MK8S-139 : Extend the authentication section to PrometheusConfig and AlertManagerConfig

ChengYanJin · ChengYanJin · commit 32c1075be8ca · 2026-02-24T15:46:42.000+01:00
diff --git a/salt/metalk8s/addons/prometheus-operator/config/alertmanager.yaml b/salt/metalk8s/addons/prometheus-operator/config/alertmanager.yaml
@@ -13,6 +13,13 @@ spec:
   # Configure the Alertmanager Deployment
   deployment:
     replicas: 1
+  config:
+    enable_oidc_authentication: false
+    oidc:
+      issuer: "" # OIDC provider URL
+      audience: "" # Expected audience claim in the token
+      groupsClaim: "" # JWT claim name that carries user groups/roles
+      authorizedGroups: [] # Groups/roles allowed to access Alertmanager
   notification:
     config:
       global:
diff --git a/salt/metalk8s/addons/prometheus-operator/config/prometheus.yaml b/salt/metalk8s/addons/prometheus-operator/config/prometheus.yaml
@@ -11,6 +11,12 @@ spec:
     retention_time: "10d"
     retention_size: "0" # "0" to disable size-based retention
     enable_admin_api: false
+    enable_oidc_authentication: false
+    oidc:
+      issuer: "" # OIDC provider URL
+      audience: "" # Expected audience claim in the token
+      groupsClaim: "" # JWT claim name that carries user groups/roles
+      authorizedGroups: [] # Groups/roles allowed to access Prometheus
     serviceMonitor:
       kubelet:
         scrapeTimeout: 10s
