Config map reference for the Cluster Monitoring Operator

To configure monitoring components, edit the object named cluster-monitoring-config in the openshift-monitoring namespace. These configurations are defined by .
To configure monitoring components that monitor user-defined projects, edit the ConfigMap object named user-workload-monitoring-config in the openshift-user-workload-monitoring namespace. These configurations are defined by UserWorkloadConfiguration.

The configuration file is always defined under the config.yaml key in the config map data.

AdditionalAlertmanagerConfig

The AdditionalAlertmanagerConfig resource defines settings for how a component communicates with additional Alertmanager instances.

Required

apiVersion

Appears in: PrometheusK8sConfig, , ThanosRulerConfig

Property	Type	Description
apiVersion	string	Defines the API version of Alertmanager. Possible values are `v1` or `v2`. The default is `v2`.
bearerToken	v1.SecretKeySelector	Defines the secret key reference containing the bearer token to use when authenticating to Alertmanager.
pathPrefix	string	Defines the path prefix to add in front of the push endpoint path.
scheme	string	Defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `http` or `https`. The default value is `http`.
staticConfigs	[]string	A list of statically configured Alertmanager endpoints in the form of `<hosts>:<port>`.
timeout	string	Defines the timeout value used when sending alerts.
tlsConfig		Defines the TLS settings to use for Alertmanager connections.

AlertmanagerMainConfig

Description

The AlertmanagerMainConfig resource defines settings for the Alertmanager component in the openshift-monitoring namespace.

Appears in: ClusterMonitoringConfiguration

Property	Type	Description
enabled	bool	A Boolean flag that enables or disables the main Alertmanager instance in the `openshift-monitoring` namespace. The default value is `true`.
enableUserAlertmanagerConfig	bool	A Boolean flag that enables or disables user-defined namespaces to be selected for `AlertmanagerConfig` lookups. This setting only applies if the user workload monitoring instance of Alertmanager is not enabled. The default value is `false`.
logLevel	string	Defines the log level setting for Alertmanager. The possible values are: `error`, `warn`, `info`, `debug`. The default value is `info`.
nodeSelector	map[string]string	Defines the nodes on which the Pods are scheduled.
resources	v1.ResourceRequirements	Defines resource requests and limits for the Alertmanager container.
secrets	[]string	Defines a list of secrets to be mounted into Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They are added as volumes named `secret-<secret-name>` and mounted at `/etc/alertmanager/secrets/<secret-name>` in the `alertmanager` container of the Alertmanager pods.
tolerations	[]v1.Toleration	Defines tolerations for the pods.
topologySpreadConstraints	[]v1.TopologySpreadConstraint	Defines a pod’s topology spread constraints.
volumeClaimTemplate	*monv1.EmbeddedPersistentVolumeClaim	Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name.

AlertmanagerUserWorkloadConfig

Description

The AlertmanagerUserWorkloadConfig resource defines the settings for the Alertmanager instance used for user-defined projects.

Appears in:

Property	Type	Description
enabled	bool	A Boolean flag that enables or disables a dedicated instance of Alertmanager for user-defined alerts in the `openshift-user-workload-monitoring` namespace. The default value is `false`.
enableAlertmanagerConfig	bool	A Boolean flag to enable or disable user-defined namespaces to be selected for `AlertmanagerConfig` lookup. The default value is `false`.
logLevel	string	Defines the log level setting for Alertmanager for user workload monitoring. The possible values are `error`, `warn`, `info`, and `debug`. The default value is `info`.
resources	v1.ResourceRequirements	Defines resource requests and limits for the Alertmanager container.
secrets	[]string	Defines a list of secrets to be mounted into Alertmanager. The secrets must be located within the same namespace as the Alertmanager object. They are added as volumes named `secret-<secret-name>` and mounted at `/etc/alertmanager/secrets/<secret-name>` in the `alertmanager` container of the Alertmanager pods.
nodeSelector	map[string]string	Defines the nodes on which the pods are scheduled.
tolerations	[]v1.Toleration	Defines tolerations for the pods.
volumeClaimTemplate	monv1.EmbeddedPersistentVolumeClaim	Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size and name.

