--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 observability.openshift.io/api-support: DevPreview operatorframework.io/installed-alongside-56529da9d339fb48: openshift-operators/cluster-observability-operator.v1.4.0 creationTimestamp: "2026-03-18T09:12:07Z" generation: 6 labels: olm.managed: "true" operators.coreos.com/cluster-observability-operator.openshift-operators: "" managedFields: - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:status: f:acceptedNames: f:kind: {} f:listKind: {} f:plural: {} f:shortNames: {} f:singular: {} f:conditions: k:{"type":"Established"}: .: {} f:lastTransitionTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} k:{"type":"NamesAccepted"}: .: {} f:lastTransitionTime: {} f:message: {} f:reason: {} f:status: {} f:type: {} manager: kube-apiserver operation: Update subresource: status time: "2026-03-18T09:12:08Z" - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:controller-gen.kubebuilder.io/version: {} f:observability.openshift.io/api-support: {} f:operatorframework.io/installed-alongside-56529da9d339fb48: {} f:labels: .: {} f:olm.managed: {} f:spec: f:conversion: .: {} f:strategy: {} f:webhook: .: {} f:clientConfig: .: {} f:service: .: {} f:path: {} f:port: {} f:conversionReviewVersions: {} f:group: {} f:names: f:kind: {} f:listKind: {} f:plural: {} f:shortNames: {} f:singular: {} f:scope: {} f:versions: {} manager: catalog operation: Update time: "2026-03-18T09:12:39Z" - apiVersion: apiextensions.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:labels: f:operators.coreos.com/cluster-observability-operator.openshift-operators: {} f:spec: f:conversion: f:webhook: f:clientConfig: f:caBundle: {} f:service: f:name: {} f:namespace: {} manager: olm operation: Update time: "2026-03-18T09:12:40Z" name: perses.perses.dev resourceVersion: "22085" uid: 77d7c8b9-4c82-495a-b8f0-dd1e604bf649 spec: conversion: strategy: Webhook webhook: clientConfig: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJ2VENDQVdLZ0F3SUJBZ0lJSU1kNFFHWlc0NEl3Q2dZSUtvWkl6ajBFQXdJd1FqRVdNQlFHQTFVRUNoTU4KVW1Wa0lFaGhkQ3dnU1c1akxqRW9NQ1lHQTFVRUF4TWZiMnh0TFhObGJHWnphV2R1WldRdE1qQmpOemM0TkRBMgpOalUyWlRNNE1qQWVGdzB5TmpBek1UZ3dPVEV5TVRsYUZ3MHlPREF6TVRjd09URXlNVGxhTUVJeEZqQVVCZ05WCkJBb1REVkpsWkNCSVlYUXNJRWx1WXk0eEtEQW1CZ05WQkFNVEgyOXNiUzF6Wld4bWMybG5ibVZrTFRJd1l6YzMKT0RRd05qWTFObVV6T0RJd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFSTGluMzBDUy9wUlUvbgoxNmpUcmp1TXVPVWNSZzN3TUpXNVk1VlZ3dXBQMXFLTXJ2Sy9EV29oNlIzODhhdEtiMVlDYWU2NDkyUDM1VkYzCnRNVEFLcnA4bzBJd1FEQU9CZ05WSFE4QkFmOEVCQU1DQWdRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlYKSFE0RUZnUVVaUllPQmRuRkZhT3R3eGlKZmVaZXJnTVVYaVl3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQVA2QwphYi9tMncrRU1pV2tjclhNM1R2aHRBelFtWS9XV2tGdDZWb081cE5CQWlFQStLaDJEOTc5eW9zd09hOTZId2t0CjIzS3Y0NHFsT212UWlBYlhaa256R2ZrPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== service: name: perses-operator-service namespace: openshift-operators path: /convert port: 443 conversionReviewVersions: - v1 group: perses.dev names: kind: Perses listKind: PersesList plural: perses shortNames: - per singular: perses scope: Namespaced versions: - deprecated: true deprecationWarning: perses.dev/v1alpha1 is deprecated; use perses.dev/v1alpha2 name: v1alpha1 schema: openAPIV3Schema: description: Perses is the Schema for the perses API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: PersesSpec defines the desired state of Perses properties: affinity: description: Affinity is a group of affinity scheduling rules. properties: nodeAffinity: description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: description: |- The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. items: description: |- An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with the corresponding weight. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: - preference - weight type: object type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: description: |- A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: description: |- The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: description: |- A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: description: |- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: description: |- namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: description: |- weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: - podAffinityTerm - weight type: object type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: description: |- Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: description: |- A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: description: |- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: description: |- namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: description: |- The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: description: |- A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: description: |- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: description: |- namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: description: |- weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: - podAffinityTerm - weight type: object type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: description: |- Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: description: |- A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: description: |- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: description: |- namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array x-kubernetes-list-type: atomic type: object type: object args: description: Args extra arguments to pass to perses items: type: string type: array client: description: Perses client configuration properties: basicAuth: description: BasicAuth basic auth config for perses client properties: name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namespace of certificate k8s resource (when type is secret or configmap) type: string password_path: description: Path to password minLength: 1 type: string type: description: Type source type of secret enum: - secret - configmap - file type: string username: description: Username for basic auth minLength: 1 type: string required: - password_path - type - username type: object kubernetesAuth: description: KubernetesAuth configuration for perses client properties: enable: description: Enable kubernetes auth for perses client type: boolean required: - enable type: object oauth: description: OAuth configuration for perses client properties: authStyle: description: |- AuthStyle optionally specifies how the endpoint wants the client ID & client secret sent. The zero value means to auto-detect. type: integer clientIDPath: description: Path to client id type: string clientSecretPath: description: Path to client secret type: string endpointParams: additionalProperties: items: type: string type: array description: EndpointParams specifies additional parameters for requests to the token endpoint. type: object name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namespace of certificate k8s resource (when type is secret or configmap) type: string scopes: description: Scope specifies optional requested permissions. items: type: string type: array tokenURL: description: |- TokenURL is the resource server's token endpoint URL. This is a constant specific to each server. minLength: 1 type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - tokenURL - type type: object tls: description: TLS the equivalent to the tls_config for perses client properties: caCert: description: CaCert to verify the perses certificate properties: certPath: description: Path to Certificate minLength: 1 type: string name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namespace of certificate k8s resource (when type is secret or configmap) type: string privateKeyPath: description: Path to Private key certificate type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - certPath - type type: object enable: description: Enable TLS connection to perses type: boolean insecureSkipVerify: description: InsecureSkipVerify skip verify of perses certificate type: boolean userCert: description: UserCert client cert/key for mTLS properties: certPath: description: Path to Certificate minLength: 1 type: string name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namespace of certificate k8s resource (when type is secret or configmap) type: string privateKeyPath: description: Path to Private key certificate type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - certPath - type type: object required: - enable type: object type: object config: properties: api_prefix: description: |- Use it in case you want to prefix the API path. This can be useful if you are running Perses behind a reverse proxy. By default, the API is served with the path /api. With this config, it will be served with the path /api Example: "/perses" type: string dashboard: description: Dashboard contains the configuration for the dashboard feature. properties: custom_lint_rules: items: properties: assertion: description: |- Assertion is a CEL expression that validates the extracted value. Refer to https://github.com/google/cel-spec/blob/master/doc/langdef.md for the syntax. type: string disable: description: Disable is a flag to disable the rule. type: boolean message: description: Message is displayed if the assertion fails. type: string name: description: Name of the rule type: string target: description: |- Target is a JSONPath expression to extract the relevant portion of the dashboard data. Refer to https://goessner.net/articles/JsonPath/ for the syntax. type: string required: - assertion - disable - message - name - target type: object type: array type: object database: description: Database contains the different configuration depending on the database you want to use properties: file: properties: case_sensitive: type: boolean extension: type: string folder: type: string required: - folder type: object sql: properties: addr: description: Network address (requires Net) type: string addr_file: description: AddrFile is a path to a file that contains the network address type: string allow_all_files: description: Allow all files to be used with LOAD DATA LOCAL INFILE type: boolean allow_cleartext_passwords: description: Allows the cleartext client side plugin type: boolean allow_fallback_to_plaintext: description: Allows fallback to unencrypted connection if server does not support TLS type: boolean allow_native_passwords: description: Allows the native password authentication method type: boolean allow_old_passwords: description: Allows the old insecure password method type: boolean case_sensitive: type: boolean check_conn_liveness: description: Check connections for liveness before using them type: boolean client_found_rows: description: Return number of matching rows instead of rows changed type: boolean collation: description: Connection collation type: string columns_with_alias: description: Prepend table alias to column names type: boolean db_name: description: Database name type: string interpolate_params: description: Interpolate placeholders into query string type: boolean loc: description: Location for time.Time values type: object max_allowed_packet: description: Max packet size allowed type: integer multi_statements: description: Allow multiple statements in one query type: boolean net: description: Network type type: string parse_time: description: Parse time values to time.Time type: boolean password: description: Password (requires User) type: string password_file: description: PasswordFile is a path to a file that contains a password type: string read_timeout: description: I/O read timeout format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string reject_read_only: description: Reject read-only connections type: boolean server_pub_key: description: Server public key name type: string timeout: description: Dial timeout format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string tls_config: description: TLS configuration properties: ca: description: Hidden special type for storing secrets. type: string caFile: type: string cert: description: Hidden special type for storing secrets. type: string certFile: type: string insecureSkipVerify: type: boolean key: description: Hidden special type for storing secrets. type: string keyFile: type: string maxVersion: type: string minVersion: type: string serverName: type: string type: object user: description: Username type: string user_file: description: UserFile is a path to a file that contains a username type: string write_timeout: description: I/O write timeout format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string required: - allow_all_files - allow_cleartext_passwords - allow_fallback_to_plaintext - allow_native_passwords - allow_old_passwords - case_sensitive - check_conn_liveness - client_found_rows - columns_with_alias - db_name - interpolate_params - max_allowed_packet - multi_statements - parse_time - read_timeout - reject_read_only - server_pub_key - timeout - write_timeout type: object type: object datasource: description: Datasource contains the configuration for the datasource. properties: disable_local: description: |- DisableLocal when used is preventing the possibility to add a datasource directly in the dashboard spec. It will also disable the associated proxy. type: boolean global: properties: disable: description: |- Disable is used to disable the global datasource feature. It will also remove the associated proxy. Also, since the global variable depends on the global datasource, it will also disable the global variable feature. type: boolean discovery: description: |- Discovery is the configuration that helps to generate a list of global datasource based on the discovery chosen. Be careful: the data coming from the discovery will totally override what exists in the database. Note that this is an experimental feature. Behavior and config may change in the future. items: properties: http_sd: description: |- HTTP-based service discovery provides a more generic way to generate a set of global datasource and serves as an interface to plug in custom service discovery mechanisms. It fetches an HTTP endpoint containing a list of zero or more global datasources. The target must reply with an HTTP 200 response. The HTTP header Content-Type must be application/json, and the body must be valid array of JSON. properties: authorization: description: The HTTP authorization credentials for the targets. properties: credentials: type: string credentialsFile: type: string type: type: string type: object basic_auth: properties: password: type: string passwordFile: description: PasswordFile is a path to a file that contains a password type: string username: type: string required: - username type: object headers: additionalProperties: type: string type: object k8s_auth: properties: kubeconfig: type: string type: object native_auth: properties: login: type: string password: type: string required: - login - password type: object oauth: properties: authStyle: description: |- AuthStyle optionally specifies how the endpoint wants the client ID & client secret sent. The zero value means to auto-detect. type: integer clientID: description: ClientID is the application's ID. type: string clientSecret: description: ClientSecret is the application's secret. type: string clientSecretFile: type: string endpointParams: additionalProperties: items: type: string type: array description: EndpointParams specifies additional parameters for requests to the token endpoint. type: object scopes: description: Scope specifies optional requested permissions. items: type: string type: array tokenURL: description: |- TokenURL is the resource server's token endpoint URL. This is a constant specific to each server. type: string required: - authStyle - clientID - clientSecret - clientSecretFile - endpointParams - scopes - tokenURL type: object tls_config: description: TLSConfig to use to connect to the targets. properties: ca: description: Text of the CA cert to use for the targets. type: string caFile: description: The CA cert to use for the targets. type: string cert: description: Text of the client cert file for the targets. type: string certFile: description: The client cert file for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean key: description: Text of the client key file for the targets. type: string keyFile: description: The client key file for the targets. type: string maxVersion: description: |- Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default maximum version, which is TLS 1.3. See MaxVersion in https://pkg.go.dev/crypto/tls#Config. type: string minVersion: description: |- Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default minimum version, which is TLS 1.2. See MinVersion in https://pkg.go.dev/crypto/tls#Config. type: string serverName: description: Used to verify the hostname for the targets. type: string type: object url: format: uri type: string required: - url type: object kubernetes_sd: description: |- Kubernetes SD configurations allow retrieving global datasource from Kubernetes' REST API and always staying synchronized with the cluster state. properties: datasource_plugin_kind: description: DatasourcePluginKind is the name of the datasource plugin that should be filled when creating datasources found. type: string labels: additionalProperties: type: string description: The labels used to filter the list of resource when contacting the Kubernetes API. type: object namespace: description: |- Kubernetes namespace to constraint the query to only one namespace. Leave empty if you are looking for datasource cross-namespace. type: string pod_configuration: description: Configuration when you want to discover the pods in Kubernetes properties: container_name: description: Name of the container the target address points to. type: string container_port_name: description: Name of the container port. type: string container_port_number: description: Number of the container port. format: int32 type: integer enable: description: If set to true, Perses server will discovery the pod type: boolean type: object service_configuration: description: Configuration when you want to discover the services in Kubernetes properties: enable: description: If set to true, Perses server will discovery the service type: boolean port_name: description: Name of the service port for the target. type: string port_number: description: Number of the service port for the target. format: int32 type: integer service_type: description: The type of the service. type: string type: object required: - datasource_plugin_kind - namespace type: object name: description: The name of the discovery config. It is used for logging purposes only type: string refresh_interval: description: Refresh interval to re-query the endpoint. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string required: - name type: object type: array required: - disable type: object project: properties: disable: description: |- Disable is used to disable the project datasource feature. It will also remove the associated proxy. type: boolean required: - disable type: object required: - disable_local - global - project type: object ephemeral_dashboard: description: EphemeralDashboard contains the config about the ephemeral dashboard feature properties: cleanup_interval: description: The interval at which to trigger the cleanup of ephemeral dashboards, based on their TTLs. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string enable: description: When true user will be able to use the ephemeral dashboard at project level. type: boolean required: - cleanup_interval - enable type: object ephemeral_dashboards_cleanup_interval: description: |- EphemeralDashboardsCleanupInterval is the interval at which the ephemeral dashboards are cleaned up DEPRECATED. Please use the config EphemeralDashboard instead. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string frontend: description: Frontend contains any config that will be used by the frontend itself. properties: banner: description: BannerInfo contains the content to be display in a banner at the top of each page along with the severity of the information properties: message: type: string severity: type: string required: - message - severity type: object disable: description: When it is true, Perses won't serve the frontend anymore, and any other config set here will be ignored type: boolean explorer: description: |- Explorer is activating the different kind of explorer supported. Be sure you have installed an associated plugin for each explorer type. properties: enable: type: boolean required: - enable type: object important_dashboards: description: ImportantDashboards contains important dashboard selectors items: properties: dashboard: description: Dashboard is the name of the dashboard (dashboard.metadata.name) type: string project: description: Project is the name of the project (dashboard.metadata.project) type: string required: - dashboard - project type: object type: array information: description: Information contains markdown content to be display on the home page type: string time_range: description: TimeRange contains the time range configuration for the dropdown properties: disable_custom: type: boolean disable_zoom: type: boolean options: items: description: |- DurationString is a string that represents a duration, such as "1h", "30m", "15s", etc. It is used to unmarshal a duration string from JSON or YAML, and validate that it is a valid duration string. Not converting the duration string into a time.Duration type allows us to avoid the issue of changing the initial input with an alias. This is something that happens when we use Duration type, because when the duration is unmarshalled then marshaled again, the input can be changed with an equivalent duration. For example "14d" will be changed to "2w". So, use DurationString instead of Duration when you want to preserve the original input string. If, for any reason, you need to convert the DurationString to a time.Duration, you can use the ParseDuration function. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string type: array type: object required: - disable - explorer type: object plugin: description: Plugin contains the config for runtime plugins. properties: archive_path: description: |- ArchivePath is the path to the directory containing the archived plugins When Perses is starting, it will extract the content of the archive in the folder specified in the `folder` attribute. DEPRECATED: This attribute is deprecated and will be removed in a future version. It is still supported for backward compatibility, but it is recommended to use the `archive_paths` attribute instead. type: string archive_paths: description: |- ArchivePaths is the list of paths to the directories containing the archived plugins. It allows to specify multiple directories for the archived plugins. When Perses is starting, it will extract any archive found in the folders specified in this attribute in the folder specified in the `path` attribute. items: type: string type: array enable_dev: description: DevEnvironment is the configuration to use when developing a plugin type: boolean path: description: Path is the path to the directory containing the runtime plugins type: string required: - enable_dev type: object provisioning: description: Provisioning contains the provisioning config that can be used if you want to provide default resources. properties: folders: items: type: string type: array interval: description: Interval is the refresh frequency format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string type: object schemas: description: |- Schemas contain the configuration to get access to the CUE schemas DEPRECATED. Please remove it from your config. properties: datasources_path: type: string interval: format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string panels_path: type: string queries_path: type: string variables_path: type: string type: object security: description: Security contains any configuration that changes the API behavior like the endpoints exposed or if the permissions are activated. properties: authentication: description: Authentication contains configuration regarding management of access/refresh token properties: access_token_ttl: description: AccessTokenTTL is the time to live of the access token. By default, it is 15 minutes. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string disable_sign_up: description: |- DisableSignUp deactivates the Sign-up page in the UI. It also disables the endpoint that gives the possibility to create a user. type: boolean providers: description: Providers configure the different authentication providers properties: enable_native: type: boolean kubernetes: properties: enable: type: boolean required: - enable type: object oauth: items: properties: auth_url: format: uri type: string client_credentials: properties: client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string client_secret_file: type: string scopes: items: type: string type: array required: - client_id - scopes type: object client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string client_secret_file: type: string custom_login_property: type: string device_auth_url: format: uri type: string device_code: properties: client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string client_secret_file: type: string scopes: items: type: string type: array required: - client_id - scopes type: object http: properties: timeout: format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string tls_config: properties: ca: description: Text of the CA cert to use for the targets. type: string caFile: description: The CA cert to use for the targets. type: string cert: description: Text of the client cert file for the targets. type: string certFile: description: The client cert file for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean key: description: Text of the client key file for the targets. type: string keyFile: description: The client key file for the targets. type: string maxVersion: description: |- Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default maximum version, which is TLS 1.3. See MaxVersion in https://pkg.go.dev/crypto/tls#Config. type: string minVersion: description: |- Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default minimum version, which is TLS 1.2. See MinVersion in https://pkg.go.dev/crypto/tls#Config. type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - timeout - tls_config type: object name: type: string redirect_uri: format: uri type: string scopes: items: type: string type: array slug_id: type: string token_url: format: uri type: string user_infos_url: format: uri type: string required: - auth_url - client_id - device_auth_url - http - name - slug_id - token_url - user_infos_url type: object type: array oidc: items: properties: client_credentials: properties: client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string client_secret_file: type: string scopes: items: type: string type: array required: - client_id - scopes type: object client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string client_secret_file: type: string device_code: properties: client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string client_secret_file: type: string scopes: items: type: string type: array required: - client_id - scopes type: object disable_pkce: type: boolean discovery_url: format: uri type: string http: properties: timeout: format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string tls_config: properties: ca: description: Text of the CA cert to use for the targets. type: string caFile: description: The CA cert to use for the targets. type: string cert: description: Text of the client cert file for the targets. type: string certFile: description: The client cert file for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean key: description: Text of the client key file for the targets. type: string keyFile: description: The client key file for the targets. type: string maxVersion: description: |- Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default maximum version, which is TLS 1.3. See MaxVersion in https://pkg.go.dev/crypto/tls#Config. type: string minVersion: description: |- Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default minimum version, which is TLS 1.2. See MinVersion in https://pkg.go.dev/crypto/tls#Config. type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - timeout - tls_config type: object issuer: format: uri type: string logout: properties: enabled: type: boolean logout_redirect_param_name: type: string required: - enabled type: object name: type: string redirect_uri: format: uri type: string scopes: items: type: string type: array slug_id: type: string url_params: additionalProperties: type: string type: object required: - client_id - disable_pkce - http - issuer - logout - name - slug_id type: object type: array required: - enable_native type: object refresh_token_ttl: description: |- RefreshTokenTTL is the time to live of the refresh token. The refresh token is used to get a new access token when it is expired. By default, it is 24 hours. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string required: - disable_sign_up - providers type: object authorization: description: Authorization contains all configs around rbac (permissions and roles) properties: check_latest_update_interval: description: 'DEPRECATED: use NativeAuthorizationProvider.CheckLatestUpdateInterval instead.' format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string guest_permissions: description: 'DEPRECATED: use NativeAuthorizationProvider.GuestPermissions instead.' items: properties: actions: description: Actions of the permission (read, create, update, delete, ...) items: type: string type: array scopes: description: |- The list of kind targeted by the permission. For example: `Datasource`, `Dashboard`, ... With Role, you can't target global kinds items: type: string type: array required: - actions - scopes type: object type: array provider: properties: kubernetes: properties: authenticator_ttl: description: 'time an authenticator response will be cached for. Default: 2m' format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string authorizer_allow_ttl: description: 'time an authorizer allow response will be cached for. Default: 5m' format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string authorizer_deny_ttl: description: 'time an authorizer denied will be cached for. Default: 30s' format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string burst: description: 'burst QPS the k8s client will use with the apiserver. Default: 1000 qps' type: integer enable: type: boolean kubeconfig: description: |- The active user in the kubeconfig should have "create" permissions for the `TokenReview` and `SubjectAccessReview` resources. If the kubeconfig parameter isn't available the pods service account token will be used type: string qps: description: 'query per second (QPS) the k8s client will use with the apiserver. Default: 500 qps' type: integer type: object native: properties: check_latest_update_interval: description: CheckLatestUpdateInterval that checks if the RBAC cache needs to be refreshed with db content. Only for SQL database setup. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string enable: type: boolean guest_permissions: description: Default permissions for guest users (logged-in users) items: properties: actions: description: Actions of the permission (read, create, update, delete, ...) items: type: string type: array scopes: description: |- The list of kind targeted by the permission. For example: `Datasource`, `Dashboard`, ... With Role, you can't target global kinds items: type: string type: array required: - actions - scopes type: object type: array type: object type: object type: object cookie: description: Cookie configuration properties: same_site: description: |- Set the SameSite cookie attribute and prevents the browser from sending the cookie along with cross-site requests. The main goal is to mitigate the risk of cross-origin information leakage. This setting also provides some protection against cross-site request forgery attacks (CSRF) type: integer secure: description: Set to true if you host Perses behind HTTPS. Default is false type: boolean required: - secure type: object cors: description: Configuration for the CORS middleware. properties: allow_credentials: type: boolean allow_headers: items: type: string type: array allow_methods: items: type: string type: array allow_origins: items: type: string type: array enable: type: boolean expose_headers: items: type: string type: array max_age: type: integer required: - enable type: object enable_auth: description: |- When it is true, the authentication and authorization config are considered. And you will need a valid JWT token to contact most of the endpoints exposed by the API type: boolean encryption_key: description: |- EncryptionKey is the secret key used to encrypt and decrypt sensitive data stored in the database such as the password of the basic auth for a datasource. Note that if it is not provided, it will use a default value. On a production instance, you should set this key. Also note the key size must be exactly 32 bytes long as we are using AES-256 to encrypt the data. type: string encryption_key_file: description: EncryptionKeyFile is the path to file containing the secret key type: string readonly: description: Readonly will deactivate any HTTP POST, PUT, DELETE endpoint type: boolean required: - cookie - enable_auth - readonly type: object variable: description: Variable contains the configuration for the variable. properties: disable_local: description: DisableLocal when used is preventing the possibility to add a variable directly in the dashboard spec. type: boolean global: properties: disable: description: |- Disable is used to disable the global variable feature. Note that if the global datasource is disabled, the global variable will also be disabled. type: boolean required: - disable type: object project: properties: disable: description: |- Disable is used to disable the project variable feature. Note that if the global datasource and the project datasource are disabled, then the project variable will also be disabled. type: boolean required: - disable type: object required: - disable_local - global - project type: object type: object containerPort: default: 8080 format: int32 maximum: 65535 minimum: 1 type: integer image: description: Image specifies the container image that should be used for the Perses deployment. type: string livenessProbe: description: |- Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: description: Exec specifies a command to execute in the container. properties: command: description: |- Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: description: |- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: |- The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value type: string required: - name - value type: object type: array x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: |- Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: description: |- Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: |- Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: description: |- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: description: |- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: |- Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: |- Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: description: |- Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object metadata: description: Metadata to add to deployed pods properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object nodeSelector: additionalProperties: type: string type: object readinessProbe: description: |- Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: description: Exec specifies a command to execute in the container. properties: command: description: |- Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: description: |- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: |- The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value type: string required: - name - value type: object type: array x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: |- Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: description: |- Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: |- Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: description: |- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: description: |- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: |- Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: |- Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: description: |- Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object replicas: format: int32 type: integer service: description: service specifies the service configuration for the perses instance properties: annotations: additionalProperties: type: string type: object name: type: string type: object serviceAccountName: description: ServiceAccountName is the name of the service account to use for the perses deployment or statefulset. type: string storage: default: size: 1Gi description: Storage configuration used by the StatefulSet properties: size: anyOf: - type: integer - type: string description: |- Size of the storage. cannot be decreased. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true storageClass: description: |- StorageClass to use for PVCs. If not specified, will use the default storage class type: string type: object tls: description: tls specifies the tls configuration for the perses instance properties: caCert: description: CaCert to verify the perses certificate properties: certPath: description: Path to Certificate minLength: 1 type: string name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namespace of certificate k8s resource (when type is secret or configmap) type: string privateKeyPath: description: Path to Private key certificate type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - certPath - type type: object enable: description: Enable TLS connection to perses type: boolean insecureSkipVerify: description: InsecureSkipVerify skip verify of perses certificate type: boolean userCert: description: UserCert client cert/key for mTLS properties: certPath: description: Path to Certificate minLength: 1 type: string name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namespace of certificate k8s resource (when type is secret or configmap) type: string privateKeyPath: description: Path to Private key certificate type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - certPath - type type: object required: - enable type: object tolerations: items: description: |- The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . properties: effect: description: |- Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: |- Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: description: |- Operator represents a key's relationship to the value. Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: description: |- Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object status: description: PersesStatus defines the observed state of Perses properties: conditions: items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array type: object type: object served: true storage: false subresources: status: {} - name: v1alpha2 schema: openAPIV3Schema: description: Perses is the Schema for the perses API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: PersesSpec defines the desired state of Perses properties: affinity: description: Affinity is a group of affinity scheduling rules. properties: nodeAffinity: description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: description: |- The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. items: description: |- An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with the corresponding weight. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: - preference - weight type: object type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: description: |- A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: description: |- The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: description: |- A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: description: |- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: description: |- namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: description: |- weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: - podAffinityTerm - weight type: object type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: description: |- Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: description: |- A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: description: |- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: description: |- namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: description: |- The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: description: |- A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: description: |- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: description: |- namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: description: |- weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 type: integer required: - podAffinityTerm - weight type: object type: array x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: description: |- Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: description: |- A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic mismatchLabelKeys: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. items: type: string type: array x-kubernetes-list-type: atomic namespaceSelector: description: |- A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: description: |- namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object type: array x-kubernetes-list-type: atomic type: object type: object args: description: Args extra arguments to pass to perses items: type: string type: array client: description: Perses client configuration properties: basicAuth: description: BasicAuth basic auth config for perses client properties: name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namespace of certificate k8s resource (when type is secret or configmap) type: string passwordPath: description: Path to password minLength: 1 type: string type: description: Type source type of secret enum: - secret - configmap - file type: string username: description: Username for basic auth minLength: 1 type: string required: - passwordPath - type - username type: object kubernetesAuth: description: KubernetesAuth configuration for perses client properties: enable: description: Enable kubernetes auth for perses client type: boolean required: - enable type: object oauth: description: OAuth configuration for perses client properties: authStyle: description: |- AuthStyle optionally specifies how the endpoint wants the client ID & client secret sent. The zero value means to auto-detect. type: integer clientIDPath: description: Path to client id type: string clientSecretPath: description: Path to client secret type: string endpointParams: additionalProperties: items: type: string type: array description: EndpointParams specifies additional parameters for requests to the token endpoint. type: object name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namespace of certificate k8s resource (when type is secret or configmap) type: string scopes: description: Scope specifies optional requested permissions. items: type: string type: array tokenURL: description: |- TokenURL is the resource server's token endpoint URL. This is a constant specific to each server. minLength: 1 type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - tokenURL - type type: object tls: description: TLS the equivalent to the tls_config for perses client properties: caCert: description: CaCert to verify the perses certificate properties: certPath: description: Path to Certificate minLength: 1 type: string name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namespace of certificate k8s resource (when type is secret or configmap) type: string privateKeyPath: description: Path to Private key certificate type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - certPath - type type: object enable: description: Enable TLS connection to perses type: boolean insecureSkipVerify: description: InsecureSkipVerify skip verify of perses certificate type: boolean userCert: description: UserCert client cert/key for mTLS properties: certPath: description: Path to Certificate minLength: 1 type: string name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namespace of certificate k8s resource (when type is secret or configmap) type: string privateKeyPath: description: Path to Private key certificate type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - certPath - type type: object required: - enable type: object type: object config: description: Perses server configuration properties: api_prefix: description: |- Use it in case you want to prefix the API path. This can be useful if you are running Perses behind a reverse proxy. By default, the API is served with the path /api. With this config, it will be served with the path /api Example: "/perses" type: string dashboard: description: Dashboard contains the configuration for the dashboard feature. properties: custom_lint_rules: items: properties: assertion: description: |- Assertion is a CEL expression that validates the extracted value. Refer to https://github.com/google/cel-spec/blob/master/doc/langdef.md for the syntax. type: string disable: description: Disable is a flag to disable the rule. type: boolean message: description: Message is displayed if the assertion fails. type: string name: description: Name of the rule type: string target: description: |- Target is a JSONPath expression to extract the relevant portion of the dashboard data. Refer to https://goessner.net/articles/JsonPath/ for the syntax. type: string required: - assertion - disable - message - name - target type: object type: array type: object database: description: Database contains the different configuration depending on the database you want to use properties: file: properties: case_sensitive: type: boolean extension: type: string folder: type: string required: - folder type: object sql: properties: addr: description: Network address (requires Net) type: string addr_file: description: AddrFile is a path to a file that contains the network address type: string allow_all_files: description: Allow all files to be used with LOAD DATA LOCAL INFILE type: boolean allow_cleartext_passwords: description: Allows the cleartext client side plugin type: boolean allow_fallback_to_plaintext: description: Allows fallback to unencrypted connection if server does not support TLS type: boolean allow_native_passwords: description: Allows the native password authentication method type: boolean allow_old_passwords: description: Allows the old insecure password method type: boolean case_sensitive: type: boolean check_conn_liveness: description: Check connections for liveness before using them type: boolean client_found_rows: description: Return number of matching rows instead of rows changed type: boolean collation: description: Connection collation type: string columns_with_alias: description: Prepend table alias to column names type: boolean db_name: description: Database name type: string interpolate_params: description: Interpolate placeholders into query string type: boolean loc: description: Location for time.Time values type: object max_allowed_packet: description: Max packet size allowed type: integer multi_statements: description: Allow multiple statements in one query type: boolean net: description: Network type type: string parse_time: description: Parse time values to time.Time type: boolean password: description: Password (requires User) type: string password_file: description: PasswordFile is a path to a file that contains a password type: string read_timeout: description: I/O read timeout format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string reject_read_only: description: Reject read-only connections type: boolean server_pub_key: description: Server public key name type: string timeout: description: Dial timeout format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string tls_config: description: TLS configuration properties: ca: description: Hidden special type for storing secrets. type: string caFile: type: string cert: description: Hidden special type for storing secrets. type: string certFile: type: string insecureSkipVerify: type: boolean key: description: Hidden special type for storing secrets. type: string keyFile: type: string maxVersion: type: string minVersion: type: string serverName: type: string type: object user: description: Username type: string user_file: description: UserFile is a path to a file that contains a username type: string write_timeout: description: I/O write timeout format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string required: - allow_all_files - allow_cleartext_passwords - allow_fallback_to_plaintext - allow_native_passwords - allow_old_passwords - case_sensitive - check_conn_liveness - client_found_rows - columns_with_alias - db_name - interpolate_params - max_allowed_packet - multi_statements - parse_time - read_timeout - reject_read_only - server_pub_key - timeout - write_timeout type: object type: object datasource: description: Datasource contains the configuration for the datasource. properties: disable_local: description: |- DisableLocal when used is preventing the possibility to add a datasource directly in the dashboard spec. It will also disable the associated proxy. type: boolean global: properties: disable: description: |- Disable is used to disable the global datasource feature. It will also remove the associated proxy. Also, since the global variable depends on the global datasource, it will also disable the global variable feature. type: boolean discovery: description: |- Discovery is the configuration that helps to generate a list of global datasource based on the discovery chosen. Be careful: the data coming from the discovery will totally override what exists in the database. Note that this is an experimental feature. Behavior and config may change in the future. items: properties: http_sd: description: |- HTTP-based service discovery provides a more generic way to generate a set of global datasource and serves as an interface to plug in custom service discovery mechanisms. It fetches an HTTP endpoint containing a list of zero or more global datasources. The target must reply with an HTTP 200 response. The HTTP header Content-Type must be application/json, and the body must be valid array of JSON. properties: authorization: description: The HTTP authorization credentials for the targets. properties: credentials: type: string credentialsFile: type: string type: type: string type: object basic_auth: properties: password: type: string passwordFile: description: PasswordFile is a path to a file that