@@ -11296,6 +11543,34 @@ This defaults to the default PodSecurityContext.
+
listenLocal
bool
diff --git a/bundle.yaml b/bundle.yaml
index ba93ea33b..20c0809d7 100644
--- a/bundle.yaml
+++ b/bundle.yaml
@@ -13494,6 +13494,60 @@ spec:
- name
type: object
type: array
+ dnsConfig:
+ description: Defines the DNS configuration for the pods.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver options
+ of a pod.
+ properties:
+ name:
+ description: Name is required and must be unique.
+ minLength: 1
+ type: string
+ value:
+ description: Value is optional.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsPolicy:
+ description: Defines the DNS policy for the pods.
+ enum:
+ - ClusterFirstWithHostNet
+ - ClusterFirst
+ - Default
+ - None
+ type: string
enableFeatures:
description: |-
Enable access to Alertmanager feature flags. By default, no features are enabled.
@@ -23675,6 +23729,60 @@ spec:
- name
type: object
type: array
+ dnsConfig:
+ description: Defines the DNS configuration for the pods.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver options
+ of a pod.
+ properties:
+ name:
+ description: Name is required and must be unique.
+ minLength: 1
+ type: string
+ value:
+ description: Value is optional.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsPolicy:
+ description: Defines the DNS policy for the pods.
+ enum:
+ - ClusterFirstWithHostNet
+ - ClusterFirst
+ - Default
+ - None
+ type: string
enableFeatures:
description: |-
Enable access to Prometheus feature flags. By default, no features are enabled.
@@ -34874,6 +34982,60 @@ spec:
disableCompaction:
description: When true, the Prometheus compaction is disabled.
type: boolean
+ dnsConfig:
+ description: Defines the DNS configuration for the pods.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver options
+ of a pod.
+ properties:
+ name:
+ description: Name is required and must be unique.
+ minLength: 1
+ type: string
+ value:
+ description: Value is optional.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsPolicy:
+ description: Defines the DNS policy for the pods.
+ enum:
+ - ClusterFirstWithHostNet
+ - ClusterFirst
+ - Default
+ - None
+ type: string
enableAdminAPI:
description: |-
Enables access to the Prometheus web admin API.
@@ -59333,6 +59495,60 @@ spec:
- name
type: object
type: array
+ dnsConfig:
+ description: Defines the DNS configuration for the pods.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver options
+ of a pod.
+ properties:
+ name:
+ description: Name is required and must be unique.
+ minLength: 1
+ type: string
+ value:
+ description: Value is optional.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsPolicy:
+ description: Defines the DNS policy for the pods.
+ enum:
+ - ClusterFirstWithHostNet
+ - ClusterFirst
+ - Default
+ - None
+ type: string
enforcedNamespaceLabel:
description: |-
EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert
diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagers.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagers.yaml
index 896171459..d08cfed28 100644
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagers.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_alertmanagers.yaml
@@ -3533,6 +3533,60 @@ spec:
- name
type: object
type: array
+ dnsConfig:
+ description: Defines the DNS configuration for the pods.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver options
+ of a pod.
+ properties:
+ name:
+ description: Name is required and must be unique.
+ minLength: 1
+ type: string
+ value:
+ description: Value is optional.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsPolicy:
+ description: Defines the DNS policy for the pods.
+ enum:
+ - ClusterFirstWithHostNet
+ - ClusterFirst
+ - Default
+ - None
+ type: string
enableFeatures:
description: |-
Enable access to Alertmanager feature flags. By default, no features are enabled.
diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml
index def0dc74c..88e0b60fe 100644
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml
@@ -2842,6 +2842,60 @@ spec:
- name
type: object
type: array
+ dnsConfig:
+ description: Defines the DNS configuration for the pods.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver options
+ of a pod.
+ properties:
+ name:
+ description: Name is required and must be unique.
+ minLength: 1
+ type: string
+ value:
+ description: Value is optional.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsPolicy:
+ description: Defines the DNS policy for the pods.
+ enum:
+ - ClusterFirstWithHostNet
+ - ClusterFirst
+ - Default
+ - None
+ type: string
enableFeatures:
description: |-
Enable access to Prometheus feature flags. By default, no features are enabled.
diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml
index db26544f2..029ba5040 100644
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml
@@ -3524,6 +3524,60 @@ spec:
disableCompaction:
description: When true, the Prometheus compaction is disabled.
type: boolean
+ dnsConfig:
+ description: Defines the DNS configuration for the pods.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver options
+ of a pod.
+ properties:
+ name:
+ description: Name is required and must be unique.
+ minLength: 1
+ type: string
+ value:
+ description: Value is optional.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsPolicy:
+ description: Defines the DNS policy for the pods.
+ enum:
+ - ClusterFirstWithHostNet
+ - ClusterFirst
+ - Default
+ - None
+ type: string
enableAdminAPI:
description: |-
Enables access to the Prometheus web admin API.
diff --git a/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml b/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml
index 4175018b5..dfed2120d 100644
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_thanosrulers.yaml
@@ -2527,6 +2527,60 @@ spec:
- name
type: object
type: array
+ dnsConfig:
+ description: Defines the DNS configuration for the pods.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver options
+ of a pod.
+ properties:
+ name:
+ description: Name is required and must be unique.
+ minLength: 1
+ type: string
+ value:
+ description: Value is optional.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsPolicy:
+ description: Defines the DNS policy for the pods.
+ enum:
+ - ClusterFirstWithHostNet
+ - ClusterFirst
+ - Default
+ - None
+ type: string
enforcedNamespaceLabel:
description: |-
EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
index 49bda5b9a..1c844793a 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
@@ -3534,6 +3534,60 @@ spec:
- name
type: object
type: array
+ dnsConfig:
+ description: Defines the DNS configuration for the pods.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver options
+ of a pod.
+ properties:
+ name:
+ description: Name is required and must be unique.
+ minLength: 1
+ type: string
+ value:
+ description: Value is optional.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsPolicy:
+ description: Defines the DNS policy for the pods.
+ enum:
+ - ClusterFirstWithHostNet
+ - ClusterFirst
+ - Default
+ - None
+ type: string
enableFeatures:
description: |-
Enable access to Alertmanager feature flags. By default, no features are enabled.
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml
index 8f83a5bb6..3bc065586 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml
@@ -2843,6 +2843,60 @@ spec:
- name
type: object
type: array
+ dnsConfig:
+ description: Defines the DNS configuration for the pods.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver options
+ of a pod.
+ properties:
+ name:
+ description: Name is required and must be unique.
+ minLength: 1
+ type: string
+ value:
+ description: Value is optional.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsPolicy:
+ description: Defines the DNS policy for the pods.
+ enum:
+ - ClusterFirstWithHostNet
+ - ClusterFirst
+ - Default
+ - None
+ type: string
enableFeatures:
description: |-
Enable access to Prometheus feature flags. By default, no features are enabled.
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
index 3fd9c4933..f24ff887f 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
@@ -3525,6 +3525,60 @@ spec:
disableCompaction:
description: When true, the Prometheus compaction is disabled.
type: boolean
+ dnsConfig:
+ description: Defines the DNS configuration for the pods.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver options
+ of a pod.
+ properties:
+ name:
+ description: Name is required and must be unique.
+ minLength: 1
+ type: string
+ value:
+ description: Value is optional.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsPolicy:
+ description: Defines the DNS policy for the pods.
+ enum:
+ - ClusterFirstWithHostNet
+ - ClusterFirst
+ - Default
+ - None
+ type: string
enableAdminAPI:
description: |-
Enables access to the Prometheus web admin API.
diff --git a/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml b/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
index 64b293c79..c90f246e1 100644
--- a/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
@@ -2528,6 +2528,60 @@ spec:
- name
type: object
type: array
+ dnsConfig:
+ description: Defines the DNS configuration for the pods.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver options
+ of a pod.
+ properties:
+ name:
+ description: Name is required and must be unique.
+ minLength: 1
+ type: string
+ value:
+ description: Value is optional.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ items:
+ minLength: 1
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ dnsPolicy:
+ description: Defines the DNS policy for the pods.
