operator/api: delete PodSecurityPolicy from spec

api/v1beta1/vmagent_types.go

@@ -113,10 +113,6 @@ type VMAgentSpec struct {
 	// cannot be used with HostNetwork.
 	// +optional
 	HostAliases []v1.HostAlias `json:"host_aliases,omitempty"`
-	// PodSecurityPolicyName - defines name for podSecurityPolicy
-	// in case of empty value, prefixedName will be used.
-	// +optional
-	PodSecurityPolicyName string `json:"podSecurityPolicyName,omitempty"`
 	// Containers property allows to inject additions sidecars or to patch existing containers.
 	// It can be useful for proxies, backup, etc.
 	// +optional
@@ -690,13 +686,6 @@ func (cr VMAgent) GetClusterRoleName() string {
 	return fmt.Sprintf("monitoring:vmagent-cluster-access-%s", cr.Name)
 }
 
-func (cr VMAgent) GetPSPName() string {
-	if cr.Spec.PodSecurityPolicyName == "" {
-		return cr.PrefixedName()
-	}
-	return cr.Spec.PodSecurityPolicyName
-}
-
 func (cr VMAgent) GetNSName() string {
 	return cr.GetNamespace()
 }

api/v1beta1/vmalert_types.go

@@ -111,10 +111,6 @@ type VMAlertSpec struct {
 	// https://kubernetes.io/docs/concepts/containers/runtime-class/
 	// +optional
 	RuntimeClassName *string `json:"runtimeClassName,omitempty"`
-	// PodSecurityPolicyName - defines name for podSecurityPolicy
-	// in case of empty value, prefixedName will be used.
-	// +optional
-	PodSecurityPolicyName string `json:"podSecurityPolicyName,omitempty"`
 	// Containers property allows to inject additions sidecars or to patch existing containers.
 	// It can be useful for proxies, backup, etc.
 	// +optional
@@ -508,13 +504,6 @@ func (cr VMAlert) IsOwnsServiceAccount() bool {
 	return cr.Spec.ServiceAccountName == ""
 }
 
-func (cr VMAlert) GetPSPName() string {
-	if cr.Spec.PodSecurityPolicyName == "" {
-		return cr.PrefixedName()
-	}
-	return cr.Spec.PodSecurityPolicyName
-}
-
 func (cr VMAlert) GetNSName() string {
 	return cr.GetNamespace()
 }

api/v1beta1/vmalertmanager_types.go

@@ -178,10 +178,6 @@ type VMAlertmanagerSpec struct {
 	// https://kubernetes.io/docs/concepts/containers/runtime-class/
 	// +optional
 	RuntimeClassName *string `json:"runtimeClassName,omitempty"`
-	// PodSecurityPolicyName - defines name for podSecurityPolicy
-	// in case of empty value, prefixedName will be used.
-	// +optional
-	PodSecurityPolicyName string `json:"podSecurityPolicyName,omitempty"`
 	// ListenLocal makes the VMAlertmanager server listen on loopback, so that it
 	// does not bind against the Pod IP. Note this is only for the VMAlertmanager
 	// UI, not the gossip communication.
@@ -408,13 +404,6 @@ func (cr VMAlertmanager) IsOwnsServiceAccount() bool {
 	return cr.Spec.ServiceAccountName == ""
 }
 
-func (cr VMAlertmanager) GetPSPName() string {
-	if cr.Spec.PodSecurityPolicyName == "" {
-		return cr.PrefixedName()
-	}
-	return cr.Spec.PodSecurityPolicyName
-}
-
 func (cr VMAlertmanager) GetNSName() string {
 	return cr.GetNamespace()
 }

api/v1beta1/vmauth_types.go

@@ -97,10 +97,6 @@ type VMAuthSpec struct {
 	// https://kubernetes.io/docs/concepts/containers/runtime-class/
 	// +optional
 	RuntimeClassName *string `json:"runtimeClassName,omitempty"`
-	// PodSecurityPolicyName - defines name for podSecurityPolicy
-	// in case of empty value, prefixedName will be used.
-	// +optional
-	PodSecurityPolicyName string `json:"podSecurityPolicyName,omitempty"`
 	// HostAliases provides mapping for ip and hostname,
 	// that would be propagated to pod,
 	// cannot be used with HostNetwork.
@@ -432,13 +428,6 @@ func (cr VMAuth) IsOwnsServiceAccount() bool {
 	return cr.Spec.ServiceAccountName == ""
 }
 
