--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.2 observability.openshift.io/api-support: DevPreview operatorframework.io/installed-alongside-66a369a9dc2ebb6c: openshift-operators/cluster-observability-operator.v1.2.2 creationTimestamp: "2025-10-11T10:48:06Z" generation: 1 labels: olm.managed: "true" operators.coreos.com/cluster-observability-operator.openshift-operators: "" managedFields: - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:controller-gen.kubebuilder.io/version: {} f:observability.openshift.io/api-support: {} f:operatorframework.io/installed-alongside-66a369a9dc2ebb6c: {} f:labels: .: {} f:olm.managed: {} f:spec: f:conversion: .: {} f:strategy: {} f:group: {} f:names: f:kind: {} f:listKind: {} f:plural: {} f:shortNames: {} f:singular: {} f:scope: {} f:versions: {} manager: catalog operation: Update time: "2025-10-11T10:48:06Z" - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:acceptedNames: f:kind: {} f:listKind: {} f:plural: {} f:shortNames: {} f:singular: {} f:conditions: k:{"type":"Established"}: .: {} f:lastTransitionTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} k:{"type":"NamesAccepted"}: .: {} f:lastTransitionTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} manager: kube-apiserver operation: Update subresource: status time: "2025-10-11T10:48:06Z" - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:labels: f:operators.coreos.com/cluster-observability-operator.openshift-operators: {} manager: olm operation: Update time: "2025-10-11T10:48:17Z" name: perses.perses.dev resourceVersion: "27989" uid: 699a06b6-6ea1-470b-9396-ea9e74aacbf0 spec: conversion: strategy: None group: perses.dev names: kind: Perses listKind: PersesList plural: perses shortNames: - per singular: perses scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: Perses is the Schema for the perses API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: PersesSpec defines the desired state of Perses properties: affinity: description: Affinity is a group of affinity scheduling rules. properties: nodeAffinity: description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: description: |- The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. items: description: |- An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with the corresponding weight. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: - preference - weight type: object type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: description: |- A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: description: |- The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: description: |- A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: description: |- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: description: |- namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: description: |- weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: - podAffinityTerm - weight type: object type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: description: |- Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: description: |- A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: description: |- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: description: |- namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: description: |- The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: description: |- A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: description: |- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: description: |- namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: description: |- weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: - podAffinityTerm - weight type: object type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: description: |- Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: description: |- A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: description: |- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: description: |- namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array x-kubernetes-list-type: atomic type: object type: object args: description: Args extra arguments to pass to perses items: type: string type: array client: description: Perses client configuration properties: basicAuth: description: BasicAuth basic auth config for perses client properties: name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namsespace of certificate k8s resource (when type is secret or configmap) type: string password_path: description: Path to password type: string type: description: Type source type of secret enum: - secret - configmap - file type: string username: description: Username for basic auth type: string required: - password_path - type - username type: object kubernetesAuth: description: KubernetesAuth configuration for perses client properties: enable: description: Enable kubernetes auth for perses client type: boolean required: - enable type: object oauth: description: OAuth configuration for perses client properties: authStyle: description: |- AuthStyle optionally specifies how the endpoint wants the client ID & client secret sent. The zero value means to auto-detect. type: integer clientIDPath: description: Path to client id type: string clientSecretPath: description: Path to client secret type: string endpointParams: additionalProperties: items: type: string type: array description: EndpointParams specifies additional parameters for requests to the token endpoint. type: object name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namsespace of certificate k8s resource (when type is secret or configmap) type: string scopes: description: Scope specifies optional requested permissions. items: type: string type: array tokenURL: description: |- TokenURL is the resource server's token endpoint URL. This is a constant specific to each