+ enum:
+ - ClusterFirstWithHostNet
+ - ClusterFirst
+ - Default
+ - None
+ type: string
enforcedNamespaceLabel:
description: |-
EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert
diff --git a/jsonnet/prometheus-operator/alertmanagers-crd.json b/jsonnet/prometheus-operator/alertmanagers-crd.json
index f3285c49e..d4508c72f 100644
--- a/jsonnet/prometheus-operator/alertmanagers-crd.json
+++ b/jsonnet/prometheus-operator/alertmanagers-crd.json
@@ -3136,6 +3136,66 @@
},
"type": "array"
},
+ "dnsConfig": {
+ "description": "Defines the DNS configuration for the pods.",
+ "properties": {
+ "nameservers": {
+ "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.",
+ "items": {
+ "minLength": 1,
+ "type": "string"
+ },
+ "type": "array",
+ "x-kubernetes-list-type": "set"
+ },
+ "options": {
+ "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.",
+ "items": {
+ "description": "PodDNSConfigOption defines DNS resolver options of a pod.",
+ "properties": {
+ "name": {
+ "description": "Name is required and must be unique.",
+ "minLength": 1,
+ "type": "string"
+ },
+ "value": {
+ "description": "Value is optional.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "name"
+ ],
+ "type": "object"
+ },
+ "type": "array",
+ "x-kubernetes-list-map-keys": [
+ "name"
+ ],
+ "x-kubernetes-list-type": "map"
+ },
+ "searches": {
+ "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.",
+ "items": {
+ "minLength": 1,
+ "type": "string"
+ },
+ "type": "array",
+ "x-kubernetes-list-type": "set"
+ }
+ },
+ "type": "object"
+ },
+ "dnsPolicy": {
+ "description": "Defines the DNS policy for the pods.",
+ "enum": [
+ "ClusterFirstWithHostNet",
+ "ClusterFirst",
+ "Default",
+ "None"
+ ],
+ "type": "string"
+ },
"enableFeatures": {
"description": "Enable access to Alertmanager feature flags. By default, no features are enabled.\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nIt requires Alertmanager >= 0.27.0.",
"items": {
diff --git a/jsonnet/prometheus-operator/prometheusagents-crd.json b/jsonnet/prometheus-operator/prometheusagents-crd.json
index cbd3edab8..b6ecf11fa 100644
--- a/jsonnet/prometheus-operator/prometheusagents-crd.json
+++ b/jsonnet/prometheus-operator/prometheusagents-crd.json
@@ -2459,6 +2459,66 @@
},
"type": "array"
},
+ "dnsConfig": {
+ "description": "Defines the DNS configuration for the pods.",
+ "properties": {
+ "nameservers": {
+ "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.",
+ "items": {
+ "minLength": 1,
+ "type": "string"
+ },
+ "type": "array",
+ "x-kubernetes-list-type": "set"
+ },
+ "options": {
+ "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.",
+ "items": {
+ "description": "PodDNSConfigOption defines DNS resolver options of a pod.",
+ "properties": {
+ "name": {
+ "description": "Name is required and must be unique.",
+ "minLength": 1,
+ "type": "string"
+ },
+ "value": {
+ "description": "Value is optional.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "name"
+ ],
+ "type": "object"
+ },
+ "type": "array",
+ "x-kubernetes-list-map-keys": [
+ "name"
+ ],
+ "x-kubernetes-list-type": "map"
+ },
+ "searches": {
+ "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.",
+ "items": {
+ "minLength": 1,
+ "type": "string"
+ },
+ "type": "array",
+ "x-kubernetes-list-type": "set"
+ }
+ },
+ "type": "object"
+ },
+ "dnsPolicy": {
+ "description": "Defines the DNS policy for the pods.",
+ "enum": [
+ "ClusterFirstWithHostNet",
+ "ClusterFirst",
+ "Default",
+ "None"
+ ],
+ "type": "string"
+ },
"enableFeatures": {
"description": "Enable access to Prometheus feature flags. By default, no features are enabled.\n\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nFor more information see https://prometheus.io/docs/prometheus/latest/feature_flags/",
"items": {
diff --git a/jsonnet/prometheus-operator/prometheuses-crd.json b/jsonnet/prometheus-operator/prometheuses-crd.json
index 1e83ff350..56b02387b 100644
--- a/jsonnet/prometheus-operator/prometheuses-crd.json
+++ b/jsonnet/prometheus-operator/prometheuses-crd.json
@@ -3047,6 +3047,66 @@
"description": "When true, the Prometheus compaction is disabled.",
"type": "boolean"
},
+ "dnsConfig": {
+ "description": "Defines the DNS configuration for the pods.",
+ "properties": {
+ "nameservers": {
+ "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.",
+ "items": {
+ "minLength": 1,
+ "type": "string"
+ },
+ "type": "array",
+ "x-kubernetes-list-type": "set"
+ },
+ "options": {
+ "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.",
+ "items": {
+ "description": "PodDNSConfigOption defines DNS resolver options of a pod.",
+ "properties": {
+ "name": {
+ "description": "Name is required and must be unique.",
+ "minLength": 1,
+ "type": "string"
+ },
+ "value": {
+ "description": "Value is optional.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "name"
+ ],
+ "type": "object"
+ },
+ "type": "array",
+ "x-kubernetes-list-map-keys": [
+ "name"
+ ],
+ "x-kubernetes-list-type": "map"
+ },
+ "searches": {
+ "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.",
+ "items": {
+ "minLength": 1,
+ "type": "string"
+ },
+ "type": "array",
+ "x-kubernetes-list-type": "set"
+ }
+ },
+ "type": "object"
+ },
+ "dnsPolicy": {
+ "description": "Defines the DNS policy for the pods.",
+ "enum": [
+ "ClusterFirstWithHostNet",
+ "ClusterFirst",
+ "Default",
+ "None"
+ ],
+ "type": "string"
+ },
"enableAdminAPI": {
"description": "Enables access to the Prometheus web admin API.\n\nWARNING: Enabling the admin APIs enables mutating endpoints, to delete data,\nshutdown Prometheus, and more. Enabling this should be done with care and the\nuser is advised to add additional authentication authorization via a proxy to\nensure only clients authorized to perform these actions can do so.\n\nFor more information:\nhttps://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis",
"type": "boolean"
diff --git a/jsonnet/prometheus-operator/thanosrulers-crd.json b/jsonnet/prometheus-operator/thanosrulers-crd.json
index b18685f0f..7c31b4157 100644
--- a/jsonnet/prometheus-operator/thanosrulers-crd.json
+++ b/jsonnet/prometheus-operator/thanosrulers-crd.json
@@ -2196,6 +2196,66 @@
},
"type": "array"
},
+ "dnsConfig": {
+ "description": "Defines the DNS configuration for the pods.",
+ "properties": {
+ "nameservers": {
+ "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.",
+ "items": {
+ "minLength": 1,
+ "type": "string"
+ },
+ "type": "array",
+ "x-kubernetes-list-type": "set"
+ },
+ "options": {
+ "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.",
+ "items": {
+ "description": "PodDNSConfigOption defines DNS resolver options of a pod.",
+ "properties": {
+ "name": {
+ "description": "Name is required and must be unique.",
+ "minLength": 1,
+ "type": "string"
+ },
+ "value": {
+ "description": "Value is optional.",
+ "type": "string"
+ }
+ },
+ "required": [
+ "name"
+ ],
+ "type": "object"
+ },
+ "type": "array",
+ "x-kubernetes-list-map-keys": [
+ "name"
+ ],
+ "x-kubernetes-list-type": "map"
+ },
+ "searches": {