ClusterMonitoringConfiguration

Description

The ClusterMonitoringConfiguration resource defines settings that customize the default platform monitoring stack through the cluster-monitoring-config config map in the openshift-monitoring namespace.

Property	Type	Description
alertmanagerMain	AlertmanagerMainConfig	`AlertmanagerMainConfig` defines settings for the Alertmanager component in the `openshift-monitoring` namespace.
enableUserWorkload	bool	`UserWorkloadEnabled` is a Boolean flag that enables monitoring for user-defined projects.
k8sPrometheusAdapter		`K8sPrometheusAdapter` defines settings for the Prometheus Adapter component.
kubeStateMetrics	KubeStateMetricsConfig	`KubeStateMetricsConfig` defines settings for the `kube-state-metrics` agent.
prometheusK8s		`PrometheusK8sConfig` defines settings for the Prometheus component.
prometheusOperator	PrometheusOperatorConfig	`PrometheusOperatorConfig` defines settings for the Prometheus Operator component.
openshiftStateMetrics		`OpenShiftMetricsConfig` defines settings for the `openshift-state-metrics` agent.
telemeterClient	TelemeterClientConfig	`TelemeterClientConfig` defines settings for the Telemeter Client component.
thanosQuerier	*	`ThanosQuerierConfig` defines settings for the Thanos Querier component.
nodeExporter	NodeExporterConfig	`NodeExporterConfig` defines settings for the `node-exporter` agent.

DedicatedServiceMonitors

Description

You can use the DedicatedServiceMonitors resource to configure dedicated Service Monitors for the Prometheus Adapter

Appears in:

Property	Type	Description
enabled	bool	When `enabled` is set to `true`, the Cluster Monitoring Operator (CMO) deploys a dedicated Service Monitor that exposes the kubelet `/metrics/resource` endpoint. This Service Monitor sets `honorTimestamps: true` and only keeps metrics that are relevant for the pod resource queries of Prometheus Adapter. Additionally, Prometheus Adapter is configured to use these dedicated metrics. Overall, this feature improves the consistency of Prometheus Adapter-based CPU usage measurements used by, for example, the `oc adm top pod` command or the Horizontal Pod Autoscaler.

K8sPrometheusAdapter

Description

The K8sPrometheusAdapter resource defines settings for the Prometheus Adapter component.

Appears in: ClusterMonitoringConfiguration

Property	Type	Description
audit	Audit	Defines the audit configuration used by the Prometheus Adapter instance. Possible profile values are: `metadata`, `request`, `requestresponse`, and `none`. The default value is `metadata`.
nodeSelector	map[string]string	Defines the nodes on which the pods are scheduled.
tolerations	[]v1.Toleration	Defines tolerations for the pods.
dedicatedServiceMonitors		Defines dedicated service monitors.

KubeStateMetricsConfig

Description

The KubeStateMetricsConfig resource defines settings for the kube-state-metrics agent.

Appears in: ClusterMonitoringConfiguration

Property	Type	Description
nodeSelector	map[string]string	Defines the nodes on which the pods are scheduled.
tolerations	[]v1.Toleration	Defines tolerations for the pods.

Description

Appears in:

NodeExporterCollectorConfig

The NodeExporterCollectorConfig resource defines settings for individual collectors of the node-exporter agent.

Appears in: NodeExporterConfig

Property	Type	Description
cpufreq		Defines the configuration of the `cpufreq` collector, which collects CPU frequency statistics. Disabled by default.
tcpstat	NodeExporterCollectorTcpStatConfig	Defines the configuration of the `tcpstat` collector, which collects TCP connection statistics. Disabled by default.
netdev		Defines the configuration of the `netdev` collector, which collects network devices statistics. Enabled by default.
netclass	NodeExporterCollectorNetClassConfig	Defines the configuration of the `netclass` collector, which collects information about network devices. Enabled by default.
buddyinfo		Defines the configuration of the `buddyinfo` collector, which collects statistics about memory fragmentation from the `node_buddyinfo_blocks` metric. This metric collects data from `/proc/buddyinfo`. Disabled by default.

