Monitoring API: remove maximum retention days prometheus

config/v1/tests/apiservers.config.openshift.io/VaultKMS.yaml

@@ -390,27 +390,6 @@ tests:
                 transitKey: my-key
       expectedError: "appRole config is required when authentication type is AppRole"
 
-    # transitMount required field validation
-    - name: Should reject Vault KMS config without transitMount
-      initial: |
-        apiVersion: config.openshift.io/v1
-        kind: APIServer
-        spec:
-          encryption:
-            type: KMS
-            kms:
-              type: Vault
-              vault:
-                kmsPluginImage: registry.example.com/vault-plugin@sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
-                vaultAddress: https://vault.example.com:8200
-                authentication:
-                  type: AppRole
-                  appRole:
-                    secret:
-                      name: vault-approle
-                transitKey: my-key
-      expectedError: "Required value"
-
     # kmsPluginImage validation tests
     - name: Should reject kmsPluginImage with tag instead of digest
       initial: |

config/v1/types_kmsencryption.go

@@ -193,18 +193,22 @@ type VaultKMSPluginConfig struct {
 
 	// transitMount specifies the mount path of the Vault Transit engine.
 	//
-	// The transit mount must be between 1 and 1024 characters, cannot start or
-	// end with a forward slash, cannot contain consecutive forward slashes, and
-	// must only contain RFC 3986 unreserved characters (alphanumeric, hyphen,
-	// period, underscore, tilde) and forward slashes as path separators.
+	// When omitted, this means the user has no opinion and the platform is left
+	// to choose a reasonable default. These defaults are subject to change over time.
+	// The current default is "transit".
+	//
+	// The transit mount must be between 1 and 1024 characters when specified, cannot start or
+	// end with a forward slash, cannot contain consecutive forward slashes, and must only contain
+	// RFC 3986 unreserved characters (alphanumeric, hyphen, period, underscore, tilde) and forward
+	// slashes as path separators.
 	//
 	// +kubebuilder:validation:MinLength=1
 	// +kubebuilder:validation:MaxLength=1024
 	// +kubebuilder:validation:XValidation:rule="!self.startsWith('/')",message="transitMount cannot start with a forward slash"
 	// +kubebuilder:validation:XValidation:rule="!self.endsWith('/')",message="transitMount cannot end with a forward slash"
 	// +kubebuilder:validation:XValidation:rule="!self.contains('//')",message="transitMount cannot contain consecutive forward slashes"
 	// +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._~/-]+$')",message="transitMount must only contain RFC 3986 unreserved characters (alphanumeric, hyphen, period, underscore, tilde) and forward slashes"
-	// +required
+	// +optional
 	TransitMount string `json:"transitMount,omitempty"`
 
 	// transitKey specifies the name of the encryption key in Vault's Transit engine.

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml

@@ -349,10 +349,14 @@ spec:
                             description: |-
                               transitMount specifies the mount path of the Vault Transit engine.
 
-                              The transit mount must be between 1 and 1024 characters, cannot start or
-                              end with a forward slash, cannot contain consecutive forward slashes, and
-                              must only contain RFC 3986 unreserved characters (alphanumeric, hyphen,
-                              period, underscore, tilde) and forward slashes as path separators.
+                              When omitted, this means the user has no opinion and the platform is left
+                              to choose a reasonable default. These defaults are subject to change over time.
+                              The current default is "transit".
+
+                              The transit mount must be between 1 and 1024 characters when specified, cannot start or
+                              end with a forward slash, cannot contain consecutive forward slashes, and must only contain
+                              RFC 3986 unreserved characters (alphanumeric, hyphen, period, underscore, tilde) and forward
+                              slashes as path separators.
                             maxLength: 1024
                             minLength: 1
                             type: string
@@ -419,7 +423,6 @@ spec:
                         - authentication
                         - kmsPluginImage
                         - transitKey
-                        - transitMount
                         - vaultAddress
                         type: object
                     required:

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml

@@ -349,10 +349,14 @@ spec:
                             description: |-
                               transitMount specifies the mount path of the Vault Transit engine.
 
-                              The transit mount must be between 1 and 1024 characters, cannot start or
-                              end with a forward slash, cannot contain consecutive forward slashes, and
-                              must only contain RFC 3986 unreserved characters (alphanumeric, hyphen,
-                              period, underscore, tilde) and forward slashes as path separators.
+                              When omitted, this means the user has no opinion and the platform is left
+                              to choose a reasonable default. These defaults are subject to change over time.
+                              The current default is "transit".
+
+                              The transit mount must be between 1 and 1024 characters when specified, cannot start or
+                              end with a forward slash, cannot contain consecutive forward slashes, and must only contain
+                              RFC 3986 unreserved characters (alphanumeric, hyphen, period, underscore, tilde) and forward
+                              slashes as path separators.
                             maxLength: 1024
                             minLength: 1
                             type: string
@@ -419,7 +423,6 @@ spec:
                         - authentication
                         - kmsPluginImage
                         - transitKey
-                        - transitMount
                         - vaultAddress
                         type: object
                     required:

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml

@@ -349,10 +349,14 @@ spec:
                             description: |-
                               transitMount specifies the mount path of the Vault Transit engine.
 