contains a password type: string username: type: string required: - username type: object headers: additionalProperties: type: string type: object k8s_auth: properties: kubeconfig: type: string type: object native_auth: properties: login: type: string password: type: string required: - login - password type: object oauth: properties: authStyle: description: |- AuthStyle optionally specifies how the endpoint wants the client ID & client secret sent. The zero value means to auto-detect. type: integer clientID: description: ClientID is the application's ID. type: string clientSecret: description: ClientSecret is the application's secret. type: string clientSecretFile: type: string endpointParams: additionalProperties: items: type: string type: array description: EndpointParams specifies additional parameters for requests to the token endpoint. type: object scopes: description: Scope specifies optional requested permissions. items: type: string type: array tokenURL: description: |- TokenURL is the resource server's token endpoint URL. This is a constant specific to each server. type: string required: - authStyle - clientID - clientSecret - clientSecretFile - endpointParams - scopes - tokenURL type: object tls_config: description: TLSConfig to use to connect to the targets. properties: ca: description: Text of the CA cert to use for the targets. type: string caFile: description: The CA cert to use for the targets. type: string cert: description: Text of the client cert file for the targets. type: string certFile: description: The client cert file for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean key: description: Text of the client key file for the targets. type: string keyFile: description: The client key file for the targets. type: string maxVersion: description: |- Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default maximum version, which is TLS 1.3. See MaxVersion in https://pkg.go.dev/crypto/tls#Config. type: string minVersion: description: |- Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default minimum version, which is TLS 1.2. See MinVersion in https://pkg.go.dev/crypto/tls#Config. type: string serverName: description: Used to verify the hostname for the targets. type: string type: object url: format: uri type: string required: - url type: object kubernetes_sd: description: |- Kubernetes SD configurations allow retrieving global datasource from Kubernetes' REST API and always staying synchronized with the cluster state. properties: datasource_plugin_kind: description: DatasourcePluginKind is the name of the datasource plugin that should be filled when creating datasources found. type: string labels: additionalProperties: type: string description: The labels used to filter the list of resource when contacting the Kubernetes API. type: object namespace: description: |- Kubernetes namespace to constraint the query to only one namespace. Leave empty if you are looking for datasource cross-namespace. type: string pod_configuration: description: Configuration when you want to discover the pods in Kubernetes properties: container_name: description: Name of the container the target address points to. type: string container_port_name: description: Name of the container port. type: string container_port_number: description: Number of the container port. format: int32 type: integer enable: description: If set to true, Perses server will discovery the pod type: boolean type: object service_configuration: description: Configuration when you want to discover the services in Kubernetes properties: enable: description: If set to true, Perses server will discovery the service type: boolean port_name: description: Name of the service port for the target. type: string port_number: description: Number of the service port for the target. format: int32 type: integer service_type: description: The type of the service. type: string type: object required: - datasource_plugin_kind - namespace type: object name: description: The name of the discovery config. It is used for logging purposes only type: string refresh_interval: description: Refresh interval to re-query the endpoint. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string required: - name type: object type: array required: - disable type: object project: properties: disable: description: |- Disable is used to disable the project datasource feature. It will also remove the associated proxy. type: boolean required: - disable type: object required: - disable_local - global - project type: object ephemeral_dashboard: description: EphemeralDashboard contains the config about the ephemeral dashboard feature properties: cleanup_interval: description: The interval at which to trigger the cleanup of ephemeral dashboards, based on their TTLs. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string enable: description: When true user will be able to use the ephemeral dashboard at project level. type: boolean required: - cleanup_interval - enable type: object ephemeral_dashboards_cleanup_interval: description: |- EphemeralDashboardsCleanupInterval is the interval at which the ephemeral dashboards are cleaned up DEPRECATED. Please use the config EphemeralDashboard instead. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string frontend: description: Frontend contains any config that will be used by the frontend itself. properties: banner: description: BannerInfo contains the content to be display in a banner at the top of each page along with the severity of the information properties: message: type: string severity: type: string required: - message - severity type: object disable: description: When it is true, Perses won't serve the frontend anymore, and any other config set here will be ignored type: boolean explorer: description: |- Explorer is activating the different kind of explorer supported. Be sure you have installed an associated plugin for each explorer type. properties: enable: type: boolean required: - enable type: object important_dashboards: description: ImportantDashboards contains important dashboard selectors items: properties: dashboard: description: Dashboard is the name of the dashboard (dashboard.metadata.name) type: string project: description: Project is the name of the project (dashboard.metadata.project) type: string required: - dashboard - project type: object type: array information: description: Information contains markdown content to be display on the home page type: string time_range: description: TimeRange contains the time range configuration for the dropdown properties: disable_custom: type: boolean disable_zoom: type: boolean options: items: description: |- DurationString is a string that represents a duration, such as "1h", "30m", "15s", etc. It is used to unmarshal a duration string from JSON or YAML, and validate that it is a valid duration string. Not converting the duration string into a time.Duration type allows us to avoid the issue of changing the initial input with an alias. This is something that happens when we use Duration type, because when the duration is unmarshalled then marshaled again, the input can be changed with an equivalent duration. For example "14d" will be changed to "2w". So, use DurationString instead of Duration when you want to preserve the original input string. If, for any reason, you need to convert the DurationString to a time.Duration, you can use the ParseDuration function. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string type: array type: object required: - disable - explorer type: object plugin: description: Plugin contains the config for runtime plugins. properties: archive_path: description: |- ArchivePath is the path to the directory containing the archived plugins When Perses is starting, it will extract the content of the archive in the folder specified in the `folder` attribute. DEPRECATED: This attribute is deprecated and will be removed in a future version. It is still supported for backward compatibility, but it is recommended to use the `archive_paths` attribute instead. type: string archive_paths: description: |- ArchivePaths is the list of paths to the directories containing the archived plugins. It allows to specify multiple directories for the archived plugins. When Perses is starting, it will extract any archive found in the folders specified in this attribute in the folder specified in the `path` attribute. items: type: string type: array enable_dev: description: DevEnvironment is the configuration to use when developing a plugin type: boolean path: description: Path is the path to the directory containing the runtime plugins type: string required: - enable_dev type: object provisioning: description: Provisioning contains the provisioning config that can be used if you want to provide default resources. properties: folders: items: type: string type: array interval: description: Interval is the refresh frequency format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string type: object schemas: description: |- Schemas contain the configuration to get access to the CUE schemas DEPRECATED. Please remove it from your config. properties: datasources_path: type: string interval: format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string panels_path: type: string queries_path: type: string variables_path: type: string type: object security: description: Security contains any configuration that changes the API behavior like the endpoints exposed or if the permissions are activated. properties: authentication: description: Authentication contains configuration regarding management of access/refresh token properties: access_token_ttl: description: AccessTokenTTL is the time to live of the access token. By default, it is 15 minutes. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string disable_sign_up: description: |- DisableSignUp deactivates the Sign-up page in the UI. It also disables the endpoint that gives the possibility to create a user. type: boolean providers: description: Providers configure the different authentication providers properties: enable_native: type: boolean kubernetes: properties: enable: type: boolean required: - enable type: object oauth: items: properties: auth_url: format: uri type: string client_credentials: properties: client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string client_secret_file: type: string scopes: items: type: string type: array required: - client_id - scopes type: object client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string client_secret_file: type: string custom_login_property: type: string device_auth_url: format: uri type: string device_code: properties: client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string client_secret_file: type: string scopes: items: type: string type: array required: - client_id - scopes type: object http: properties: timeout: format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string tls_config: properties: ca: description: Text of the CA cert to use for the targets. type: string caFile: description: The CA cert to use for the targets. type: string cert: description: Text of the client cert file for the targets. type: string certFile: description: The client cert file for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean key: description: Text of the client key file for the targets. type: string keyFile: description: The client key file for the targets. type: string maxVersion: description: |- Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default maximum version, which is TLS 1.3. See MaxVersion in https://pkg.go.dev/crypto/tls#Config. type: string minVersion: description: |- Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default minimum version, which is TLS 1.2. See MinVersion in https://pkg.go.dev/crypto/tls#Config. type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - timeout - tls_config type: object name: type: string redirect_uri: format: uri type: string scopes: items: type: string type: array slug_id: type: string token_url: format: uri type: string user_infos_url: format: uri type: string required: - auth_url - client_id - device_auth_url - http - name - slug_id - token_url - user_infos_url type: object type: array oidc: items: properties: client_credentials: properties: client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string client_secret_file: type: string scopes: items: type: string type: array required: - client_id - scopes type: object client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string client_secret_file: type: string device_code: properties: client_id: description: Hidden special type for storing secrets. type: string client_secret: description: Hidden special type for storing secrets. type: string client_secret_file: type: string scopes: items: type: string type: array required: - client_id - scopes type: object disable_pkce: type: boolean discovery_url: format: uri type: string http: properties: timeout: format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string tls_config: properties: ca: description: Text of the CA cert to use for the targets. type: string caFile: description: The CA cert to use for the targets. type: string cert: description: Text of the client cert file for the targets. type: string certFile: description: The client cert file for the targets. type: string insecureSkipVerify: description: Disable target certificate validation. type: boolean key: description: Text of the client key file for the targets. type: string keyFile: description: The client key file for the targets. type: string maxVersion: description: |- Maximum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default maximum version, which is TLS 1.3. See MaxVersion in https://pkg.go.dev/crypto/tls#Config. type: string minVersion: description: |- Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). If unset, Perses will use Go default minimum version, which is TLS 1.2. See MinVersion in https://pkg.go.dev/crypto/tls#Config. type: string serverName: description: Used to verify the hostname for the targets. type: string type: object required: - timeout - tls_config type: object issuer: format: uri type: string logout: properties: enabled: type: boolean logout_redirect_param_name: type: string required: - enabled type: object name: type: string redirect_uri: format: uri type: string scopes: items: type: string type: array slug_id: type: string url_params: additionalProperties: type: string type: object required: - client_id - disable_pkce - http - issuer - logout - name - slug_id type: object type: array required: - enable_native type: object refresh_token_ttl: description: |- RefreshTokenTTL is the time to live of the refresh token. The refresh token is used to get a new access token when it is expired. By default, it is 24 hours. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string required: - disable_sign_up - providers type: object authorization: description: Authorization contains all configs around rbac (permissions and roles) properties: check_latest_update_interval: description: 'DEPRECATED: use NativeAuthorizationProvider.CheckLatestUpdateInterval instead.' format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string guest_permissions: description: 'DEPRECATED: use NativeAuthorizationProvider.GuestPermissions instead.' items: properties: actions: description: Actions of the permission (read, create, update, delete, ...) items: type: string type: array scopes: description: |- The list of kind targeted by the permission. For example: `Datasource`, `Dashboard`, ... With Role, you can't target global kinds items: type: string type: array required: - actions - scopes type: object type: array provider: properties: kubernetes: properties: authenticator_ttl: description: 'time an authenticator response will be cached for. Default: 2m' format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string authorizer_allow_ttl: description: 'time an authorizer allow response will be cached for. Default: 5m' format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string authorizer_deny_ttl: description: 'time an authorizer denied will be cached for. Default: 30s' format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string burst: description: 'burst QPS the k8s client will use with the apiserver. Default: 1000 qps' type: integer enable: type: boolean kubeconfig: description: |- The active user in the kubeconfig should have "create" permissions for the `TokenReview` and `SubjectAccessReview` resources. If the kubeconfig parameter isn't available the pods service account token will be used type: string qps: description: 'query per second (QPS) the k8s client will use with the apiserver. Default: 500 qps' type: integer type: object native: properties: check_latest_update_interval: description: CheckLatestUpdateInterval that checks if the RBAC cache needs to be refreshed with db content. Only for SQL database setup. format: duration pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ type: string enable: type: boolean guest_permissions: description: Default permissions for guest users (logged-in users) items: properties: actions: description: Actions of the permission (read, create, update, delete, ...) items: type: string type: array scopes: description: |- The list of kind targeted by the permission. For example: `Datasource`, `Dashboard`, ... With Role, you can't target global kinds items: type: string type: array required: - actions - scopes type: object type: array type: object type: object type: object cookie: description: Cookie configuration properties: same_site: description: |- Set the SameSite cookie attribute and prevents the browser from sending the cookie along with cross-site requests. The main goal is to mitigate the risk of cross-origin information leakage. This setting also provides some protection against cross-site request forgery attacks (CSRF) type: integer secure: description: Set to true if you host Perses behind HTTPS. Default is false type: boolean required: - secure type: object cors: description: Configuration for the CORS middleware. properties: allow_credentials: type: boolean allow_headers: items: type: string type: array allow_methods: items: type: string type: array allow_origins: items: type: string type: array enable: type: boolean expose_headers: items: type: string type: array max_age: type: integer required: - enable type: object enable_auth: description: |- When it is true, the authentication and authorization config are considered. And you will need a valid JWT token to contact most of the endpoints exposed by the API type: boolean encryption_key: description: |- EncryptionKey is the secret key used to encrypt and decrypt sensitive data stored in the database such as the password of the basic auth for a datasource. Note that if it is not provided, it will use a default value. On a production instance, you should set this key. Also note the key size must be exactly 32 bytes long as we are using AES-256 to encrypt the data. type: string encryption_key_file: description: EncryptionKeyFile is the path to file containing the secret key type: string readonly: description: Readonly will deactivate any HTTP POST, PUT, DELETE endpoint type: boolean required: - cookie - enable_auth - readonly type: object variable: description: Variable contains the configuration for the variable. properties: disable_local: description: DisableLocal when used is preventing the possibility to add a variable directly in the dashboard spec. type: boolean global: properties: disable: description: |- Disable is used to disable the global variable feature. Note that if the global datasource is disabled, the global variable will also be disabled. type: boolean required: - disable type: object project: properties: disable: description: |- Disable is used to disable the project variable feature. Note that if the global datasource and the project datasource are disabled, then the project variable will also be disabled. type: boolean required: - disable type: object required: - disable_local - global - project type: object type: object containerPort: default: 8080 format: int32 maximum: 65535 minimum: 1 type: integer image: description: Image specifies the container image that should be used for the Perses deployment. type: string livenessProbe: description: |- Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: description: Exec specifies a command to execute in the container. properties: command: description: |- Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: description: |- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: |- The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value type: string required: - name - value type: object type: array x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: |- Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: description: |- Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: |- Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: description: |- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: description: |- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: |- Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: |- Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: description: |- Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object logLevel: description: LogLevel defines the log level for Perses. enum: - panic - fatal - error - warning - info - debug - trace type: string logMethodTrace: description: |- LogMethodTrace when true, includes the calling method as a field in the log. It can be useful to see immediately where the log comes from. type: boolean metadata: description: Metadata to add to deployed pods properties: annotations: additionalProperties: type: string description: Annotations are key/value pairs attached to pods for non-identifying metadata type: object labels: additionalProperties: type: string description: Labels are key/value pairs attached to pods type: object type: object nodeSelector: additionalProperties: type: string description: NodeSelector constrains pods to nodes with matching labels type: object podSecurityContext: description: |- PodSecurityContext holds pod-level security attributes and common container settings. If not specified, defaults to fsGroup: 65534 to ensure proper volume permissions for the nobody user. properties: appArmorProfile: description: |- appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: description: |- localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". type: string type: description: |- type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. type: string required: - type type: object fsGroup: description: |- A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer fsGroupChangePolicy: description: |- fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. type: string runAsGroup: description: |- The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: description: |- Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: description: |- The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxChangePolicy: description: |- seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive". "Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. "MountOption" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled. If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes. This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows. type: string seLinuxOptions: description: |- The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies to the container. type: string role: description: Role is a SELinux role label that applies to the container. type: string type: description: Type is a SELinux type label that applies to the container. type: string user: description: User is a SELinux user label that applies to the container. type: string type: object seccompProfile: description: |- The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: description: |- localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: description: |- type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. type: string required: - type type: object supplementalGroups: description: |- A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic supplementalGroupsPolicy: description: |- Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows. type: string sysctls: description: |- Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. items: description: Sysctl defines a kernel parameter to be set properties: name: description: Name of a property to set type: string value: description: Value of a property to set type: string required: - name - value type: object type: array x-kubernetes-list-type: atomic windowsOptions: description: |- The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: description: |- GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: description: |- HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: description: |- The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object provisioning: description: Provisioning configuration for provisioning secrets properties: secretRefs: description: SecretRefs is a list of references to Kubernetes secrets used for provisioning sensitive data. items: properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: array type: object readinessProbe: description: |- Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: description: Exec specifies a command to execute in the container. properties: command: description: |- Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array x-kubernetes-list-type: atomic type: object failureThreshold: description: |- Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: description: GRPC specifies a GRPC HealthCheckRequest. properties: port: description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 type: integer service: default: "" description: |- Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. type: string required: - port type: object httpGet: description: HTTPGet specifies an HTTP GET request to perform. properties: host: description: |- Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: |- The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. type: string value: description: The header field value type: string required: - name - value type: object type: array x-kubernetes-list-type: atomic path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: |- Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: description: |- Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: |- Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer periodSeconds: description: |- How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: description: |- Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: description: TCPSocket specifies a connection to a TCP port. properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: |- Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: |- Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: description: |- Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes format: int32 type: integer type: object replicas: format: int32 type: integer resources: description: Resources defines the compute resources configured for the container. properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object service: description: service specifies the service configuration for the perses instance properties: annotations: additionalProperties: type: string description: Annotations attached to the service for non-identifying metadata type: object name: description: Name of the Kubernetes service type: string type: object serviceAccountName: description: ServiceAccountName is the name of the service account to use for the perses deployment or statefulset. type: string storage: default: size: 1Gi description: Storage configuration used by the StatefulSet properties: size: anyOf: - type: integer - type: string description: |- Size of the storage. cannot be decreased. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true storageClass: description: |- StorageClass to use for PVCs. If not specified, will use the default storage class type: string type: object tls: description: tls specifies the tls configuration for the perses instance properties: caCert: description: CaCert to verify the perses certificate properties: certPath: description: Path to Certificate minLength: 1 type: string name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namespace of certificate k8s resource (when type is secret or configmap) type: string privateKeyPath: description: Path to Private key certificate type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - certPath - type type: object enable: description: Enable TLS connection to perses type: boolean insecureSkipVerify: description: InsecureSkipVerify skip verify of perses certificate type: boolean userCert: description: UserCert client cert/key for mTLS properties: certPath: description: Path to Certificate minLength: 1 type: string name: description: Name of basic auth k8s resource (when type is secret or configmap) type: string namespace: description: Namespace of certificate k8s resource (when type is secret or configmap) type: string privateKeyPath: description: Path to Private key certificate type: string type: description: Type source type of secret enum: - secret - configmap - file type: string required: - certPath - type type: object required: - enable type: object tolerations: items: description: |- The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . properties: effect: description: |- Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: |- Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: description: |- Operator represents a key's relationship to the value. Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: description: |- Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object status: description: PersesStatus defines the observed state of Perses properties: conditions: description: Conditions represent the latest observations of the Perses resource state items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array provisioning: description: Provisioning secrets versions items: description: SecretVersion represents a secret version properties: name: type: string version: type: string required: - name - version type: object type: array type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: Perses listKind: PersesList plural: perses shortNames: - per singular: perses conditions: - lastTransitionTime: "2026-03-18T09:12:07Z" message: no conflicts found reason: NoConflicts status: "True" type: NamesAccepted - lastTransitionTime: "2026-03-18T09:12:07Z" message: the initial names have been accepted reason: InitialNamesAccepted status: "True" type: Established storedVersions: - v1alpha2