+ "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.",
+ "items": {
+ "minLength": 1,
+ "type": "string"
+ },
+ "type": "array",
+ "x-kubernetes-list-type": "set"
+ }
+ },
+ "type": "object"
+ },
+ "dnsPolicy": {
+ "description": "Defines the DNS policy for the pods.",
+ "enum": [
+ "ClusterFirstWithHostNet",
+ "ClusterFirst",
+ "Default",
+ "None"
+ ],
+ "type": "string"
+ },
"enforcedNamespaceLabel": {
"description": "EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert\nand metric that is user created. The label value will always be the namespace of the object that is\nbeing created.",
"type": "string"
diff --git a/pkg/alertmanager/statefulset.go b/pkg/alertmanager/statefulset.go
index 45d16a822..6b3ea761d 100644
--- a/pkg/alertmanager/statefulset.go
+++ b/pkg/alertmanager/statefulset.go
@@ -342,6 +342,17 @@ func makeStatefulSetSpec(logger *slog.Logger, a *monitoringv1.Alertmanager, conf
}
}
+ // Handle DNSPolicy
+ var dnsPolicy v1.DNSPolicy
+ if a.Spec.DNSPolicy != nil {
+ dnsPolicy = k8sutil.ConvertDNSPolicy(a.Spec.DNSPolicy)
+ } else {
+ dnsPolicy = v1.DNSClusterFirst
+ }
+
+ // Handle DNSConfig
+ dnsConfig := k8sutil.ConvertToK8sDNSConfig(a.Spec.DNSConfig)
+
podAnnotations := map[string]string{}
podLabels := map[string]string{
"app.kubernetes.io/version": version.String(),
@@ -781,6 +792,8 @@ func makeStatefulSetSpec(logger *slog.Logger, a *monitoringv1.Alertmanager, conf
Affinity: a.Spec.Affinity,
TopologySpreadConstraints: a.Spec.TopologySpreadConstraints,
HostAliases: operator.MakeHostAliases(a.Spec.HostAliases),
+ DNSPolicy: dnsPolicy,
+ DNSConfig: dnsConfig,
},
},
}, nil
diff --git a/pkg/alertmanager/statefulset_test.go b/pkg/alertmanager/statefulset_test.go
index 0fc5bed24..e13ed9a0d 100644
--- a/pkg/alertmanager/statefulset_test.go
+++ b/pkg/alertmanager/statefulset_test.go
@@ -29,8 +29,10 @@ import (
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
+ "k8s.io/utils/ptr"
monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
+ "github.com/prometheus-operator/prometheus-operator/pkg/k8sutil"
"github.com/prometheus-operator/prometheus-operator/pkg/operator"
)
@@ -1279,3 +1281,34 @@ func TestEnableFeatures(t *testing.T) {
})
}
}
+
+func TestStatefulSetDNSPolicyAndDNSConfig(t *testing.T) {
+ k8sDNSPolicy := v1.DNSClusterFirst
+ k8sDNSConfig := monitoringv1.PodDNSConfig{
+ Nameservers: []string{"8.8.8.8"},
+ Searches: []string{"custom.search"},
+ Options: []monitoringv1.PodDNSConfigOption{
+ {
+ Name: "ndots",
+ Value: ptr.To("5"),
+ },
+ },
+ }
+
+ monitoringDNSPolicyPtr := ptr.To(monitoringv1.DNSPolicy(k8sDNSPolicy))
+ convertedDNSConfig := k8sutil.ConvertToK8sDNSConfig(&k8sDNSConfig)
+
+ sset, err := makeStatefulSet(nil, &monitoringv1.Alertmanager{
+ ObjectMeta: metav1.ObjectMeta{},
+ Spec: monitoringv1.AlertmanagerSpec{
+ DNSPolicy: monitoringDNSPolicyPtr,
+ DNSConfig: &k8sDNSConfig,
+ },
+ }, defaultTestConfig, "", &operator.ShardedSecret{})
+
+ require.NoError(t, err)
+
+ require.Equal(t, k8sDNSPolicy, sset.Spec.Template.Spec.DNSPolicy, "expected dns policy to match")
+
+ require.Equal(t, *convertedDNSConfig, *sset.Spec.Template.Spec.DNSConfig, "expected dns configuration to match")
+}
diff --git a/pkg/apis/monitoring/v1/alertmanager_types.go b/pkg/apis/monitoring/v1/alertmanager_types.go
index 5cb9ad331..ebd369d33 100644
--- a/pkg/apis/monitoring/v1/alertmanager_types.go
+++ b/pkg/apis/monitoring/v1/alertmanager_types.go
@@ -177,6 +177,14 @@ type AlertmanagerSpec struct {
// SecurityContext holds pod-level security attributes and common container settings.
// This defaults to the default PodSecurityContext.
SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"`
+ // Defines the DNS policy for the pods.
+ //
+ // +optional
+ DNSPolicy *DNSPolicy `json:"dnsPolicy,omitempty"`
+ // Defines the DNS configuration for the pods.
+ //
+ // +optional
+ DNSConfig *PodDNSConfig `json:"dnsConfig,omitempty"`
// ServiceAccountName is the name of the ServiceAccount to use to run the
// Prometheus Pods.
ServiceAccountName string `json:"serviceAccountName,omitempty"`
diff --git a/pkg/apis/monitoring/v1/dns_types.go b/pkg/apis/monitoring/v1/dns_types.go
new file mode 100644
index 000000000..dd2ef6119
--- /dev/null
+++ b/pkg/apis/monitoring/v1/dns_types.go
@@ -0,0 +1,56 @@
+// Copyright 2024 The prometheus-operator Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package v1
+
+// PodDNSConfig defines the DNS parameters of a pod in addition to
+// those generated from DNSPolicy.
+type PodDNSConfig struct {
+ // A list of DNS name server IP addresses.
+ // This will be appended to the base nameservers generated from DNSPolicy.
+ // +kubebuilder:validation:Optional
+ // +listType:=set
+ // +kubebuilder:validation:items:MinLength:=1
+ Nameservers []string `json:"nameservers,omitempty"`
+
+ // A list of DNS search domains for host-name lookup.
+ // This will be appended to the base search paths generated from DNSPolicy.
+ // +kubebuilder:validation:Optional
+ // +listType:=set
+ // +kubebuilder:validation:items:MinLength:=1
+ Searches []string `json:"searches,omitempty"`
+
+ // A list of DNS resolver options.
+ // This will be merged with the base options generated from DNSPolicy.
+ // Resolution options given in Options
+ // will override those that appear in the base DNSPolicy.
+ // +kubebuilder:validation:Optional
+ // +listType=map
+ // +listMapKey=name
+ Options []PodDNSConfigOption `json:"options,omitempty"`
+}
+
+// PodDNSConfigOption defines DNS resolver options of a pod.
+type PodDNSConfigOption struct {
+ // Name is required and must be unique.
+ // +kubebuilder:validation:MinLength=1
+ Name string `json:"name"`
+
+ // Value is optional.
+ // +kubebuilder:validation:Optional
+ Value *string `json:"value,omitempty"`
+}
+
+// DNSPolicy specifies the DNS policy for the pod.
+// +kubebuilder:validation:Enum=ClusterFirstWithHostNet;ClusterFirst;Default;None
+type DNSPolicy string
diff --git a/pkg/apis/monitoring/v1/prometheus_types.go b/pkg/apis/monitoring/v1/prometheus_types.go
index 0e9cece5a..afcefc4f1 100644
--- a/pkg/apis/monitoring/v1/prometheus_types.go
+++ b/pkg/apis/monitoring/v1/prometheus_types.go
@@ -402,6 +402,14 @@ type CommonPrometheusFields struct {
// +optional
SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"`
+ // Defines the DNS policy for the pods.
+ //
+ // +optional
+ DNSPolicy *DNSPolicy `json:"dnsPolicy,omitempty"`
+ // Defines the DNS configuration for the pods.
+ //
+ // +optional
+ DNSConfig *PodDNSConfig `json:"dnsConfig,omitempty"`
// When true, the Prometheus server listens on the loopback address
// instead of the Pod IP's address.
ListenLocal bool `json:"listenLocal,omitempty"`
diff --git a/pkg/apis/monitoring/v1/thanos_types.go b/pkg/apis/monitoring/v1/thanos_types.go
index 186f73b68..e25590d2e 100644
--- a/pkg/apis/monitoring/v1/thanos_types.go
+++ b/pkg/apis/monitoring/v1/thanos_types.go
@@ -110,6 +110,15 @@ type ThanosRulerSpec struct {
// SecurityContext holds pod-level security attributes and common container settings.
// This defaults to the default PodSecurityContext.
SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"`
+ // Defines the DNS policy for the pods.
+ //
+ // +optional
+ DNSPolicy *DNSPolicy `json:"dnsPolicy,omitempty"`
+ // Defines the DNS configuration for the pods.
+ //
+ // +optional
+ DNSConfig *PodDNSConfig `json:"dnsConfig,omitempty"`
+
// Priority class assigned to the Pods
PriorityClassName string `json:"priorityClassName,omitempty"`
// ServiceAccountName is the name of the ServiceAccount to use to run the
diff --git a/pkg/apis/monitoring/v1/zz_generated.deepcopy.go b/pkg/apis/monitoring/v1/zz_generated.deepcopy.go
index 2372fedf3..bbd4d640b 100644
--- a/pkg/apis/monitoring/v1/zz_generated.deepcopy.go
+++ b/pkg/apis/monitoring/v1/zz_generated.deepcopy.go
@@ -356,6 +356,16 @@ func (in *AlertmanagerSpec) DeepCopyInto(out *AlertmanagerSpec) {
*out = new(corev1.PodSecurityContext)
(*in).DeepCopyInto(*out)
}
+ if in.DNSPolicy != nil {
+ in, out := &in.DNSPolicy, &out.DNSPolicy
+ *out = new(DNSPolicy)
+ **out = **in
+ }
+ if in.DNSConfig != nil {
+ in, out := &in.DNSConfig, &out.DNSConfig
+ *out = new(PodDNSConfig)
+ (*in).DeepCopyInto(*out)
+ }
if in.Containers != nil {
in, out := &in.Containers, &out.Containers
*out = make([]corev1.Container, len(*in))
@@ -835,6 +845,16 @@ func (in *CommonPrometheusFields) DeepCopyInto(out *CommonPrometheusFields) {
*out = new(corev1.PodSecurityContext)
(*in).DeepCopyInto(*out)
}
+ if in.DNSPolicy != nil {
+ in, out := &in.DNSPolicy, &out.DNSPolicy
+ *out = new(DNSPolicy)
+ **out = **in
+ }
+ if in.DNSConfig != nil {
+ in, out := &in.DNSConfig, &out.DNSConfig
+ *out = new(PodDNSConfig)
+ (*in).DeepCopyInto(*out)
+ }
if in.Containers != nil {
in, out := &in.Containers, &out.Containers
*out = make([]corev1.Container, len(*in))
@@ -1501,6 +1521,58 @@ func (in *ObjectReference) DeepCopy() *ObjectReference {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PodDNSConfig) DeepCopyInto(out *PodDNSConfig) {
+ *out = *in
+ if in.Nameservers != nil {
+ in, out := &in.Nameservers, &out.Nameservers
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ if in.Searches != nil {
+ in, out := &in.Searches, &out.Searches
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ if in.Options != nil {
+ in, out := &in.Options, &out.Options
+ *out = make([]PodDNSConfigOption, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDNSConfig.
+func (in *PodDNSConfig) DeepCopy() *PodDNSConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(PodDNSConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PodDNSConfigOption) DeepCopyInto(out *PodDNSConfigOption) {
+ *out = *in
+ if in.Value != nil {
+ in, out := &in.Value, &out.Value
+ *out = new(string)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodDNSConfigOption.
+func (in *PodDNSConfigOption) DeepCopy() *PodDNSConfigOption {
+ if in == nil {
+ return nil
+ }
+ out := new(PodDNSConfigOption)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodMetricsEndpoint) DeepCopyInto(out *PodMetricsEndpoint) {
*out = *in
@@ -3141,6 +3213,16 @@ func (in *ThanosRulerSpec) DeepCopyInto(out *ThanosRulerSpec) {
*out = new(corev1.PodSecurityContext)
(*in).DeepCopyInto(*out)
}
+ if in.DNSPolicy != nil {
+ in, out := &in.DNSPolicy, &out.DNSPolicy
+ *out = new(DNSPolicy)
+ **out = **in
+ }
+ if in.DNSConfig != nil {
+ in, out := &in.DNSConfig, &out.DNSConfig
+ *out = new(PodDNSConfig)
+ (*in).DeepCopyInto(*out)
+ }
if in.Storage != nil {
in, out := &in.Storage, &out.Storage
*out = new(StorageSpec)
diff --git a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerspec.go b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerspec.go
index 12d3d3197..a3b89ceac 100644
--- a/pkg/client/applyconfiguration/monitoring/v1/alertmanagerspec.go
+++ b/pkg/client/applyconfiguration/monitoring/v1/alertmanagerspec.go
@@ -52,6 +52,8 @@ type AlertmanagerSpecApplyConfiguration struct {
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
+ DNSPolicy *monitoringv1.DNSPolicy `json:"dnsPolicy,omitempty"`
+ DNSConfig *PodDNSConfigApplyConfiguration `json:"dnsConfig,omitempty"`
ServiceAccountName *string `json:"serviceAccountName,omitempty"`
ListenLocal *bool `json:"listenLocal,omitempty"`
Containers []corev1.Container `json:"containers,omitempty"`
@@ -318,6 +320,22 @@ func (b *AlertmanagerSpecApplyConfiguration) WithSecurityContext(value corev1.Po
return b
}
+// WithDNSPolicy sets the DNSPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DNSPolicy field is set to the value of the last call.
+func (b *AlertmanagerSpecApplyConfiguration) WithDNSPolicy(value monitoringv1.DNSPolicy) *AlertmanagerSpecApplyConfiguration {
+ b.DNSPolicy = &value
+ return b
+}
+
+// WithDNSConfig sets the DNSConfig field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DNSConfig field is set to the value of the last call.
+func (b *AlertmanagerSpecApplyConfiguration) WithDNSConfig(value *PodDNSConfigApplyConfiguration) *AlertmanagerSpecApplyConfiguration {
+ b.DNSConfig = value
+ return b
+}
+
// WithServiceAccountName sets the ServiceAccountName field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the ServiceAccountName field is set to the value of the last call.
diff --git a/pkg/client/applyconfiguration/monitoring/v1/commonprometheusfields.go b/pkg/client/applyconfiguration/monitoring/v1/commonprometheusfields.go
index f5b772998..fbe568745 100644
--- a/pkg/client/applyconfiguration/monitoring/v1/commonprometheusfields.go
+++ b/pkg/client/applyconfiguration/monitoring/v1/commonprometheusfields.go
@@ -71,6 +71,8 @@ type CommonPrometheusFieldsApplyConfiguration struct {
RemoteWrite []RemoteWriteSpecApplyConfiguration `json:"remoteWrite,omitempty"`
OTLP *OTLPConfigApplyConfiguration `json:"otlp,omitempty"`
SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
+ DNSPolicy *monitoringv1.DNSPolicy `json:"dnsPolicy,omitempty"`
+ DNSConfig *PodDNSConfigApplyConfiguration `json:"dnsConfig,omitempty"`
ListenLocal *bool `json:"listenLocal,omitempty"`
Containers []corev1.Container `json:"containers,omitempty"`
InitContainers []corev1.Container `json:"initContainers,omitempty"`
@@ -516,6 +518,22 @@ func (b *CommonPrometheusFieldsApplyConfiguration) WithSecurityContext(value cor
return b
}
+// WithDNSPolicy sets the DNSPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DNSPolicy field is set to the value of the last call.
+func (b *CommonPrometheusFieldsApplyConfiguration) WithDNSPolicy(value monitoringv1.DNSPolicy) *CommonPrometheusFieldsApplyConfiguration {
+ b.DNSPolicy = &value
+ return b
+}
+
+// WithDNSConfig sets the DNSConfig field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DNSConfig field is set to the value of the last call.
+func (b *CommonPrometheusFieldsApplyConfiguration) WithDNSConfig(value *PodDNSConfigApplyConfiguration) *CommonPrometheusFieldsApplyConfiguration {
+ b.DNSConfig = value
+ return b
+}
+
// WithListenLocal sets the ListenLocal field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the ListenLocal field is set to the value of the last call.
diff --git a/pkg/client/applyconfiguration/monitoring/v1/poddnsconfig.go b/pkg/client/applyconfiguration/monitoring/v1/poddnsconfig.go
new file mode 100644
index 000000000..bc3d878f9
--- /dev/null
+++ b/pkg/client/applyconfiguration/monitoring/v1/poddnsconfig.go
@@ -0,0 +1,64 @@
+// Copyright The prometheus-operator Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// PodDNSConfigApplyConfiguration represents a declarative configuration of the PodDNSConfig type for use
+// with apply.