-                              The transit mount must be between 1 and 1024 characters, cannot start or
-                              end with a forward slash, cannot contain consecutive forward slashes, and
-                              must only contain RFC 3986 unreserved characters (alphanumeric, hyphen,
-                              period, underscore, tilde) and forward slashes as path separators.
+                              When omitted, this means the user has no opinion and the platform is left
+                              to choose a reasonable default. These defaults are subject to change over time.
+                              The current default is "transit".
+
+                              The transit mount must be between 1 and 1024 characters when specified, cannot start or
+                              end with a forward slash, cannot contain consecutive forward slashes, and must only contain
+                              RFC 3986 unreserved characters (alphanumeric, hyphen, period, underscore, tilde) and forward
+                              slashes as path separators.
                             maxLength: 1024
                             minLength: 1
                             type: string
@@ -419,7 +423,6 @@ spec:
                         - authentication
                         - kmsPluginImage
                         - transitKey
-                        - transitMount
                         - vaultAddress
                         type: object
                     required:

config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml

@@ -349,10 +349,14 @@ spec:
                             description: |-
                               transitMount specifies the mount path of the Vault Transit engine.
 
-                              The transit mount must be between 1 and 1024 characters, cannot start or
-                              end with a forward slash, cannot contain consecutive forward slashes, and
-                              must only contain RFC 3986 unreserved characters (alphanumeric, hyphen,
-                              period, underscore, tilde) and forward slashes as path separators.
+                              When omitted, this means the user has no opinion and the platform is left
+                              to choose a reasonable default. These defaults are subject to change over time.
+                              The current default is "transit".
+
+                              The transit mount must be between 1 and 1024 characters when specified, cannot start or
+                              end with a forward slash, cannot contain consecutive forward slashes, and must only contain
+                              RFC 3986 unreserved characters (alphanumeric, hyphen, period, underscore, tilde) and forward
+                              slashes as path separators.
                             maxLength: 1024
                             minLength: 1
                             type: string
@@ -419,7 +423,6 @@ spec:
                         - authentication
                         - kmsPluginImage
                         - transitKey
-                        - transitMount
                         - vaultAddress
                         type: object
                     required:

config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml

@@ -2276,6 +2276,90 @@ tests:
                 request: "100m"
                 limit: "0"
       expectedError: 'spec.nodeExporterConfig.resources[0].limit: Invalid value: "": limit must be a positive, non-zero quantity'
+    - name: Should accept prometheusConfig retention duration
+      initial: |
+        apiVersion: config.openshift.io/v1alpha1
+        kind: ClusterMonitoring
+        spec:
+          userDefined:
+            mode: "Disabled"
+          prometheusConfig:
+            retention:
+              duration: "15h"
+      expected: |
+        apiVersion: config.openshift.io/v1alpha1
+        kind: ClusterMonitoring
+        spec:
+          userDefined:
+            mode: "Disabled"
+          prometheusConfig:
+            retention:
+              duration: "15h"
+    - name: Should accept prometheusConfig retention size
+      initial: |
+        apiVersion: config.openshift.io/v1alpha1
+        kind: ClusterMonitoring
+        spec:
+          userDefined:
+            mode: "Disabled"
+          prometheusConfig:
+            retention:
+              size: "500MiB"
+      expected: |
+        apiVersion: config.openshift.io/v1alpha1
+        kind: ClusterMonitoring
+        spec:
+          userDefined:
+            mode: "Disabled"
+          prometheusConfig:
+            retention:
+              size: "500MiB"
+    - name: Should reject invalid prometheusConfig retention duration
+      initial: |
+        apiVersion: config.openshift.io/v1alpha1
+        kind: ClusterMonitoring
+        spec:
+          userDefined:
+            mode: "Disabled"
+          prometheusConfig:
+            retention:
+              duration: "15days"
+      expectedError: 'spec.prometheusConfig.retention.duration: Invalid value: "string": must be a valid Prometheus duration string'
+    - name: Should reject invalid prometheusConfig retention size
+      initial: |
+        apiVersion: config.openshift.io/v1alpha1
+        kind: ClusterMonitoring
+        spec:
+          userDefined:
+            mode: "Disabled"
+          prometheusConfig:
+            retention:
+              size: "500Mi"
+      expectedError: 'spec.prometheusConfig.retention.size: Invalid value: "string": must be a valid Prometheus byte-size string'
+    - name: Should reject prometheusConfig retention with both durationInDays and duration
+      initial: |
+        apiVersion: config.openshift.io/v1alpha1
+        kind: ClusterMonitoring
+        spec:
+          userDefined:
+            mode: "Disabled"
+          prometheusConfig:
+            retention:
+              durationInDays: 15
+              duration: "15d"
+      expectedError: 'durationInDays and duration cannot both be set'
+    - name: Should reject prometheusConfig retention with both sizeInGiB and size
+      initial: |
+        apiVersion: config.openshift.io/v1alpha1
+        kind: ClusterMonitoring
+        spec:
+          userDefined:
+            mode: "Disabled"
+          prometheusConfig:
+            retention:
+              sizeInGiB: 500
+              size: "500GiB"
+      expectedError: 'sizeInGiB and size cannot both be set'
   onUpdate:
     - name: Should reject updating TelemeterClientConfig to empty object
       initial: |