-func (cr VMAuth) GetPSPName() string {
-	if cr.Spec.PodSecurityPolicyName == "" {
-		return cr.PrefixedName()
-	}
-	return cr.Spec.PodSecurityPolicyName
-}
-
 func (cr VMAuth) GetNSName() string {
 	return cr.GetNamespace()
 }

api/v1beta1/vmcluster_types.go

@@ -32,10 +32,6 @@ type VMClusterSpec struct {
 	// distinct storage nodes
 	// +optional
 	ReplicationFactor *int32 `json:"replicationFactor,omitempty"`
-	// PodSecurityPolicyName - defines name for podSecurityPolicy
-	// in case of empty value, prefixedName will be used.
-	// +optional
-	PodSecurityPolicyName string `json:"podSecurityPolicyName,omitempty"`
 
 	// ServiceAccountName is the name of the ServiceAccount to use to run the
 	// VMSelect, VMStorage and VMInsert Pods.
@@ -1040,13 +1036,6 @@ func (cr VMCluster) PrefixedName() string {
 	return fmt.Sprintf("vmcluster-%s", cr.Name)
 }
 
-func (cr VMCluster) GetPSPName() string {
-	if cr.Spec.PodSecurityPolicyName == "" {
-		return cr.PrefixedName()
-	}
-	return cr.Spec.PodSecurityPolicyName
-}
-
 func (cr VMCluster) SelectorLabels() map[string]string {
 	return map[string]string{
 		"app.kubernetes.io/name":      "vmcluster",

api/v1beta1/vmsingle_types.go

@@ -111,10 +111,6 @@ type VMSingleSpec struct {
 	// https://kubernetes.io/docs/concepts/containers/runtime-class/
 	// +optional
 	RuntimeClassName *string `json:"runtimeClassName,omitempty"`
-	// PodSecurityPolicyName - defines name for podSecurityPolicy
-	// in case of empty value, prefixedName will be used.
-	// +optional
-	PodSecurityPolicyName string `json:"podSecurityPolicyName,omitempty"`
 	// HostAliases provides mapping for ip and hostname,
 	// that would be propagated to pod,
 	// cannot be used with HostNetwork.
@@ -369,13 +365,6 @@ func (cr VMSingle) IsOwnsServiceAccount() bool {
 	return cr.Spec.ServiceAccountName == ""
 }
 
-func (cr VMSingle) GetPSPName() string {
-	if cr.Spec.PodSecurityPolicyName == "" {
-		return cr.PrefixedName()
-	}
-	return cr.Spec.PodSecurityPolicyName
-}
-
 func (cr VMSingle) GetNSName() string {
 	return cr.GetNamespace()
 }

api/victoriametrics/v1beta1/vmagent_types.go

@@ -113,10 +113,6 @@ type VMAgentSpec struct {
 	// cannot be used with HostNetwork.
 	// +optional
 	HostAliases []v1.HostAlias `json:"host_aliases,omitempty"`
-	// PodSecurityPolicyName - defines name for podSecurityPolicy
-	// in case of empty value, prefixedName will be used.
-	// +optional
-	PodSecurityPolicyName string `json:"podSecurityPolicyName,omitempty"`
 	// Containers property allows to inject additions sidecars or to patch existing containers.
 	// It can be useful for proxies, backup, etc.
 	// +optional
@@ -690,13 +686,6 @@ func (cr VMAgent) GetClusterRoleName() string {
 	return fmt.Sprintf("monitoring:vmagent-cluster-access-%s", cr.Name)
 }
 