+type PodDNSConfigApplyConfiguration struct {
+ Nameservers []string `json:"nameservers,omitempty"`
+ Searches []string `json:"searches,omitempty"`
+ Options []PodDNSConfigOptionApplyConfiguration `json:"options,omitempty"`
+}
+
+// PodDNSConfigApplyConfiguration constructs a declarative configuration of the PodDNSConfig type for use with
+// apply.
+func PodDNSConfig() *PodDNSConfigApplyConfiguration {
+ return &PodDNSConfigApplyConfiguration{}
+}
+
+// WithNameservers adds the given value to the Nameservers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Nameservers field.
+func (b *PodDNSConfigApplyConfiguration) WithNameservers(values ...string) *PodDNSConfigApplyConfiguration {
+ for i := range values {
+ b.Nameservers = append(b.Nameservers, values[i])
+ }
+ return b
+}
+
+// WithSearches adds the given value to the Searches field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Searches field.
+func (b *PodDNSConfigApplyConfiguration) WithSearches(values ...string) *PodDNSConfigApplyConfiguration {
+ for i := range values {
+ b.Searches = append(b.Searches, values[i])
+ }
+ return b
+}
+
+// WithOptions adds the given value to the Options field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Options field.
+func (b *PodDNSConfigApplyConfiguration) WithOptions(values ...*PodDNSConfigOptionApplyConfiguration) *PodDNSConfigApplyConfiguration {
+ for i := range values {
+ if values[i] == nil {
+ panic("nil value passed to WithOptions")
+ }
+ b.Options = append(b.Options, *values[i])
+ }
+ return b
+}
diff --git a/pkg/client/applyconfiguration/monitoring/v1/poddnsconfigoption.go b/pkg/client/applyconfiguration/monitoring/v1/poddnsconfigoption.go
new file mode 100644
index 000000000..ea4743954
--- /dev/null
+++ b/pkg/client/applyconfiguration/monitoring/v1/poddnsconfigoption.go
@@ -0,0 +1,46 @@
+// Copyright The prometheus-operator Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// PodDNSConfigOptionApplyConfiguration represents a declarative configuration of the PodDNSConfigOption type for use
+// with apply.
+type PodDNSConfigOptionApplyConfiguration struct {
+ Name *string `json:"name,omitempty"`
+ Value *string `json:"value,omitempty"`
+}
+
+// PodDNSConfigOptionApplyConfiguration constructs a declarative configuration of the PodDNSConfigOption type for use with
+// apply.
+func PodDNSConfigOption() *PodDNSConfigOptionApplyConfiguration {
+ return &PodDNSConfigOptionApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *PodDNSConfigOptionApplyConfiguration) WithName(value string) *PodDNSConfigOptionApplyConfiguration {
+ b.Name = &value
+ return b
+}
+
+// WithValue sets the Value field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Value field is set to the value of the last call.
+func (b *PodDNSConfigOptionApplyConfiguration) WithValue(value string) *PodDNSConfigOptionApplyConfiguration {
+ b.Value = &value
+ return b
+}
diff --git a/pkg/client/applyconfiguration/monitoring/v1/prometheusspec.go b/pkg/client/applyconfiguration/monitoring/v1/prometheusspec.go
index c843ecc3a..66b01aa86 100644
--- a/pkg/client/applyconfiguration/monitoring/v1/prometheusspec.go
+++ b/pkg/client/applyconfiguration/monitoring/v1/prometheusspec.go
@@ -455,6 +455,22 @@ func (b *PrometheusSpecApplyConfiguration) WithSecurityContext(value corev1.PodS
return b
}
+// WithDNSPolicy sets the DNSPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DNSPolicy field is set to the value of the last call.
+func (b *PrometheusSpecApplyConfiguration) WithDNSPolicy(value monitoringv1.DNSPolicy) *PrometheusSpecApplyConfiguration {
+ b.DNSPolicy = &value
+ return b
+}
+
+// WithDNSConfig sets the DNSConfig field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DNSConfig field is set to the value of the last call.
+func (b *PrometheusSpecApplyConfiguration) WithDNSConfig(value *PodDNSConfigApplyConfiguration) *PrometheusSpecApplyConfiguration {
+ b.DNSConfig = value
+ return b
+}
+
// WithListenLocal sets the ListenLocal field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the ListenLocal field is set to the value of the last call.
diff --git a/pkg/client/applyconfiguration/monitoring/v1/thanosrulerspec.go b/pkg/client/applyconfiguration/monitoring/v1/thanosrulerspec.go
index aaf552726..539b45988 100644
--- a/pkg/client/applyconfiguration/monitoring/v1/thanosrulerspec.go
+++ b/pkg/client/applyconfiguration/monitoring/v1/thanosrulerspec.go
@@ -38,6 +38,8 @@ type ThanosRulerSpecApplyConfiguration struct {
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
+ DNSPolicy *monitoringv1.DNSPolicy `json:"dnsPolicy,omitempty"`
+ DNSConfig *PodDNSConfigApplyConfiguration `json:"dnsConfig,omitempty"`
PriorityClassName *string `json:"priorityClassName,omitempty"`
ServiceAccountName *string `json:"serviceAccountName,omitempty"`
Storage *StorageSpecApplyConfiguration `json:"storage,omitempty"`
@@ -200,6 +202,22 @@ func (b *ThanosRulerSpecApplyConfiguration) WithSecurityContext(value corev1.Pod
return b
}
+// WithDNSPolicy sets the DNSPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DNSPolicy field is set to the value of the last call.
+func (b *ThanosRulerSpecApplyConfiguration) WithDNSPolicy(value monitoringv1.DNSPolicy) *ThanosRulerSpecApplyConfiguration {
+ b.DNSPolicy = &value
+ return b
+}
+
+// WithDNSConfig sets the DNSConfig field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DNSConfig field is set to the value of the last call.
+func (b *ThanosRulerSpecApplyConfiguration) WithDNSConfig(value *PodDNSConfigApplyConfiguration) *ThanosRulerSpecApplyConfiguration {
+ b.DNSConfig = value
+ return b
+}
+
// WithPriorityClassName sets the PriorityClassName field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the PriorityClassName field is set to the value of the last call.
diff --git a/pkg/client/applyconfiguration/monitoring/v1alpha1/prometheusagentspec.go b/pkg/client/applyconfiguration/monitoring/v1alpha1/prometheusagentspec.go
index 3445887b4..6fca7b4d8 100644
--- a/pkg/client/applyconfiguration/monitoring/v1alpha1/prometheusagentspec.go
+++ b/pkg/client/applyconfiguration/monitoring/v1alpha1/prometheusagentspec.go
@@ -443,6 +443,22 @@ func (b *PrometheusAgentSpecApplyConfiguration) WithSecurityContext(value corev1
return b
}
+// WithDNSPolicy sets the DNSPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DNSPolicy field is set to the value of the last call.
+func (b *PrometheusAgentSpecApplyConfiguration) WithDNSPolicy(value monitoringv1.DNSPolicy) *PrometheusAgentSpecApplyConfiguration {
+ b.DNSPolicy = &value
+ return b
+}
+
+// WithDNSConfig sets the DNSConfig field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DNSConfig field is set to the value of the last call.