NodeExporterCollectorCpufreqConfig

Description

The NodeExporterCollectorCpufreqConfig resource works as an on/off switch for the collector of the node-exporter agent. By default, the cpufreq collector is disabled. Under certain circumstances, enabling the cpufreq collector increases CPU usage on machines with many cores. If you enable this collector and have machines with many cores, monitor your systems closely for excessive CPU usage.

Appears in: NodeExporterCollectorConfig

Property	Type	Description
enabled	bool	A Boolean flag that enables or disables the `cpufreq` collector.

NodeExporterCollectorNetClassConfig

Description

The NodeExporterCollectorNetClassConfig resource works as an on/off switch for the netclass collector of the node-exporter agent. By default, the netclass collector is enabled. If disabled, these metrics become unavailable: node_network_info, node_network_address_assign_type, node_network_carrier, node_network_carrier_changes_total, node_network_carrier_up_changes_total, node_network_carrier_down_changes_total, node_network_device_id, node_network_dormant, node_network_flags, node_network_iface_id, node_network_iface_link, node_network_iface_link_mode, node_network_mtu_bytes, node_network_name_assign_type, node_network_net_dev_group, node_network_speed_bytes, node_network_transmit_queue_length, node_network_protocol_type.

Appears in:

Property	Type	Description
enabled	bool	A Boolean flag that enables or disables the `netclass` collector.
useNetlink	bool	A Boolean flag that activates the `netlink` implementation of the `netclass` collector. By default, it is disabled. This implementation improves the performance of the `netclass` collector by omitting these metrics: `node_network_address_assign_type`, `node_network_name_assign_type`, `node_network_device_id`, `node_network_speed_bytes`. In addition, the `node_network_info` metric lacks the `duplex` label.

NodeExporterCollectorNetDevConfig

Description

The NodeExporterCollectorNetDevConfig resource works as an on/off switch for the netdev collector of the node-exporter agent. By default, the netdev collector is enabled. If disabled, these metrics become unavailable: node_network_receive_bytes_total, node_network_receive_compressed_total, node_network_receive_drop_total, node_network_receive_errs_total, node_network_receive_fifo_total, node_network_receive_frame_total, node_network_receive_multicast_total, node_network_receive_nohandler_total, node_network_receive_packets_total, node_network_transmit_bytes_total, node_network_transmit_carrier_total, node_network_transmit_colls_total, node_network_transmit_compressed_total, node_network_transmit_drop_total, node_network_transmit_errs_total, node_network_transmit_fifo_total, node_network_transmit_packets_total.

Appears in: NodeExporterCollectorConfig

Property	Type	Description
enabled	bool	A Boolean flag that enables or disables the `netdev` collector.

NodeExporterCollectorTcpStatConfig

Description

The NodeExporterCollectorTcpStatConfig resource works as an on/off switch for the tcpstat collector of the node-exporter agent. By default, the tcpstat collector is disabled.

Appears in:

Property	Type	Description
enabled	bool	A Boolean flag that enables or disables the `tcpstat` collector.

NodeExporterConfig

Description

The NodeExporterConfig resource defines settings for the node-exporter agent.

Appears in: ClusterMonitoringConfiguration

Property	Type	Description
collectors		Defines which collectors are enabled and their additional configuration parameters.

OpenShiftStateMetricsConfig

Description

The OpenShiftStateMetricsConfig resource defines settings for the openshift-state-metrics agent.

Appears in: ClusterMonitoringConfiguration

Property	Type	Description
nodeSelector	map[string]string	Defines the nodes on which the pods are scheduled.
tolerations	[]v1.Toleration	Defines tolerations for the pods.

Description

The PrometheusK8sConfig resource defines settings for the Prometheus component.

Appears in:

PrometheusOperatorConfig

Description

The PrometheusOperatorConfig resource defines settings for the Prometheus Operator component.

Appears in: ClusterMonitoringConfiguration,

Property	Type	Description
logLevel	string	Defines the log level settings for Prometheus Operator. The possible values are `error`, `warn`, `info`, and `debug`. The default value is `info`.
nodeSelector	map[string]string	Defines the nodes on which the pods are scheduled.
tolerations	[]v1.Toleration	Defines tolerations for the pods.