server. type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - tokenURL - type type: object tls: description: TLS the equivalent to the tls_config for perses client properties: caCert: description: CaCert to verify the perses certificate properties: certPath: description: Path to Certificate type: string name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namsespace of certificate k8s resource (when type is secret or configmap) type: string privateKeyPath: description: Path to Private key certificate type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - certPath - type type: object enable: description: Enable TLS connection to perses type: boolean insecureSkipVerify: description: InsecureSkipVerify skip verify of perses certificate type: boolean userCert: description: UserCert client cert/key for mTLS properties: certPath: description: Path to Certificate type: string name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namsespace of certificate k8s resource (when type is secret or configmap) type: string privateKeyPath: description: Path to Private key certificate type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - certPath - type type: object required: - enable type: object type: object config: properties: api_prefix: description: Use it in case you want to prefix the API path. type: string dashboard: description: Dashboard contains the configuration for the dashboard feature. properties: custom_lint_rules: items: properties: assertion: description: |- Assertion is a CEL expression that validates the extracted value. Refer to https://github.com/google/cel-spec/blob/master/doc/langdef.md for the syntax. type: string disable: description: Disable is a flag to disable the rule. type: boolean message: description: Message is displayed if the assertion fails. type: string name: description: Name of the rule type: string target: description: |- Target is a JSONPath expression to extract the relevant portion of the dashboard data. Refer to https://goessner.net/articles/JsonPath/ for the syntax. type: string required: - assertion - disable - message - name - target type: object type: array type: object database: description: Database contains the different configuration depending on the database you want to use properties: file: properties: case_sensitive: type: boolean extension: type: string folder: type: string required: - folder type: object sql: properties: addr: description: Network address (requires Net) type: string allow_all_files: description: Allow all files to be used with LOAD DATA LOCAL INFILE type: boolean allow_cleartext_passwords: description: Allows the cleartext client side plugin type: boolean allow_fallback_to_plaintext: description: Allows fallback to unencrypted connection if server does not support TLS type: boolean allow_native_passwords: description: Allows the native password authentication method type: boolean allow_old_passwords: description: Allows the old insecure password method type: boolean case_sensitive: type: boolean check_conn_liveness: description: Check connections for liveness before using them type: boolean client_found_rows: description: Return number of matching rows instead of rows changed type: boolean collation: description: Connection collation type: string columns_with_alias: description: Prepend table alias to column names type: boolean db_name: description: Database name type: string interpolate_params: description: Interpolate placeholders into query string type: boolean loc: description: Location for time.Time values type: object max_allowed_packet: description: Max packet size allowed type: integer multi_statements: description: Allow multiple statements in one query type: boolean net: description: Network type type: string parse_time: description: Parse time values to time.Time type: boolean password: description: Password (requires User) type: string password_file: description: PasswordFile is a path to a file that contains a password type: string read_timeout: description: I/O read timeout format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string reject_read_only: description: Reject read-only connections type: boolean server_pub_key: description: Server public key name type: string timeout: description: Dial timeout format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string tls_config: description: TLS configuration properties: ca: description: Text of the CA cert to use for the targets. type: string ca_file: description: The CA cert to use for the targets. type: string ca_ref: description: |- CARef is the name of the secret within the secret manager to use as the CA cert for the targets. type: string cert: description: Text of the client cert file for the targets. type: string cert_file: description: The client cert file for the targets. type: string cert_ref: description: |- CertRef is the name of the secret within the secret manager to use as the client cert for the targets. type: string insecure_skip_verify: description: Disable target certificate validation. type: boolean key: description: Text of the client key file for the targets. type: string key_file: description: The client key file for the targets. type: string key_ref: description: |- KeyRef is the name of the secret within the secret manager to use as the client key for the targets. type: string max_version: description: Maximum TLS version. type: integer min_version: description: Minimum TLS version. type: integer server_name: description: Used to verify the hostname for the targets. type: string required: - insecure_skip_verify type: object user: description: Username type: string write_timeout: description: I/O write timeout format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string required: - allow_all_files - allow_cleartext_passwords - allow_fallback_to_plaintext - allow_native_passwords - allow_old_passwords - case_sensitive - check_conn_liveness - client_found_rows - columns_with_alias - db_name - interpolate_params - max_allowed_packet - multi_statements - parse_time - read_timeout - reject_read_only - server_pub_key - timeout - write_timeout type: object type: object datasource: description: Datasource contains the configuration for the datasource. properties: disable_local: description: |- DisableLocal when used is preventing the possibility to add a datasource directly in the dashboard spec. It will also disable the associated proxy. type: boolean global: properties: disable: description: |- Disable is used to disable the global datasource feature. It will also remove the associated proxy. Also, since the global variable depends on the global datasource, it will also disable the global variable feature. type: boolean discovery: description: |- Discovery is the configuration that helps to generate a list of global datasource based on the discovery chosen. Be careful: the data coming from the discovery will totally override what exists in the database. Note that this is an experimental feature. Behavior and config may change in the future. items: properties: http_sd: description: |- HTTP-based service discovery provides a more generic way to generate a set of global datasource and serves as an interface to plug in custom service discovery mechanisms. It fetches an HTTP endpoint containing a list of zero or more global datasources. The target must reply with an HTTP 200 response. The HTTP header Content-Type must be application/json, and the body must be valid array of JSON. properties: authorization: description: The HTTP authorization credentials for the targets. properties: credentials: type: string credentialsFile: type: string type: type: string type: object basic_auth: properties: password: type: string passwordFile: description: PasswordFile is a path to a file that contains a password type: string username: type: string required: - username type: object headers: additionalProperties: type: string type: object native_auth: properties: login: type: string password: type: string required: - login - password type: object oauth: properties: authStyle: description: |- AuthStyle optionally specifies how the endpoint wants the client ID & client secret sent. The zero value means to auto-detect. type: integer clientID: description: ClientID is the application's ID. type: string clientSecret: description: ClientSecret is the application's secret. type: string clientSecretFile: type: string endpointParams: additionalProperties: items: type: string type: array description: EndpointParams specifies additional parameters for requests to the token endpoint. type: object scopes: description: Scope specifies optional requested permissions. items: type: string type: array tokenURL: description: |- TokenURL is the resource server's token endpoint URL. This is a constant specific to each server. type: string required: - authStyle - clientID - clientSecret - clientSecretFile - endpointParams - scopes - tokenURL type: object tls_config: description: TLSConfig to use to connect to the targets. properties: ca: description: Text of the CA cert to use for the targets. type: string caFile: description: The CA cert to use for the targets. type: string cert: description: Text of the client cert file for the targets. type: string certFile: description: The client cert file for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean key: description: Text of the client key file for the targets. type: string keyFile: description: The client key file for the targets. type: string maxVersion: description: |- Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default maximum version, which is TLS 1.3. See MaxVersion in https://pkg.go.dev/crypto/tls#Config. type: string minVersion: description: |- Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default minimum version, which is TLS 1.2. See MinVersion in https://pkg.go.dev/crypto/tls#Config. type: string serverName: description: Used to verify the hostname for the targets. type: string type: object url: format: uri type: string required: - url type: object kubernetes_sd: description: |- Kubernetes SD configurations allow retrieving global datasource from Kubernetes' REST API and always staying synchronized with the cluster state. properties: datasource_plugin_kind: description: DatasourcePluginKind is the name of the datasource plugin that should be filled when creating datasources found. type: string labels: additionalProperties: type: string description: The labels used to filter the list of resource when contacting the Kubernetes API. type: object namespace: description: |- Kubernetes namespace to constraint the query to only one namespace. Leave empty if you are looking for datasource cross-namespace. type: string pod_configuration: description: Configuration when you want to discover the pods in Kubernetes properties: container_name: description: Name of the container the target address points to. type: string container_port_name: description: Name of the container port. type: string container_port_number: description: Number of the container port. format: int32 type: integer enable: description: If set to true, Perses server will discovery the pod type: boolean type: object service_configuration: description: Configuration when you want to discover the services in Kubernetes properties: enable: description: If set to true, Perses server will discovery the service type: boolean port_name: description: Name of the service port for the target. type: string port_number: description: Number of the service port for the target. format: int32 type: integer service_type: description: The type of the service. type: string type: object required: - datasource_plugin_kind - namespace type: object name: description: The name of the discovery config. It is used for logging purposes only type: string refresh_interval: description: Refresh interval to re-query the endpoint. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string required: - name type: object type: array required: - disable type: object project: properties: disable: description: |- Disable is used to disable the project datasource feature. It will also remove the associated proxy. type: boolean required: - disable type: object required: - disable_local - global - project type: object ephemeral_dashboard: description: EphemeralDashboard contains the config about the ephemeral dashboard feature properties: cleanup_interval: description: The interval at which to trigger the cleanup of ephemeral dashboards, based on their TTLs. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string enable: description: When true user will be able to use the ephemeral dashboard at project level. type: boolean required: - cleanup_interval - enable type: object ephemeral_dashboards_cleanup_interval: description: |- EphemeralDashboardsCleanupInterval is the interval at which the ephemeral dashboards are cleaned up DEPRECATED. Please use the config EphemeralDashboard instead. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string frontend: description: Frontend contains any config that will be used by the frontend itself. properties: disable: description: When it is true, Perses won't serve the frontend anymore, and any other config set here will be ignored type: boolean explorer: description: |- Explorer is activating the different kind of explorer supported. Be sure you have installed an associated plugin for each explorer type. properties: enable: type: boolean required: - enable type: object important_dashboards: description: ImportantDashboards contains important dashboard selectors items: properties: dashboard: description: Dashboard is the name of the dashboard (dashboard.metadata.name) type: string project: description: Project is the name of the project (dashboard.metadata.project) type: string required: - dashboard - project type: object type: array information: description: Information contains markdown content to be display on the home page type: string time_range: description: TimeRange contains the time range configuration for the dropdown properties: disable_custom: type: boolean disable_zoom: type: boolean options: items: format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string type: array required: - disable_custom type: object required: - disable - explorer type: object plugin: description: Plugin contains the config for runtime plugins. properties: archive_path: description: |- ArchivePath is the path to the directory containing the archived plugins When Perses is starting, it will extract the content of the archive in the folder specified in the `folder` attribute. type: string enable_dev: description: DevEnvironment is the configuration to use when developing a plugin type: boolean path: description: Path is the path to the directory containing the runtime plugins type: string required: - enable_dev type: object provisioning: description: Provisioning contains the provisioning config that can be used if you want to provide default resources. properties: folders: items: type: string type: array interval: description: Interval is the refresh frequency format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string type: object schemas: description: |- Schemas contain the configuration to get access to the CUE schemas DEPRECATED. Please remove it from your config. properties: datasources_path: type: string interval: format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string panels_path: type: string queries_path: type: string variables_path: type: string type: object security: description: Security contains any configuration that changes the API behavior like the endpoints exposed or if the permissions are activated. properties: authentication: description: Authentication contains configuration regarding management of access/refresh token properties: access_token_ttl: description: AccessTokenTTL is the time to live of the access token. By default, it is 15 minutes. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string disable_sign_up: description: |- DisableSignUp deactivates the Sign-up page in the UI. It also disables the endpoint that gives the possibility to create a user. type: boolean providers: description: Providers configure the different authentication providers properties: enable_native: type: boolean kubernetes: properties: enabled: type: boolean kubeconfig: type: string required: - enabled type: object oauth: items: properties: auth_url: format: uri type: string client_credentials: properties: client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string scopes: items: type: string type: array required: - client_id - client_secret - scopes type: object client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string custom_login_property: type: string device_auth_url: format: uri type: string device_code: properties: client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string scopes: items: type: string type: array required: - client_id - client_secret - scopes type: object http: properties: timeout: format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string tls_config: properties: ca: description: Text of the CA cert to use for the targets. type: string caFile: description: The CA cert to use for the targets. type: string cert: description: Text of the client cert file for the targets. type: string certFile: description: The client cert file for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean key: description: Text of the client key file for the targets. type: string keyFile: description: The client key file for the targets. type: string maxVersion: description: |- Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default maximum version, which is TLS 1.3. See MaxVersion in https://pkg.go.dev/crypto/tls#Config. type: string minVersion: description: |- Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default minimum version, which is TLS 1.2. See MinVersion in https://pkg.go.dev/crypto/tls#Config. type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - timeout - tls_config type: object name: type: string redirect_uri: format: uri type: string scopes: items: type: string type: array slug_id: type: string token_url: format: uri type: string user_infos_url: format: uri type: string required: - auth_url - client_id - device_auth_url - http - name - slug_id - token_url - user_infos_url type: object type: array oidc: items: properties: client_credentials: properties: client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string scopes: items: type: string type: array required: - client_id - client_secret - scopes type: object client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string device_code: properties: client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string scopes: items: type: string type: array required: - client_id - client_secret - scopes type: object disable_pkce: type: boolean discovery_url: format: uri type: string http: properties: timeout: format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string tls_config: properties: ca: description: Text of the CA cert to use for the targets. type: string caFile: description: The CA cert to use for the targets. type: string cert: description: Text of the client cert file for the targets. type: string certFile: description: The client cert file for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean key: description: Text of the client key file for the targets. type: string keyFile: description: The client key file for the targets. type: string maxVersion: description: |- Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default maximum version, which is TLS 1.3. See MaxVersion in https://pkg.go.dev/crypto/tls#Config. type: string minVersion: description: |- Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default minimum version, which is TLS 1.2. See MinVersion in https://pkg.go.dev/crypto/tls#Config. type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - timeout - tls_config type: object issuer: format: uri type: string name: type: string redirect_uri: format: uri type: string scopes: items: type: string type: array slug_id: type: string url_params: additionalProperties: type: string type: object required: - client_id - disable_pkce - http - issuer - name - slug_id type: object type: array required: - enable_native type: object refresh_token_ttl: description: |- RefreshTokenTTL is the time to live of the refresh token. The refresh token is used to get a new access token when it is expired. By default, it is 24 hours. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string required: - disable_sign_up - providers type: object authorization: description: Authorization contains all configs around rbac (permissions and roles) properties: check_latest_update_interval: description: CheckLatestUpdateInterval that checks if the RBAC cache needs to be refreshed with db content. Only for SQL database setup. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string guest_permissions: description: Default permissions for guest users (logged-in users) items: properties: actions: description: Actions of the permission (read, create, update, delete, ...) items: type: string type: array scopes: description: |- The list of kind targeted by the permission. For example: `Datasource`, `Dashboard`, ... With Role, you can't target global kinds items: type: string type: array required: - actions - scopes type: object type: array kubernetes: type: boolean type: object cookie: description: Cookie configuration properties: same_site: description: |- Set the SameSite cookie attribute and prevents the browser from sending the cookie along with cross-site requests. The main goal is to mitigate the risk of cross-origin information leakage. This setting also provides some protection against cross-site request forgery attacks (CSRF) type: integer secure: description: Set to true if you host Perses behind HTTPS. Default is false type: boolean required: - secure type: object cors: description: Configuration for the CORS middleware. properties: allow_credentials: type: boolean allow_headers: items: type: string type: array allow_methods: items: type: string type: array allow_origins: items: type: string type: array enable: type: boolean expose_headers: items: type: string type: array max_age: type: integer required: - enable type: object enable_auth: description: |- When it is true, the authentication and authorization config are considered. And you will need a valid JWT token to contact most of the endpoints exposed by the API type: boolean encryption_key: description: |- EncryptionKey is the secret key used to encrypt and decrypt sensitive data stored in the database such as the password of the basic auth for a datasource. Note that if it is not provided, it will use a default value. On a production instance, you should set this key. Also note the key size must be exactly 32 bytes long as we are using AES-256 to encrypt the data. type: string encryption_key_file: description: EncryptionKeyFile is the path to file containing the secret key type: string readonly: description: Readonly will deactivate any HTTP POST, PUT, DELETE endpoint type: boolean required: - cookie - enable_auth - readonly type: object variable: description: Variable contains the configuration for the variable. properties: disable_local: description: DisableLocal when used is preventing the possibility to add a variable directly in the dashboard spec. type: boolean global: properties: disable: description: |- Disable is used to disable the global variable feature. Note that if the global datasource is disabled, the global variable will also be disabled. type: boolean required: - disable type: object project: properties: disable: description: |- Disable is used to disable the project variable feature. Note that if the global datasource and the project datasource are disabled, then the project variable will also be disabled. type: boolean required: - disable type: object required: - disable_local - global - project type: object type: object containerPort: format: int32 type: integer image: description: Image specifies the container image that should be used for the Perses deployment. type: string livenessProbe: description: |- Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: description: Exec specifies a command to execute in the container. properties: command: description: |- Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: description: |- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: |- The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value type: string required: - name - value type: object type: array x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: |- Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: description: |- Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: |- Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: description: |- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: description: |- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: |- Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: |- Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: description: |- Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object metadata: description: Metadata to add to deployed pods properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object nodeSelector: additionalProperties: type: string type: object readinessProbe: description: |- Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: description: Exec specifies a command to execute in the container. properties: command: description: |- Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: description: |- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: |- The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value type: string required: - name - value type: object type: array x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: |- Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: description: |- Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: |- Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: description: |- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: description: |- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: |- Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: |- Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: description: |- Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object replicas: format: int32 type: integer service: description: service specifies the service configuration for the perses instance properties: annotations: additionalProperties: type: string type: object name: type: string type: object serviceAccountName: description: ServiceAccountName is the name of the service account to use for the perses deployment or statefulset. type: string storage: default: size: 1Gi description: Storage configuration used by the StatefulSet properties: size: anyOf: - type: integer - type: string description: |- Size of the storage. cannot be decreased. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true storageClass: description: |- StorageClass to use for PVCs. If not specified, will use the default storage class type: string type: object tls: description: tls specifies the tls configuration for the perses instance properties: caCert: description: CaCert to verify the perses certificate properties: certPath: description: Path to Certificate type: string name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namsespace of certificate k8s resource (when type is secret or configmap) type: string privateKeyPath: description: Path to Private key certificate type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - certPath - type type: object enable: description: Enable TLS connection to perses type: boolean insecureSkipVerify: description: InsecureSkipVerify skip verify of perses certificate type: boolean userCert: description: UserCert client cert/key for mTLS properties: certPath: description: Path to Certificate type: string name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namsespace of certificate k8s resource (when type is secret or configmap) type: string privateKeyPath: description: Path to Private key certificate type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - certPath - type type: object required: - enable type: object tolerations: items: description: |- The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . properties: effect: description: |- Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: |- Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: description: |- Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. type: string tolerationSeconds: description: |- TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: description: |- Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object status: description: PersesStatus defines the observed state of Perses properties: conditions: items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: Perses listKind: PersesList plural: perses shortNames: - per singular: perses conditions: - lastTransitionTime: "2025-10-11T10:48:06Z" message: no conflicts found reason: NoConflicts status: "True" type: NamesAccepted - lastTransitionTime: "2025-10-11T10:48:06Z" message: the initial names have been accepted reason: InitialNamesAccepted status: "True" type: Established storedVersions: - v1alpha1