+func (b *PrometheusAgentSpecApplyConfiguration) WithDNSConfig(value *v1.PodDNSConfigApplyConfiguration) *PrometheusAgentSpecApplyConfiguration {
+ b.DNSConfig = value
+ return b
+}
+
// WithListenLocal sets the ListenLocal field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the ListenLocal field is set to the value of the last call.
diff --git a/pkg/client/applyconfiguration/utils.go b/pkg/client/applyconfiguration/utils.go
index 7237a19ef..9d524162a 100644
--- a/pkg/client/applyconfiguration/utils.go
+++ b/pkg/client/applyconfiguration/utils.go
@@ -104,6 +104,10 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &monitoringv1.ObjectReferenceApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("OTLPConfig"):
return &monitoringv1.OTLPConfigApplyConfiguration{}
+ case v1.SchemeGroupVersion.WithKind("PodDNSConfig"):
+ return &monitoringv1.PodDNSConfigApplyConfiguration{}
+ case v1.SchemeGroupVersion.WithKind("PodDNSConfigOption"):
+ return &monitoringv1.PodDNSConfigOptionApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("PodMetricsEndpoint"):
return &monitoringv1.PodMetricsEndpointApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("PodMonitor"):
diff --git a/pkg/k8sutil/k8sutil.go b/pkg/k8sutil/k8sutil.go
index 72ff599b1..9ba857802 100644
--- a/pkg/k8sutil/k8sutil.go
+++ b/pkg/k8sutil/k8sutil.go
@@ -538,3 +538,32 @@ func mergeMapsByPrefix(from map[string]string, to map[string]string, prefix stri
return to
}
+
+// ConvertToK8sDNSConfig converts a monitoringv1.PodDNSConfig to a corev1.PodDNSConfig.
+func ConvertToK8sDNSConfig(config *monitoringv1.PodDNSConfig) *v1.PodDNSConfig {
+ if config == nil {
+ return nil
+ }
+
+ k8sConfig := &v1.PodDNSConfig{
+ Nameservers: config.Nameservers,
+ Searches: config.Searches,
+ }
+
+ for _, opt := range config.Options {
+ k8sConfig.Options = append(k8sConfig.Options, v1.PodDNSConfigOption{
+ Name: opt.Name,
+ Value: opt.Value,
+ })
+ }
+
+ return k8sConfig
+}
+
+// ConvertDNSPolicy converts a monitoringv1.DNSPolicy to a corev1.DNSPolicy.
+func ConvertDNSPolicy(dnsPolicy *monitoringv1.DNSPolicy) v1.DNSPolicy {
+ if dnsPolicy == nil {
+ return v1.DNSClusterFirst
+ }
+ return v1.DNSPolicy(*dnsPolicy)
+}
diff --git a/pkg/k8sutil/k8sutil_test.go b/pkg/k8sutil/k8sutil_test.go
index 21e019e73..54fef71fb 100644
--- a/pkg/k8sutil/k8sutil_test.go
+++ b/pkg/k8sutil/k8sutil_test.go
@@ -26,6 +26,8 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/validation"
"k8s.io/client-go/kubernetes/fake"
+
+ monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
)
func TestUniqueVolumeName(t *testing.T) {
@@ -520,3 +522,39 @@ func TestCreateOrUpdateImmutableFields(t *testing.T) {
service.Spec.IPFamilyPolicy, modifiedSvc.Spec.IPFamilyPolicy)
})
}
+
+func TestConvertToK8sDNSConfig(t *testing.T) {
+ monitoringDNSConfig := &monitoringv1.PodDNSConfig{
+ Nameservers: []string{"8.8.8.8", "8.8.4.4"},
+ Searches: []string{"custom.search"},
+ Options: []monitoringv1.PodDNSConfigOption{
+ {
+ Name: "ndots",
+ Value: ptrTo("5"),
+ },
+ {
+ Name: "timeout",
+ Value: ptrTo("1"),
+ },
+ },
+ }
+
+ k8sDNSConfig := ConvertToK8sDNSConfig(monitoringDNSConfig)
+
+ // Verify the conversion matches the original content
+ require.Equal(t, monitoringDNSConfig.Nameservers, k8sDNSConfig.Nameservers, "expected nameservers to match")
+ require.Equal(t, monitoringDNSConfig.Searches, k8sDNSConfig.Searches, "expected searches to match")
+
+ // Check if DNSConfig options match
+ require.Equal(t, len(monitoringDNSConfig.Options), len(k8sDNSConfig.Options), "expected options length to match")
+ for i, option := range monitoringDNSConfig.Options {
+ k8sOption := k8sDNSConfig.Options[i]
+ require.Equal(t, option.Name, k8sOption.Name, "expected option names to match")
+ require.Equal(t, option.Value, k8sOption.Value, "expected option values to match")
+ }
+}
+
+// ptrTo is a helper function to get a pointer to a string value.
+func ptrTo(val string) *string {
+ return &val
+}
diff --git a/pkg/prometheus/agent/statefulset.go b/pkg/prometheus/agent/statefulset.go
index 25e2f315d..b26f0dfc8 100644
--- a/pkg/prometheus/agent/statefulset.go
+++ b/pkg/prometheus/agent/statefulset.go
@@ -281,6 +281,34 @@ func makeStatefulSetSpec(
return nil, fmt.Errorf("failed to merge containers spec: %w", err)
}
+ spec := v1.PodSpec{
+ ShareProcessNamespace: prompkg.ShareProcessNamespace(p),
+ Containers: containers,
+ InitContainers: initContainers,
+ SecurityContext: cpf.SecurityContext,
+ ServiceAccountName: cpf.ServiceAccountName,
+ AutomountServiceAccountToken: ptr.To(ptr.Deref(cpf.AutomountServiceAccountToken, true)),
+ NodeSelector: cpf.NodeSelector,
+ PriorityClassName: cpf.PriorityClassName,
+ TerminationGracePeriodSeconds: ptr.To(int64(600)),
+ Volumes: volumes,
+ Tolerations: cpf.Tolerations,
+ Affinity: cpf.Affinity,
+ TopologySpreadConstraints: prompkg.MakeK8sTopologySpreadConstraint(finalSelectorLabels, cpf.TopologySpreadConstraints),
+ HostAliases: operator.MakeHostAliases(cpf.HostAliases),
+ HostNetwork: cpf.HostNetwork,
+ }
+
+ // Set DNSPolicy if not nil
+ if cpf.DNSPolicy != nil {
+ spec.DNSPolicy = k8sutil.ConvertDNSPolicy(cpf.DNSPolicy)
+ }
+
+ // Set DNSConfig if not nil
+ if cpf.DNSConfig != nil {
+ spec.DNSConfig = k8sutil.ConvertToK8sDNSConfig(cpf.DNSConfig)
+ }
+
// PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164
// This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations
return &appsv1.StatefulSetSpec{
@@ -299,25 +327,7 @@ func makeStatefulSetSpec(
Labels: finalLabels,
Annotations: podAnnotations,
},
- Spec: v1.PodSpec{
- ShareProcessNamespace: prompkg.ShareProcessNamespace(p),
- Containers: containers,
- InitContainers: initContainers,
- SecurityContext: cpf.SecurityContext,
- ServiceAccountName: cpf.ServiceAccountName,
- AutomountServiceAccountToken: ptr.To(ptr.Deref(cpf.AutomountServiceAccountToken, true)),
- NodeSelector: cpf.NodeSelector,
- PriorityClassName: cpf.PriorityClassName,
- // Prometheus may take quite long to shut down to checkpoint existing data.
- // Allow up to 10 minutes for clean termination.