-func (cr VMAgent) GetPSPName() string {
-	if cr.Spec.PodSecurityPolicyName == "" {
-		return cr.PrefixedName()
-	}
-	return cr.Spec.PodSecurityPolicyName
-}
-
 func (cr VMAgent) GetNSName() string {
 	return cr.GetNamespace()
 }

api/victoriametrics/v1beta1/vmalert_types.go

@@ -111,10 +111,6 @@ type VMAlertSpec struct {
 	// https://kubernetes.io/docs/concepts/containers/runtime-class/
 	// +optional
 	RuntimeClassName *string `json:"runtimeClassName,omitempty"`
-	// PodSecurityPolicyName - defines name for podSecurityPolicy
-	// in case of empty value, prefixedName will be used.
-	// +optional
-	PodSecurityPolicyName string `json:"podSecurityPolicyName,omitempty"`
 	// Containers property allows to inject additions sidecars or to patch existing containers.
 	// It can be useful for proxies, backup, etc.
 	// +optional
@@ -508,13 +504,6 @@ func (cr VMAlert) IsOwnsServiceAccount() bool {
 	return cr.Spec.ServiceAccountName == ""
 }
 
-func (cr VMAlert) GetPSPName() string {
-	if cr.Spec.PodSecurityPolicyName == "" {
-		return cr.PrefixedName()
-	}
-	return cr.Spec.PodSecurityPolicyName
-}
-
 func (cr VMAlert) GetNSName() string {
 	return cr.GetNamespace()
 }

api/victoriametrics/v1beta1/vmalertmanager_types.go

@@ -178,10 +178,6 @@ type VMAlertmanagerSpec struct {
 	// https://kubernetes.io/docs/concepts/containers/runtime-class/
 	// +optional
 	RuntimeClassName *string `json:"runtimeClassName,omitempty"`
-	// PodSecurityPolicyName - defines name for podSecurityPolicy
-	// in case of empty value, prefixedName will be used.
-	// +optional
-	PodSecurityPolicyName string `json:"podSecurityPolicyName,omitempty"`
 	// ListenLocal makes the VMAlertmanager server listen on loopback, so that it
 	// does not bind against the Pod IP. Note this is only for the VMAlertmanager
 	// UI, not the gossip communication.
@@ -408,13 +404,6 @@ func (cr VMAlertmanager) IsOwnsServiceAccount() bool {
 	return cr.Spec.ServiceAccountName == ""
 }
 
-func (cr VMAlertmanager) GetPSPName() string {
-	if cr.Spec.PodSecurityPolicyName == "" {
-		return cr.PrefixedName()
-	}
-	return cr.Spec.PodSecurityPolicyName
-}
-
 func (cr VMAlertmanager) GetNSName() string {
 	return cr.GetNamespace()
 }

api/victoriametrics/v1beta1/vmauth_types.go

@@ -97,10 +97,6 @@ type VMAuthSpec struct {
 	// https://kubernetes.io/docs/concepts/containers/runtime-class/
 	// +optional
 	RuntimeClassName *string `json:"runtimeClassName,omitempty"`
-	// PodSecurityPolicyName - defines name for podSecurityPolicy
-	// in case of empty value, prefixedName will be used.
-	// +optional
-	PodSecurityPolicyName string `json:"podSecurityPolicyName,omitempty"`
 	// HostAliases provides mapping for ip and hostname,
 	// that would be propagated to pod,
 	// cannot be used with HostNetwork.
@@ -432,13 +428,6 @@ func (cr VMAuth) IsOwnsServiceAccount() bool {
 	return cr.Spec.ServiceAccountName == ""
 }
 
-func (cr VMAuth) GetPSPName() string {
-	if cr.Spec.PodSecurityPolicyName == "" {
-		return cr.PrefixedName()
-	}
-	return cr.Spec.PodSecurityPolicyName
-}
-
 func (cr VMAuth) GetNSName() string {
 	return cr.GetNamespace()
 }

api/victoriametrics/v1beta1/vmcluster_types.go

@@ -32,10 +32,6 @@ type VMClusterSpec struct {
 	// distinct storage nodes
 	// +optional
 	ReplicationFactor *int32 `json:"replicationFactor,omitempty"`
-	// PodSecurityPolicyName - defines name for podSecurityPolicy
-	// in case of empty value, prefixedName will be used.
-	// +optional
-	PodSecurityPolicyName string `json:"podSecurityPolicyName,omitempty"`
 