config/v1alpha1/types_cluster_monitoring.go

@@ -1340,7 +1340,7 @@ type PrometheusConfig struct {
 	// +kubebuilder:validation:MinItems=1
 	Resources []ContainerResource `json:"resources,omitempty"`
 	// retention configures how long Prometheus retains metrics data and how much storage it can use.
-	// When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).
+	// When omitted, the platform chooses reasonable defaults (currently 15d retention, no size limit).
 	// +optional
 	Retention Retention `json:"retention,omitempty,omitzero"`
 	// tolerations defines tolerations for the pods.
@@ -2234,8 +2234,11 @@ type SecretKeySelector struct {
 
 // Retention configures how long Prometheus retains metrics data and how much storage it can use.
 // +kubebuilder:validation:MinProperties=1
+// +kubebuilder:validation:XValidation:rule="!has(self.durationInDays) || !has(self.duration)",message="durationInDays and duration cannot both be set"
+// +kubebuilder:validation:XValidation:rule="!has(self.sizeInGiB) || !has(self.size)",message="sizeInGiB and size cannot both be set"
 type Retention struct {
 	// durationInDays specifies how many days Prometheus will retain metrics data.
+	// Deprecated: use duration instead. durationInDays and duration cannot both be set.
 	// Prometheus automatically deletes data older than this duration.
 	// When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
 	// The default value is 15.
@@ -2245,8 +2248,10 @@ type Retention struct {
 	// +kubebuilder:validation:Maximum=365
 	// +optional
 	DurationInDays int32 `json:"durationInDays,omitempty"`
+
 	// sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus
 	// can use for data blocks and the write-ahead log (WAL).
+	// Deprecated: use size instead. sizeInGiB and size cannot both be set.
 	// When the limit is reached, Prometheus will delete oldest data first.
 	// When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity.
 	// Minimum value is 1 GiB.
@@ -2255,6 +2260,39 @@ type Retention struct {
 	// +kubebuilder:validation:Maximum=16384
 	// +optional
 	SizeInGiB int32 `json:"sizeInGiB,omitempty"`
+
+	// duration is an optional field that specifies how long Prometheus retains metrics data.
+	// Valid values are Prometheus duration strings composed of non-negative integer components
+	// with unit suffixes y, w, d, h, m, s, or ms (for example, "15d", "24h", "15h").
+	// Single-unit forms such as "15d" or "24h" are recommended over composite durations with
+	// zero-valued components (for example, "0y5d"), which are redundant but valid upstream.
+	// Must be at least 1 character and at most 64 characters.
+	// When set to "0", time-based retention is disabled. Other zero-duration forms such as "0d",
+	// "0h", or "0y" are semantically equivalent in Prometheus parsing, but "0" is the canonical
+	// documented form for disabling time-based retention.
+	// Prometheus automatically deletes data older than this duration.
+	// When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
+	// The current default value is `15d`.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=64
+	// +kubebuilder:validation:XValidation:rule=`self.matches('^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$')`,message="must be a valid Prometheus duration string"
+	// +optional
+	Duration string `json:"duration,omitempty"`
+
+	// size is an optional field that specifies the maximum storage size that Prometheus
+	// can use for data blocks and the write-ahead log (WAL).
+	// Valid values are Prometheus byte-size strings with an optional decimal prefix and a
+	// unit suffix B, KB, MB, GB, TB, EB, PB, or their binary equivalents KiB, MiB, GiB, TiB, EiB, PiB
+	// (for example, "500MiB", "10GiB").
+	// Must be at least 1 character and at most 32 characters.
+	// When set to "0", no size limit is enforced.
+	// When the limit is reached, Prometheus deletes oldest data first.
+	// When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=32
+	// +kubebuilder:validation:XValidation:rule=`self.matches('^(0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$')`,message="must be a valid Prometheus byte-size string"
+	// +optional
+	Size string `json:"size,omitempty"`
 }
 
 // RelabelAction defines the action to perform in a relabeling rule.