- TerminationGracePeriodSeconds: ptr.To(int64(600)),
- Volumes: volumes,
- Tolerations: cpf.Tolerations,
- Affinity: cpf.Affinity,
- TopologySpreadConstraints: prompkg.MakeK8sTopologySpreadConstraint(finalSelectorLabels, cpf.TopologySpreadConstraints),
- HostAliases: operator.MakeHostAliases(cpf.HostAliases),
- HostNetwork: cpf.HostNetwork,
- },
+ Spec: spec,
},
}, nil
}
diff --git a/pkg/prometheus/agent/statefulset_test.go b/pkg/prometheus/agent/statefulset_test.go
index ab618d2ae..17a3c004a 100644
--- a/pkg/prometheus/agent/statefulset_test.go
+++ b/pkg/prometheus/agent/statefulset_test.go
@@ -219,3 +219,48 @@ func TestAutomountServiceAccountToken(t *testing.T) {
})
}
}
+
+func TestStatefulSetDNSPolicyAndDNSConfig(t *testing.T) {
+ // Monitoring DNS settings
+ monitoringDNSPolicy := v1.DNSClusterFirst
+ monitoringDNSConfig := &monitoringv1.PodDNSConfig{
+ Nameservers: []string{"8.8.8.8", "8.8.4.4"},
+ Searches: []string{"custom.search"},
+ Options: []monitoringv1.PodDNSConfigOption{
+ {
+ Name: "ndots",
+ Value: ptr.To("5"),
+ },
+ },
+ }
+ monitoringDNSPolicyPtr := ptr.To(monitoringv1.DNSPolicy(monitoringDNSPolicy))
+
+ // Create the PrometheusAgent object with DNS settings
+ prometheusAgent := monitoringv1alpha1.PrometheusAgent{
+ Spec: monitoringv1alpha1.PrometheusAgentSpec{
+ CommonPrometheusFields: monitoringv1.CommonPrometheusFields{
+ DNSPolicy: monitoringDNSPolicyPtr,
+ DNSConfig: monitoringDNSConfig,
+ },
+ },
+ }
+
+ // Generate the StatefulSet
+ sset, err := makeStatefulSetFromPrometheus(prometheusAgent)
+ require.NoError(t, err)
+
+ // Validate the DNS Policy
+ require.Equal(t, v1.DNSClusterFirst, sset.Spec.Template.Spec.DNSPolicy, "expected DNS policy to match")
+
+ // Validate the DNS Config
+ require.NotNil(t, sset.Spec.Template.Spec.DNSConfig, "expected DNS config to be set")
+ require.Equal(t, monitoringDNSConfig.Nameservers, sset.Spec.Template.Spec.DNSConfig.Nameservers, "expected nameservers to match")
+ require.Equal(t, monitoringDNSConfig.Searches, sset.Spec.Template.Spec.DNSConfig.Searches, "expected searches to match")
+
+ require.Equal(t, len(monitoringDNSConfig.Options), len(sset.Spec.Template.Spec.DNSConfig.Options), "expected options length to match")
+ for i, option := range monitoringDNSConfig.Options {
+ k8sOption := sset.Spec.Template.Spec.DNSConfig.Options[i]
+ require.Equal(t, option.Name, k8sOption.Name, "expected option names to match")
+ require.Equal(t, option.Value, k8sOption.Value, "expected option values to match")
+ }
+}
diff --git a/pkg/prometheus/server/statefulset.go b/pkg/prometheus/server/statefulset.go
index 83eacfbf0..d7a74ce94 100644
--- a/pkg/prometheus/server/statefulset.go
+++ b/pkg/prometheus/server/statefulset.go
@@ -399,6 +399,8 @@ func makeStatefulSetSpec(
TopologySpreadConstraints: prompkg.MakeK8sTopologySpreadConstraint(finalSelectorLabels, cpf.TopologySpreadConstraints),
HostAliases: operator.MakeHostAliases(cpf.HostAliases),
HostNetwork: cpf.HostNetwork,
+ DNSPolicy: k8sutil.ConvertDNSPolicy(cpf.DNSPolicy),
+ DNSConfig: k8sutil.ConvertToK8sDNSConfig(cpf.DNSConfig),
},
},
}, nil
diff --git a/pkg/prometheus/server/statefulset_test.go b/pkg/prometheus/server/statefulset_test.go
index e30a912e8..f26d603f3 100644
--- a/pkg/prometheus/server/statefulset_test.go
+++ b/pkg/prometheus/server/statefulset_test.go
@@ -2829,3 +2829,86 @@ func TestAutomountServiceAccountToken(t *testing.T) {
})
}
}
+
+func TestDNSPolicyAndDNSConfig(t *testing.T) {
+ tests := []struct {
+ name string
+ dnsPolicy v1.DNSPolicy
+ dnsConfig *v1.PodDNSConfig
+ expectedDNSPolicy v1.DNSPolicy
+ expectedDNSConfig *v1.PodDNSConfig
+ }{
+ {
+ name: "Default DNSPolicy and DNSConfig",
+ dnsPolicy: v1.DNSClusterFirst,
+ dnsConfig: nil,
+ expectedDNSPolicy: v1.DNSClusterFirst,
+ expectedDNSConfig: nil,
+ },
+ {
+ name: "Custom DNSPolicy",
+ dnsPolicy: v1.DNSDefault,
+ dnsConfig: nil,
+ expectedDNSPolicy: v1.DNSDefault,
+ expectedDNSConfig: nil,
+ },
+ {
+ name: "Custom DNSConfig",
+ dnsPolicy: v1.DNSClusterFirst,
+ dnsConfig: &v1.PodDNSConfig{
+ Nameservers: []string{"8.8.8.8", "8.8.4.4"},
+ Searches: []string{"custom.svc.cluster.local"},
+ },
+ expectedDNSPolicy: v1.DNSClusterFirst,
+ expectedDNSConfig: &v1.PodDNSConfig{
+ Nameservers: []string{"8.8.8.8", "8.8.4.4"},
+ Searches: []string{"custom.svc.cluster.local"},
+ },
+ },
+ {
+ name: "Custom DNS Policy with Search Domains",
+ dnsPolicy: v1.DNSDefault,
+ dnsConfig: &v1.PodDNSConfig{
+ Searches: []string{"kitsos.com", "kitsos.org"},
+ },
+ expectedDNSPolicy: v1.DNSDefault,
+ expectedDNSConfig: &v1.PodDNSConfig{
+ Searches: []string{"kitsos.com", "kitsos.org"},
+ },
+ },
+ }
+
+ for _, test := range tests {
+ t.Run(test.name, func(t *testing.T) {
+ monitoringDNSPolicyPtr := ptr.To(monitoringv1.DNSPolicy(test.dnsPolicy))
+
+ var monitoringDNSConfig *monitoringv1.PodDNSConfig
+ if test.dnsConfig != nil {
+ monitoringDNSConfig = &monitoringv1.PodDNSConfig{
+ Nameservers: test.dnsConfig.Nameservers,
+ Searches: test.dnsConfig.Searches,
+ }
+ }
+
+ sset, err := makeStatefulSetFromPrometheus(monitoringv1.Prometheus{
+ ObjectMeta: metav1.ObjectMeta{},
+ Spec: monitoringv1.PrometheusSpec{
+ CommonPrometheusFields: monitoringv1.CommonPrometheusFields{
+ DNSPolicy: monitoringDNSPolicyPtr,
+ DNSConfig: monitoringDNSConfig,
+ },
+ },
+ })
+ require.NoError(t, err)
+
+ require.Equal(t, test.expectedDNSPolicy, sset.Spec.Template.Spec.DNSPolicy, "expected DNSPolicy to match, want %v, got %v", test.expectedDNSPolicy, sset.Spec.Template.Spec.DNSPolicy)
+ if test.expectedDNSConfig != nil {
+ require.NotNil(t, sset.Spec.Template.Spec.DNSConfig, "expected DNSConfig to be set")
+ require.Equal(t, test.expectedDNSConfig.Nameservers, sset.Spec.Template.Spec.DNSConfig.Nameservers, "expected DNSConfig Nameservers to match, want %v, got %v", test.expectedDNSConfig.Nameservers, sset.Spec.Template.Spec.DNSConfig.Nameservers)
+ require.Equal(t, test.expectedDNSConfig.Searches, sset.Spec.Template.Spec.DNSConfig.Searches, "expected DNSConfig Searches to match, want %v, got %v", test.expectedDNSConfig.Searches, sset.Spec.Template.Spec.DNSConfig.Searches)
+ } else {
+ require.Nil(t, sset.Spec.Template.Spec.DNSConfig, "expected DNSConfig to be nil")