 	// ServiceAccountName is the name of the ServiceAccount to use to run the
 	// VMSelect, VMStorage and VMInsert Pods.
@@ -1040,13 +1036,6 @@ func (cr VMCluster) PrefixedName() string {
 	return fmt.Sprintf("vmcluster-%s", cr.Name)
 }
 
-func (cr VMCluster) GetPSPName() string {
-	if cr.Spec.PodSecurityPolicyName == "" {
-		return cr.PrefixedName()
-	}
-	return cr.Spec.PodSecurityPolicyName
-}
-
 func (cr VMCluster) SelectorLabels() map[string]string {
 	return map[string]string{
 		"app.kubernetes.io/name":      "vmcluster",

api/victoriametrics/v1beta1/vmsingle_types.go

@@ -111,10 +111,6 @@ type VMSingleSpec struct {
 	// https://kubernetes.io/docs/concepts/containers/runtime-class/
 	// +optional
 	RuntimeClassName *string `json:"runtimeClassName,omitempty"`
-	// PodSecurityPolicyName - defines name for podSecurityPolicy
-	// in case of empty value, prefixedName will be used.
-	// +optional
-	PodSecurityPolicyName string `json:"podSecurityPolicyName,omitempty"`
 	// HostAliases provides mapping for ip and hostname,
 	// that would be propagated to pod,
 	// cannot be used with HostNetwork.
@@ -369,13 +365,6 @@ func (cr VMSingle) IsOwnsServiceAccount() bool {
 	return cr.Spec.ServiceAccountName == ""
 }
 
-func (cr VMSingle) GetPSPName() string {
-	if cr.Spec.PodSecurityPolicyName == "" {
-		return cr.PrefixedName()
-	}
-	return cr.Spec.PodSecurityPolicyName
-}
-
 func (cr VMSingle) GetNSName() string {
 	return cr.GetNamespace()
 }

api/victoriametrics/v1beta1/vmuser_types.go

@@ -150,6 +150,9 @@ type TargetRef struct {
 	// See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.
 	// +optional
 	DropSrcPathPrefixParts *int `json:"drop_src_path_prefix_parts,omitempty"`
+	// TargetRefBasicAuth allow an target endpoint to authenticate over basic authentication
+	// +optional
+	TargetRefBasicAuth *TargetRefBasicAuth `json:"targetRefBasicAuth,omitempty"`
 }
 
 // VMUserIPFilters defines filters for IP addresses
@@ -191,6 +194,18 @@ type StaticRef struct {
 	URLs []string `json:"urls,omitempty"`
 }
 
+// TargetRefBasicAuth target basic authentication
+type TargetRefBasicAuth struct {
+	// The secret in the service scrape namespace that contains the username
+	// for authentication.
+	// It must be at them same namespace as CRD
+	Username v1.SecretKeySelector `json:"username"`
+	// The secret in the service scrape namespace that contains the password
+	// for authentication.
+	// It must be at them same namespace as CRD
+	Password v1.SecretKeySelector `json:"password"`
+}
+
 // VMUserStatus defines the observed state of VMUser
 type VMUserStatus struct{}
 

config/crd/bases/operator.victoriametrics.com_vmagents.yaml

@@ -1478,11 +1478,6 @@ spec:
                     type: object
                 type: object
                 x-kubernetes-map-type: atomic
-              podSecurityPolicyName:
-                description: |-
-                  PodSecurityPolicyName - defines name for podSecurityPolicy
-                  in case of empty value, prefixedName will be used.
-                type: string
               port:
                 description: Port listen address
                 type: string

config/crd/bases/operator.victoriametrics.com_vmalertmanagers.yaml

@@ -787,11 +787,6 @@ spec:
                       More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
                     type: string
                 type: object
-              podSecurityPolicyName:
-                description: |-
-                  PodSecurityPolicyName - defines name for podSecurityPolicy
-                  in case of empty value, prefixedName will be used.
-                type: string
               portName:
                 description: |-
                   PortName used for the pods and governing service.