PrometheusRestrictedConfig

The PrometheusRestrictedConfig resource defines the settings for the Prometheus component that monitors user-defined projects.

Appears in: UserWorkloadConfiguration

Property	Type	Description
additionalAlertmanagerConfigs	[]	Configures additional Alertmanager instances that receive alerts from the Prometheus component. By default, no additional Alertmanager instances are configured.
enforcedLabelLimit	uint64	Specifies a per-scrape limit on the number of labels accepted for a sample. If the number of labels exceeds this limit after metric relabeling, the entire scrape is treated as failed. The default value is `0`, which means that no limit is set.
enforcedLabelNameLengthLimit	uint64	Specifies a per-scrape limit on the length of a label name for a sample. If the length of a label name exceeds this limit after metric relabeling, the entire scrape is treated as failed. The default value is `0`, which means that no limit is set.
enforcedLabelValueLengthLimit	uint64	Specifies a per-scrape limit on the length of a label value for a sample. If the length of a label value exceeds this limit after metric relabeling, the entire scrape is treated as failed. The default value is `0`, which means that no limit is set.
enforcedSampleLimit	uint64	Specifies a global limit on the number of scraped samples that will be accepted. This setting overrides the `SampleLimit` value set in any user-defined `ServiceMonitor` or `PodMonitor` object if the value is greater than `enforcedTargetLimit`. Administrators can use this setting to keep the overall number of samples under control. The default value is `0`, which means that no limit is set.
enforcedTargetLimit	uint64	Specifies a global limit on the number of scraped targets. This setting overrides the `TargetLimit` value set in any user-defined `ServiceMonitor` or `PodMonitor` object if the value is greater than `enforcedSampleLimit`. Administrators can use this setting to keep the overall number of targets under control. The default value is `0`.
externalLabels	map[string]string	Defines labels to be added to any time series or alerts when communicating with external systems such as federation, remote storage, and Alertmanager. By default, no labels are added.
logLevel	string	Defines the log level setting for Prometheus. The possible values are `error`, `warn`, `info`, and `debug`. The default setting is `info`.
nodeSelector	map[string]string	Defines the nodes on which the pods are scheduled.
queryLogFile	string
remoteWrite	[]RemoteWriteSpec	Defines the remote write configuration, including URL, authentication, and relabeling settings.
resources	v1.ResourceRequirements	Defines resource requests and limits for the Prometheus container.
retention	string	Defines the duration for which Prometheus retains data. This definition must be specified using the following regular expression pattern: `[0-9]+(ms\|s\|m\|h\|d\|w\|y)` (ms = milliseconds, s= seconds,m = minutes, h = hours, d = days, w = weeks, y = years). The default value is `15d`.
retentionSize	string	Defines the maximum amount of disk space used by data blocks plus the write-ahead log (WAL). Supported values are `B`, `KB`, `KiB`, `MB`, `MiB`, `GB`, `GiB`, `TB`, `TiB`, `PB`, `PiB`, `EB`, and `EiB`. The default value is `nil`.
tolerations	[]v1.Toleration	Defines tolerations for the pods.
volumeClaimTemplate	*monv1.EmbeddedPersistentVolumeClaim	Defines persistent storage for Prometheus. Use this setting to configure the storage class and size of a volume.

RemoteWriteSpec

Description

The RemoteWriteSpec resource defines the settings for remote write storage.