+ }
+ })
+ }
+}
diff --git a/pkg/thanos/statefulset.go b/pkg/thanos/statefulset.go
index 15eaeb3b0..54e2fe1c5 100644
--- a/pkg/thanos/statefulset.go
+++ b/pkg/thanos/statefulset.go
@@ -358,6 +358,17 @@ func makeStatefulSetSpec(tr *monitoringv1.ThanosRuler, config Config, ruleConfig
)
}
+ // Handle DNSPolicy
+ var dnsPolicy v1.DNSPolicy
+ if tr.Spec.DNSPolicy != nil {
+ dnsPolicy = k8sutil.ConvertDNSPolicy(tr.Spec.DNSPolicy)
+ } else {
+ dnsPolicy = v1.DNSClusterFirst
+ }
+
+ // Handle DNSConfig
+ dnsConfig := k8sutil.ConvertToK8sDNSConfig(tr.Spec.DNSConfig)
+
podAnnotations := map[string]string{}
podLabels := map[string]string{}
if tr.Spec.PodMetadata != nil {
@@ -472,6 +483,8 @@ func makeStatefulSetSpec(tr *monitoringv1.ThanosRuler, config Config, ruleConfig
Affinity: tr.Spec.Affinity,
TopologySpreadConstraints: tr.Spec.TopologySpreadConstraints,
HostAliases: operator.MakeHostAliases(tr.Spec.HostAliases),
+ DNSPolicy: dnsPolicy,
+ DNSConfig: dnsConfig,
},
},
}, nil
diff --git a/pkg/thanos/statefulset_test.go b/pkg/thanos/statefulset_test.go
index 1cef0e02c..f009b18a3 100644
--- a/pkg/thanos/statefulset_test.go
+++ b/pkg/thanos/statefulset_test.go
@@ -24,8 +24,10 @@ import (
appsv1 "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/utils/ptr"
monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
+ "github.com/prometheus-operator/prometheus-operator/pkg/k8sutil"
"github.com/prometheus-operator/prometheus-operator/pkg/operator"
)
@@ -981,3 +983,36 @@ func TestThanosVersion(t *testing.T) {
})
}
}
+
+func TestStatefulSetDNSPolicyAndDNSConfig(t *testing.T) {
+ k8sDNSPolicy := v1.DNSClusterFirst
+ monitoringDNSConfig := monitoringv1.PodDNSConfig{
+ Nameservers: []string{"8.8.8.8"},
+ Searches: []string{"custom.search"},
+ Options: []monitoringv1.PodDNSConfigOption{
+ {
+ Name: "ndots",
+ Value: ptr.To("5"),
+ },
+ },
+ }
+
+ k8sDNSConfig := k8sutil.ConvertToK8sDNSConfig(&monitoringDNSConfig)
+
+ monitoringDNSPolicyPtr := ptr.To(monitoringv1.DNSPolicy(k8sDNSPolicy))
+
+ sset, err := makeStatefulSet(&monitoringv1.ThanosRuler{
+ ObjectMeta: metav1.ObjectMeta{},
+ Spec: monitoringv1.ThanosRulerSpec{
+ QueryEndpoints: emptyQueryEndpoints,
+ DNSPolicy: monitoringDNSPolicyPtr,
+ DNSConfig: &monitoringDNSConfig,
+ },
+ }, defaultTestConfig, nil, "", &operator.ShardedSecret{})
+
+ require.NoError(t, err)
+
+ require.Equal(t, k8sDNSPolicy, sset.Spec.Template.Spec.DNSPolicy, "expected DNS policy to match")
+
+ require.Equal(t, k8sDNSConfig, sset.Spec.Template.Spec.DNSConfig, "expected DNS configuration to match")
+}
diff --git a/test/e2e/alertmanager_test.go b/test/e2e/alertmanager_test.go
index f911877b3..7c72f6ef1 100644
--- a/test/e2e/alertmanager_test.go
+++ b/test/e2e/alertmanager_test.go
@@ -2395,6 +2395,80 @@ func testAlertmanagerCRDValidation(t *testing.T) {
},
expectedError: true,
},
+ {
+ name: "valid-dns-policy-and-config",
+ alertmanagerSpec: monitoringv1.AlertmanagerSpec{
+ Replicas: &replicas,
+ DNSPolicy: ptr.To(monitoringv1.DNSPolicy("ClusterFirst")),
+ DNSConfig: &monitoringv1.PodDNSConfig{
+ Nameservers: []string{"8.8.8.8"},
+ Options: []monitoringv1.PodDNSConfigOption{
+ {
+ Name: "ndots",
+ Value: ptr.To("5"),
+ },
+ },
+ },
+ },
+ expectedError: false,
+ },
+ {
+ name: "invalid-dns-policy",
+ alertmanagerSpec: monitoringv1.AlertmanagerSpec{
+ Replicas: &replicas,
+ DNSPolicy: ptr.To(monitoringv1.DNSPolicy("InvalidPolicy")),
+ },
+ expectedError: true,
+ },
+ {
+ name: "valid-dns-config",
+ alertmanagerSpec: monitoringv1.AlertmanagerSpec{
+ Replicas: &replicas,
+ DNSPolicy: ptr.To(monitoringv1.DNSPolicy("ClusterFirst")),
+ DNSConfig: &monitoringv1.PodDNSConfig{
+ Nameservers: []string{"8.8.4.4"},
+ Searches: []string{"svc.cluster.local"},
+ Options: []monitoringv1.PodDNSConfigOption{
+ {
+ Name: "ndots",
+ Value: ptr.To("5"),
+ },
+ {
+ Name: "timeout",
+ Value: ptr.To("2"),
+ },
+ },
+ },
+ },
+ expectedError: false,
+ },
+ {
+ name: "invalid-dns-config-nameservers",
+ alertmanagerSpec: monitoringv1.AlertmanagerSpec{
+ Replicas: &replicas,
+ DNSPolicy: ptr.To(monitoringv1.DNSPolicy("ClusterFirst")),
+ DNSConfig: &monitoringv1.PodDNSConfig{
+ Nameservers: []string{""}, // Empty string violates MinLength constraint
+ },
+ },
+ expectedError: true,
+ },
+ {
+ name: "invalid-dns-config-options",
+ alertmanagerSpec: monitoringv1.AlertmanagerSpec{
+ Replicas: &replicas,
+ DNSPolicy: ptr.To(monitoringv1.DNSPolicy("ClusterFirst")),
+ DNSConfig: &monitoringv1.PodDNSConfig{
+ Options: []monitoringv1.PodDNSConfigOption{
+ {
+ Name: "", // Empty string violates MinLength constraint
+ Value: ptr.To("some-value"),
+ },
+ },
+ },
+ },
+ expectedError: true,
+ },
}
for _, test := range tests {
diff --git a/test/e2e/prometheus_test.go b/test/e2e/prometheus_test.go
index 943e70918..d77e09e07 100644
--- a/test/e2e/prometheus_test.go
+++ b/test/e2e/prometheus_test.go
@@ -4643,6 +4643,49 @@ func testPrometheusCRDValidation(t *testing.T) {
},
expectedError: true,
},
+ {
+ name: "valid-dns-policy-and-config",
+ prometheusSpec: monitoringv1.PrometheusSpec{
+ CommonPrometheusFields: monitoringv1.CommonPrometheusFields{
+ Replicas: &replicas,
+ Version: operator.DefaultPrometheusVersion,
+ ServiceAccountName: "prometheus",
+ Resources: v1.ResourceRequirements{
+ Requests: v1.ResourceList{
+ v1.ResourceMemory: resource.MustParse("400Mi"),
+ },
+ },
+ DNSPolicy: ptr.To(monitoringv1.DNSPolicy("ClusterFirst")),
+ DNSConfig: &monitoringv1.PodDNSConfig{
+ Nameservers: []string{"8.8.8.8"},
+ Options: []monitoringv1.PodDNSConfigOption{
+ {
+ Name: "ndots",
+ Value: ptr.To("5"),
+ },
+ },
+ },
+ },
+ },
+ expectedError: false,
+ },
+ {
+ name: "invalid-dns-policy",
+ prometheusSpec: monitoringv1.PrometheusSpec{
+ CommonPrometheusFields: monitoringv1.CommonPrometheusFields{
+ Replicas: &replicas,
+ Version: operator.DefaultPrometheusVersion,
+ ServiceAccountName: "prometheus",
+ Resources: v1.ResourceRequirements{
+ Requests: v1.ResourceList{
+ v1.ResourceMemory: resource.MustParse("400Mi"),
+ },
+ },
+ DNSPolicy: ptr.To(monitoringv1.DNSPolicy("InvalidPolicy")),
+ },
+ },
+ expectedError: true,
+ },
//
// Alertmanagers-Endpoints tests
{
|