scrapeconfig: support more discovery mechanisms#1838
Open
AndrewChubatiuk wants to merge 3 commits intomasterfrom
Open
scrapeconfig: support more discovery mechanisms#1838AndrewChubatiuk wants to merge 3 commits intomasterfrom
AndrewChubatiuk wants to merge 3 commits intomasterfrom
Conversation
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
2 issues found across 9 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="docs/CHANGELOG.md">
<violation number="1" location="docs/CHANGELOG.md:31">
P3: Fix the typo in the changelog entry: `eureka_sd_confiig` should be `eureka_sd_config` so the documented discovery config name is accurate.</violation>
<violation number="2" location="docs/CHANGELOG.md:31">
P1: Custom agent: **Changelog Review Agent**
Changelog entries must include a user-centric before/after explanation and link relevant issues/PRs (Required structure §§3–4). This entry only lists added configs and provides no references, so it does not meet the mandated changelog format.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
AndrewChubatiuk
force-pushed
the
support-more-sd-configs
branch
from
5da4352 to
5de88be
Compare
Contributor
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="docs/CHANGELOG.md">
<violation number="1" location="docs/CHANGELOG.md:31">
P1: Custom agent: **Changelog Review Agent**
Changelog entry does not follow the required structure (missing before/after user-centric explanation and references), which violates the Changelog Review Agent rule’s mandatory format.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
AndrewChubatiuk
force-pushed
the
support-more-sd-configs
branch
5 times, most recently
from
d15e1b6 to
3f9ea3c
Compare
AndrewChubatiuk
force-pushed
the
support-more-sd-configs
branch
2 times, most recently
from
f8a67d1 to
02f937e
Compare
AndrewChubatiuk
force-pushed
the
support-more-sd-configs
branch
4 times, most recently
from
10c04f6 to
d86bbfc
Compare
Contributor
There was a problem hiding this comment.
9 issues found across 11 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="docs/api.md">
<violation number="1" location="docs/api.md:2339">
P3: `MattermostConfig` description is incorrect and references Teams “adaptive cards/flows,” which misdocuments the Mattermost integration.</violation>
</file>
<file name="api/operator/v1beta1/vmalertmanagerconfig_types.go">
<violation number="1" location="api/operator/v1beta1/vmalertmanagerconfig_types.go:435">
P1: Mattermost receivers bypass arbitrary filesystem access enforcement because they are not included in `ValidateArbitraryFSAccess()`.</violation>
<violation number="2" location="api/operator/v1beta1/vmalertmanagerconfig_types.go:507">
P2: Webex validation dropped the required `http_config.authorization` check, allowing invalid receiver configs to pass CR validation.</violation>
<violation number="3" location="api/operator/v1beta1/vmalertmanagerconfig_types.go:1637">
P2: `MattermostConfig.validate()` does not reject configurations where both `url` and `url_secret` are set.</violation>
</file>
<file name="config/crd/overlay/crd.descriptionless.yaml">
<violation number="1">
P1: Mattermost CRD schema uses wrong secret field name and invalidly requires it, breaking receiver configuration.</violation>
</file>
<file name="internal/controller/operator/factory/vmalertmanager/config.go">
<violation number="1" location="internal/controller/operator/factory/vmalertmanager/config.go:150">
P1: Nil pointer dereference when `baseCfg.Global` is nil. When the base alertmanager config has no `global:` section, `baseCfg.Global` will be nil, and passing it to `buildOpsGenie`, `buildSlack`, `buildEmail`, etc. will panic on the first field access (e.g., `gc.OpsGenieAPIKey`). Initialize a zero-value `globalConfig` before passing it to `buildReceiver`.</violation>
<violation number="2" location="internal/controller/operator/factory/vmalertmanager/config.go:1353">
P1: Missing `description` field in OpsGenie config output. The old `buildOpsGenie` included `toYamlString("description", og.Description)`, but it was dropped in this refactor. OpsGenie alerts will silently lose their incident description.</violation>
</file>
<file name="config/crd/overlay/crd.yaml">
<violation number="1">
P3: The Mattermost schema description is incorrect (mentions adaptive cards/flows), which will mislead generated CRD documentation.</violation>
<violation number="2">
P1: Renaming `http_headers` to `headers` in the CRD without keeping a compatibility alias introduces a breaking API change for existing manifests.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.
AndrewChubatiuk
force-pushed
the
support-more-sd-configs
branch
5 times, most recently
from
73adb50 to
b9eee7d
Compare
AndrewChubatiuk
force-pushed
the
support-more-sd-configs
branch
2 times, most recently
from
fd0570f to
45ba8e6
Compare
vrutkovs
reviewed
Apr 21, 2026
| type ScrapeClass struct { | ||
| // name of the scrape class. | ||
| // | ||
| // +kubebuilder:validation:MinLength=1 |
Collaborator
There was a problem hiding this comment.
Wouldn't that be covered by required already?
Contributor
Author
There was a problem hiding this comment.
don't know, moved this struct as is from vmagent_types.go
| // default defines that the scrape applies to all scrape objects that | ||
| // don't configure an explicit scrape class name. | ||
| // | ||
| // Only one scrape class can be set as the default. |
Collaborator
There was a problem hiding this comment.
Do we have checks to ensure this?
| return fmt.Errorf("responders[%d]: one of id, name or username is required", idx) | ||
| } | ||
| switch { | ||
| case strings.Contains(responder.Type, "{{"): |
Collaborator
There was a problem hiding this comment.
Does it support {% templates similar to Jinja?
Contributor
Author
There was a problem hiding this comment.
it doesn't AFAIK. JFYI moved this section as is from validation function, that did validation for all receivers together
AndrewChubatiuk
force-pushed
the
support-more-sd-configs
branch
from
2bbdf52 to
59784ba
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fixes #899
fixes #1951
Summary by cubic
Expands service discovery and unifies HTTP/TLS/auth/proxy handling across
vmagent,vmsingle, andvmalertmanagerfor simpler, safer configs. Adds filesystem access enforcement across all scrapes andVMAlertmanagerConfigreceivers, configurable viaVMAlertmanager.spec.arbitraryFSAccessThroughSMs, and introduces Mattermost support.New Features
HTTPSDOptionsacrossHTTPSDConfig,ConsulSDConfig,AzureSDConfig,EurekaSDConfig.HTTPConfig: addsfollow_redirectsandProxyConfig; applied tovmalertmanagerHTTP clients.VMAlertmanagerConfigreceivers viaVMAlertmanager.spec.arbitraryFSAccessThroughSMs.ScrapeClass: centralized type withattachMetadata.VMAlertmanagerConfig: adds Mattermost receiver.Migration
HTTPSDOptions;proxyURLreplaced withProxyConfig;AzureSDConfig.portis nowint32.ProxyAuthtoProxyClientConfigunderVMScrapeParams.EndpointAuthnow lives underEndpointScrapeParamsfor Service/Pod/Node/Static/Probe/VMScrapeConfig.VMAlertmanagerTracingConfig: renameHTTPHeaderstoHeaders.TLSServerConfig.prefer_server_cipher_suitesis now*bool.Written for commit 59784ba. Summary will update on new commits.