MON-4036: Add TelemeterClientConfig to ClusterMonitoring API

Migrate the telemeter-client configmap settings to a CRD field within
ClusterMonitoringSpec in config/v1alpha1. The new TelemeterClientConfig
struct supports:

- nodeSelector: pod scheduling to specific nodes
- resources: compute resource requests and limits
- tolerations: pod tolerations for scheduling
- topologySpreadConstraints: pod distribution across topology domains

Signed-off-by: Daniel Mellado <dmellado@fedoraproject.org>

Author: danielmellado

config/v1alpha1/tests/clustermonitorings.config.openshift.io/ClusterMonitoringConfig.yaml

@@ -113,6 +113,12 @@ type ClusterMonitoringSpec struct {
 	// When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
 	// +optional
 	OpenShiftStateMetricsConfig OpenShiftStateMetricsConfig `json:"openShiftStateMetricsConfig,omitempty,omitzero"`
+	// telemeterClientConfig is an optional field that can be used to configure the Telemeter Client
+	// component that runs in the openshift-monitoring namespace. The Telemeter Client collects
+	// selected monitoring metrics and forwards them to Red Hat for telemetry purposes.
+	// When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.
+	// +optional
+	TelemeterClientConfig TelemeterClientConfig `json:"telemeterClientConfig,omitempty,omitzero"`
 }
 
 // UserDefinedMonitoring config for user-defined projects.
@@ -202,13 +208,13 @@ type AlertmanagerCustomConfig struct {
 	//    - name: memory
 	//      request: 40Mi
 	//      limit: null
-	// Maximum length for this list is 10.
+	// Maximum length for this list is 5.
 	// Minimum length for this list is 1.
 	// Each resource name must be unique within this list.
 	// +optional
 	// +listType=map
 	// +listMapKey=name
-	// +kubebuilder:validation:MaxItems=10
+	// +kubebuilder:validation:MaxItems=5
 	// +kubebuilder:validation:MinItems=1
 	Resources []ContainerResource `json:"resources,omitempty"`
 	// secrets defines a list of secrets that need to be mounted into the Alertmanager.
@@ -309,6 +315,13 @@ const (
 )
 
 // ContainerResource defines a single resource requirement for a container.
+// ---
+// MaxItems on []ContainerResource fields is kept at 5 to stay within the
+// Kubernetes CRD CEL validation cost budget (StaticEstimatedCRDCostLimit).
+// The quantity() CEL function has a high fixed estimated cost per invocation,
+// and the limit-vs-request comparison rule is costed per maxItems per location.
+// With multiple structs in ClusterMonitoringSpec embedding []ContainerResource,
+// maxItems > 5 causes the total estimated rule cost to exceed the budget.
 // +kubebuilder:validation:XValidation:rule="has(self.request) || has(self.limit)",message="at least one of request or limit must be set"
 // +kubebuilder:validation:XValidation:rule="!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) >= 0",message="limit must be greater than or equal to request"
 type ContainerResource struct {
@@ -407,13 +420,13 @@ type MetricsServerConfig struct {
 	//    - name: memory
 	//      request: 40Mi
 	//      limit: null
-	// Maximum length for this list is 10.
+	// Maximum length for this list is 5.
 	// Minimum length for this list is 1.
 	// Each resource name must be unique within this list.
 	// +optional
 	// +listType=map
 	// +listMapKey=name
-	// +kubebuilder:validation:MaxItems=10
+	// +kubebuilder:validation:MaxItems=5
 	// +kubebuilder:validation:MinItems=1
 	Resources []ContainerResource `json:"resources,omitempty"`
 	// topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed
@@ -478,13 +491,13 @@ type PrometheusOperatorConfig struct {
 	//    - name: memory
 	//      request: 40Mi
 	//      limit: null
-	// Maximum length for this list is 10.
+	// Maximum length for this list is 5.
 	// Minimum length for this list is 1.
 	// Each resource name must be unique within this list.
 	// +optional
 	// +listType=map
 	// +listMapKey=name
-	// +kubebuilder:validation:MaxItems=10
+	// +kubebuilder:validation:MaxItems=5
 	// +kubebuilder:validation:MinItems=1
 	Resources []ContainerResource `json:"resources,omitempty"`
 	// tolerations defines tolerations for the pods.
@@ -542,13 +555,13 @@ type PrometheusOperatorAdmissionWebhookConfig struct {
 	//    - name: memory
 	//      request: 30Mi
 	//      limit: null
-	// Maximum length for this list is 10.
+	// Maximum length for this list is 5.
 	// Minimum length for this list is 1.
 	// Each resource name must be unique within this list.
 	// +optional
 	// +listType=map
 	// +listMapKey=name
-	// +kubebuilder:validation:MaxItems=10
+	// +kubebuilder:validation:MaxItems=5
 	// +kubebuilder:validation:MinItems=1
 	Resources []ContainerResource `json:"resources,omitempty"`
 	// topologySpreadConstraints defines rules for how admission webhook Pods should be distributed
@@ -602,13 +615,13 @@ type OpenShiftStateMetricsConfig struct {
 	//    - name: memory
 	//      request: 32Mi
 	//      limit: null
-	// Maximum length for this list is 10.
+	// Maximum length for this list is 5.
 	// Minimum length for this list is 1.
 	// Each resource name must be unique within this list.
 	// +optional
 	// +listType=map
 	// +listMapKey=name
-	// +kubebuilder:validation:MaxItems=10
+	// +kubebuilder:validation:MaxItems=5
 	// +kubebuilder:validation:MinItems=1
 	Resources []ContainerResource `json:"resources,omitempty"`
 	// tolerations defines tolerations for the pods.
@@ -645,6 +658,79 @@ type OpenShiftStateMetricsConfig struct {
 	TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
 }
 
