv1 "github.com/openshift/api/console/v1" osv1alpha1 "github.com/openshift/api/console/v1alpha1" persesv1alpha1 "github.com/rhobs/perses-operator/api/v1alpha1" persesconfig "github.com/rhobs/perses/pkg/model/api/config" - "github.com/rhobs/perses/pkg/model/api/v1/common" persesrole "github.com/rhobs/perses/pkg/model/api/v1/role" "golang.org/x/mod/semver" corev1 "k8s.io/api/core/v1" @@ -318,13 +316,6 @@ func newPerses(namespace string, persesImage string) *persesv1alpha1.Perses { Extension: persesconfig.YAMLExtension, }, }, - Schemas: &persesconfig.Schemas{ - PanelsPath: "/etc/perses/cue/schemas/panels", - QueriesPath: "/etc/perses/cue/schemas/queries", - DatasourcesPath: "/etc/perses/cue/schemas/datasources", - VariablesPath: "/etc/perses/cue/schemas/variables", - Interval: common.Duration(time.Hour * 6), - }, }, }, Image: persesImage,