Required

url

Appears in: PrometheusK8sConfig,

Property	Type	Description
authorization	monv1.SafeAuthorization	Defines the authorization settings for remote write storage.
basicAuth	monv1.BasicAuth	Defines basic authentication settings for the remote write endpoint URL.
bearerTokenFile	string	Defines the file that contains the bearer token for the remote write endpoint. However, because you cannot mount secrets in a pod, in practice you can only reference the token of the service account.
headers	map[string]string	Specifies the custom HTTP headers to be sent along with each remote write request. Headers set by Prometheus cannot be overwritten.
metadataConfig	monv1.MetadataConfig	Defines settings for sending series metadata to remote write storage.
name	string	Defines the name of the remote write queue. This name is used in metrics and logging to differentiate queues. If specified, this name must be unique.
oauth2	monv1.OAuth2	Defines OAuth2 authentication settings for the remote write endpoint.
proxyUrl	string	Defines an optional proxy URL.
queueConfig	monv1.QueueConfig	Allows tuning configuration for remote write queue parameters.
remoteTimeout	string	Defines the timeout value for requests to the remote write endpoint.
sigv4	monv1.Sigv4	Defines AWS Signature Version 4 authentication settings.
tlsConfig	*monv1.SafeTLSConfig	Defines TLS authentication settings for the remote write endpoint.
url	string	Defines the URL of the remote write endpoint to which samples will be sent.
writeRelabelConfigs	[]monv1.RelabelConfig	Defines the list of remote write relabel configurations.

TLSConfig

Description

The TLSConfig resource configures the settings for TLS connections.

Required

insecureSkipVerify

Appears in:

Property	Type	Description
ca	v1.SecretKeySelector	Defines the secret key reference containing the Certificate Authority (CA) to use for the remote host.
cert	v1.SecretKeySelector	Defines the secret key reference containing the public certificate to use for the remote host.
key	*v1.SecretKeySelector	Defines the secret key reference containing the private key to use for the remote host.
serverName	string	Used to verify the hostname on the returned certificate.
insecureSkipVerify	bool	When set to `true`, disables the verification of the remote host’s certificate and name.

TelemeterClientConfig

Description

TelemeterClientConfig defines settings for the Telemeter Client component.

Required

tolerations

Appears in:

Property	Type	Description
nodeSelector	map[string]string	Defines the nodes on which the pods are scheduled.
tolerations	[]v1.Toleration	Defines tolerations for the pods.

ThanosQuerierConfig

Description

The ThanosQuerierConfig resource defines settings for the Thanos Querier component.

Appears in: ClusterMonitoringConfiguration

Property	Type	Description
enableRequestLogging	bool	A Boolean flag that enables or disables request logging. The default value is `false`.
logLevel	string	Defines the log level setting for Thanos Querier. The possible values are `error`, `warn`, `info`, and `debug`. The default value is `info`.
nodeSelector	map[string]string	Defines the nodes on which the pods are scheduled.
resources	*v1.ResourceRequirements	Defines resource requests and limits for the Thanos Querier container.
tolerations	[]v1.Toleration	Defines tolerations for the pods.

ThanosRulerConfig

Description

The ThanosRulerConfig resource defines configuration for the Thanos Ruler instance for user-defined projects.

Appears in:

Property	Type	Description
additionalAlertmanagerConfigs	[]AdditionalAlertmanagerConfig	Configures how the Thanos Ruler component communicates with additional Alertmanager instances. The default value is `nil`.
logLevel	string	Defines the log level setting for Thanos Ruler. The possible values are `error`, `warn`, `info`, and `debug`. The default value is `info`.
nodeSelector	map[string]string	Defines the nodes on which the Pods are scheduled.
resources	v1.ResourceRequirements	Defines resource requests and limits for the Alertmanager container.
retention	string	Defines the duration for which Prometheus retains data. This definition must be specified using the following regular expression pattern: `[0-9]+(ms\|s\|m\|h\|d\|w\|y)` (ms = milliseconds, s= seconds,m = minutes, h = hours, d = days, w = weeks, y = years). The default value is `15d`.
tolerations	[]v1.Toleration	Defines tolerations for the pods.
topologySpreadConstraints	[]v1.TopologySpreadConstraint	Defines topology spread constraints for the pods.
volumeClaimTemplate	monv1.EmbeddedPersistentVolumeClaim	Defines persistent storage for Thanos Ruler. Use this setting to configure the storage class and size of a volume.

The UserWorkloadConfiguration resource defines the settings responsible for user-defined projects in the user-workload-monitoring-config config map in the openshift-user-workload-monitoring namespace. You can only enable UserWorkloadConfiguration after you have set enableUserWorkload to true in the cluster-monitoring-config config map under the namespace.