+// TelemeterClientConfig provides configuration options for the Telemeter Client component
+// that runs in the `openshift-monitoring` namespace. The Telemeter Client collects selected
+// monitoring metrics and forwards them to Red Hat for telemetry purposes.
+// +kubebuilder:validation:MinProperties=1
+type TelemeterClientConfig struct {
+	// nodeSelector defines the nodes on which the Pods are scheduled.
+	// This field is optional.
+	//
+	// When omitted, this means the user has no opinion and the platform is left
+	// to choose reasonable defaults. These defaults are subject to change over time.
+	// The current default value is `kubernetes.io/os: linux`.
+	// When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.
+	// +optional
+	// +kubebuilder:validation:MinProperties=1
+	// +kubebuilder:validation:MaxProperties=10
+	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+	// resources defines the compute resource requests and limits for the Telemeter Client container.
+	// This includes CPU, memory and HugePages constraints to help control scheduling and resource usage.
+	// When not specified, defaults are used by the platform. Requests cannot exceed limits.
+	// This field is optional.
+	// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+	// This is a simplified API that maps to Kubernetes ResourceRequirements.
+	// The current default values are:
+	//   resources:
+	//    - name: cpu
+	//      request: 1m
+	//      limit: null
+	//    - name: memory
+	//      request: 40Mi
+	//      limit: null
+	// Maximum length for this list is 5.
+	// Minimum length for this list is 1.
+	// Each resource name must be unique within this list.
+	// +optional
+	// +listType=map
+	// +listMapKey=name
+	// +kubebuilder:validation:MaxItems=5
+	// +kubebuilder:validation:MinItems=1
+	Resources []ContainerResource `json:"resources,omitempty"`
+	// tolerations defines tolerations for the pods.
+	// This field is optional.
+	//
+	// When omitted, this means the user has no opinion and the platform is left
+	// to choose reasonable defaults. These defaults are subject to change over time.
+	// Default is empty list.
+	// Maximum length for this list is 10.
+	// Minimum length for this list is 1.
+	// +kubebuilder:validation:MaxItems=10
+	// +kubebuilder:validation:MinItems=1
+	// +listType=atomic
+	// +optional
+	Tolerations []v1.Toleration `json:"tolerations,omitempty"`
+	// topologySpreadConstraints defines rules for how Telemeter Client Pods should be distributed
+	// across topology domains such as zones, nodes, or other user-defined labels.
+	// This field is optional.
+	// This helps improve high availability and resource efficiency by avoiding placing
+	// too many replicas in the same failure domain.
+	//
+	// When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time.
+	// This field maps directly to the `topologySpreadConstraints` field in the Pod spec.
+	// Default is empty list.
+	// Maximum length for this list is 10.
+	// Minimum length for this list is 1.
+	// Entries must have unique topologyKey and whenUnsatisfiable pairs.
+	// +kubebuilder:validation:MaxItems=10
+	// +kubebuilder:validation:MinItems=1
+	// +listType=map
+	// +listMapKey=topologyKey
+	// +listMapKey=whenUnsatisfiable
+	// +optional
+	TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
+}
+
 // AuditProfile defines the audit log level for the Metrics Server.
 // +kubebuilder:validation:Enum=None;Metadata;Request;RequestResponse
 type AuditProfile string